NetFlow Simulation Library - RFC 5471 IPFIX Testing

Overview
Prerequisites
Usage
Compatibility

This update package ships configuration files to test your collector according to RFC 5471. MIMIC currently allows you to complete 25 of 32 tests.

To run this simulation, you must have installed the optional NETFLOW module as documented in the NETFLOW Protocol Module Guide of the online documentation.

3.1.1. Connectivity Tests between the Exporting Process and Collecting Process

Only UDP transport is currently supported. Any UDP port number is supported. Both IPv4 and IPv6 are supported.

Any successful MIMIC configuration validates this test.

3.2.1. Transmission of Template with Fixed-Size Information Elements

MIMIC has been tested and ships with a large number of sample configurations to test this item for the 3 versions of NetFlow that MIMIC supports (5, 9, 10).

sample_v5.cfg
sample_v9.cfg
netflow_64bit.cfg
netflow_ipfix.cfg
netflow_ipv6.cfg
netflow_options_template.cfg
netflow_v9_30k.cfg

3.2.2. Transmission of Template with Variable-Length Information Elements

MIMIC has been tested and ships with a large number of sample configurations to test this item.

ipfix-variable.cfg

3.2.3. Set Padding

MIMIC will by default pad to 4-byte boundaries between flowsets. Enable "Bundle flowset" option, then size the flowsets to appropriate sizes by adding / removing fields for the different pad sizes. padding-flowsets.cfg tests this.

3.2.4. Record Padding

MIMIC can test this by adding a paddingOctets field to any of the existing configs with the appropriate length for both fixed-length and variable-length final fields. padding-record.cfg tests this.

3.2.5. Template Withdrawal Message

MIMIC does not support "reliable transport", thus this message is not applicable.

3.3.1. Enterprise-Specific Information Elements

MIMIC supports many enterprise-specific IEs, such as Cisco ASA, Cisco AVC, Cisco ETA, Cisco NVZ, Cisco PFR, Riverbed, etc.

3.3.2. Reduced Size Encoding of Information Elements

Many of the configurations above have reduced size elements, eg. bgpDestinationAsNumber in netflow_ipfix.cfg. To test any others, just change their lengths in the config file.

3.3.3. Multiple Instances of the Same Information Element in One Template

Any of the sample configuration files can be modified to have any number of repetitions of any IE with or without other IEs in between.

3.4.1. Using Any Information Elements as Scope

MIMIC supports options templates, and the sample netflow_options_template.cfg specifies it for v9. You can easily change netflow_ipfix.cfg to use any of the defined fields as a scope, including enterprise-specific fields. Saved in ipfix_options.cfg.

3.4.2. Using Multiple Scopes

Just specify scope_count > 1, and specify multiple fields with "scope =". Already in ipfix_options.cfg.

3.4.3. Metering Process Statistics Option Template

MIMIC can configure any options template.

The IANA Assigned Numbers defines exportedFlowTotalCount as exportedFlowRecordTotalCount. We have configuration file ipfix_metering_statistics.cfg which exports this template with meteringProcessId as a scope, and associated data records.

3.4.4. Metering Process Reliability Statistics Option Template

MIMIC can configure any options template. ipfix_metering_reliability.cfg exports this.

3.4.5. Exporting Process Reliability Statistics Option Template

MIMIC can configure any options template. ipfix_exporting_reliability.cfg exports this.

3.4.6. Flow Keys Option Template

MIMIC can configure any options template. ipfix_flow_keys.cfg exports this.

3.5.1. Large Number of Records for One Template

MIMIC can configure any number of records per flowset and any number of flowsets per packet. netflow_v9_30k.cfg is a start.

3.5.2. Excessive Rate of Incoming Data Records

MIMIC can export up to 1000 packets / second per exporter instance, scaling this test as high as needed.

3.5.3. Large Templates

MIMIC can export any number of information elements. ipfix_large_template.cfg tests this. Notice that Wireshark balks at handling all fragments of the large packet, but our netflowrec collector utility correctly captures the flowsets.

3.5.4. Many New Templates within the Data Template Timeout Interval

Any number of different templates can be configured to be sent from any of the exporter instances in MIMIC.

3.5.5. Multiple Exporting Processes Exporting to One Collecting Process

Any number of exporter instances generating any variety of templates can be configured in MIMIC.

3.5.6. Export from One Exporting Process to Multiple Collecting Processes

Any number of collectors can be configured for any of the exporter instances in MIMIC.

3.6.1. Temporary Network Disconnect

To test this, the MIMIC exporter instances can be configured with a rate of "dropped packets" reflecting the reliability (or lack thereof) of the network link resulting in non-consecutive sequence numbers.

3.6.2. Exporting Process Termination and Restart during Data Transmission

Not applicable for UDP Transport.

3.6.3. Collecting Process Termination and Restart during Data Transmission

Not applicable for UDP Transport.

3.6.4. Incorrect Template Records and Options Template Records

Currently not possible.

3.6.5. Incorrect Data Record

Currently not possible.

3.6.6. Export of Non-Matching Template and Data Records

Currently not possible.

3.6.7. Unknown Set IDs

Currently not possible.

3.6.8. Re-Using Template IDs

Only for UDP, below.

3.6.8.3.1. Re-Using the Same Template ID inside the Template Lifetime

MIMIC exporters can send templates in any interval. This depends on the collector configuration.

3.6.8.3.2. Re-Using the Same Template ID after the Template Lifetime

MIMIC exporters can send templates and data records in any order and interval.

3.7. TLS Connectivity and Policy Selection

MIMIC does not support DTLS for UDP.

MIMIC^® Online Documentation