LiveFlow
The LiveFlow settings lets you further configure the LiveFlow data of the capture.
IPFIX Max Payload
◦ IPFIX Max Payload (Bytes): Enter the number of bytes indicating the maximum payload size (in bytes) for generated IPFIX packets. You can configure a value between 256 and 65535.
IPFIX Template Refresh Interval
◦ IPFIX Template Refresh Interval (Seconds): Enter or select the number of seconds in which LiveWire generates and sends IPFIX template records to the desired platforms. The templates provide the instructions to the desired platforms on how to interpret the template data records in the exported LiveFlow data. The default is set to 600 seconds (10 minutes). You can configure anywhere from 1 to 1800 seconds. If you make any changes to your template settings, it will take the specified number of seconds for the changes to take place.
NOTE: If you recently connected LiveWire to the network, it may take up to 600 seconds for the desired platforms to see the LiveFlow data from LiveWire. You may want to adjust this setting to the desired intervals.
IPFIX Options Template Refresh Interval
◦ IPFIX Options Template Refresh Interval (Seconds): Enter or select the number of seconds in which LiveWire generates and sends IPFIX option template records. The templates provide the instructions on how to interpret the template data records in the exported LiveFlow data. The default is set to 600 seconds (10 minutes). You can configure anywhere from 1 to 1800 seconds. If you make any changes to your template settings, it will take the specified number of seconds for the changes to take place.
NOTE: If you recently connected LiveWire to the network, it may take up to 600 seconds the desired platforms to see the LiveFlow data from LiveWire. You may want to adjust this setting to the desired intervals.
Flow Refresh Interval
◦ Flow Refresh Interval (Seconds): Enter or select the number of seconds in which LiveWire generates and sends IPFIX data records. The default is set to 600 seconds (10 minutes). You can configure anywhere from 1 to 1800 seconds. If you make any changes to your template settings, it will take the specified number of seconds for the changes to take place.
Analysis
◦ Application Delay (AD), Client Network Delay (CND), Network Delay (ND), and Server Network Delay (SND): Select this option to perform latency and delay analysis in the LiveFlow telemetry.
◦ Enforce 3-Way Handshake: Select this option to require a 3-way handshake (SYN, SYN-ACK, ACK) for a TCP flow in order for it to be included in processing and analyzing the LiveFlow telemetry. The Enforce 3-Way Handshake option becomes disabled and cannot be selected whenever ‘Platform’ records are enabled.
◦ TCP Expert Events - Connection Lost, Connection Refuese, Low Window, and Zero Window: Select this option to perform TCP quality analysis (Expert) in the LiveFlow telemetry.
◦ TCP Retransmissions: Select this option to perform TCP retransmission analysis (Expert) in the LiveFlow telemetry.
◦ VLAN/VXLAN/MPLS: Select this option to perform VLAN, VXLAN, and MPLS analysis in the LiveFlow telemetry.
◦ Web Analytics: Select this option to perform web analytics in the LiveFlow telemetry.
NOTE: The Web Analytics option becomes disabled and cannot be selected whenever ‘Platform’ records are enabled.
◦ Decrypt Packets: If Web Analytics is enabled, the Decrypt Packets option is made available. Select this option to perform decryption analysis on HTTPS packets in the LiveFlow telemetry. You will need to also click Manage to configure the Decryption Keys that allow you to decrypt packets.
Record Specific Options
◦ Application Performance
◦ Include Direction Field: Select this option to include flow direction (0 for ingress, 1 for egress) analysis in the Application Performance flow records.
◦ Basic Flow
◦ Include Direction Field: Select this option to include flow direction (0 for ingress, 1 for egress) analysis in the Basic Flow records.
◦ Cisco SNA
◦ Byte Distribution and Entropy Analysis: Select this option to perform Entropy and Byte Distribution analysis in the Cisco SNA flow records.
◦ Include First Packet Data: Select this option to include the payload of the first packet of a flow in the Cisco SNA flow records.
◦ Sequence of Packet Lenghts and Times: Select this option to perform SPLT analysis in the Cisco SNA flow records.
◦ Platform
◦ Include Direction Field: Select this option to include flow direction (0 for ingress, 1 for egress) analysis in the Platform flow records.
◦ Voice/Video Performance
◦ Codec, Jitter, MOS, Packet Loss: Select this option to perform RTP analysis when MediaNet IPFIX flow records are generated.
◦ Include Direction Field: Select this option to include flow direction (0 for ingress, 1 for egress) analysis in the Voice/Video Performance flow records.
Output
IMPORTANT: The Server field in the Outputs must be unique between all targets. There can only be three output targets.
◦ +Add Output: Click to select an output target. You can select from and display the following output targets:
◦ Cisco SNA Telemetry
◦ IPFIX Telemetry
◦ LiveNX Telemetry
◦ Cisco SNA Telemetry: Enable this option to send LiveFlow telemetry optimized for Cisco SNA.
◦ Server: Enter the IP address of the server which receives the telemetry optimized for Cisco SNA.
◦ IPFIX Records: Select the check box of the types of IPFIX records to include in the LiveFlow telemetry for Cisco SNA (click the small information icon next to the IPFIX records to view a tool tip indicating what will be in the records):
◦ Application Performance
◦ Basic Flow
◦ Cisco SNA (enabled by default)
◦ Platform
◦ Signaling DN
◦ Voice/Video Performance
◦ IPFIX Telemetry: Enable this option to send LiveFlow telemetry optimized for IPFIX.
◦ Server: Enter the IP address of the server which receives the telemetry optimized for IPFIX.
◦ IPFIX Records: Select the check box of the types of IPFIX records to include in the LiveFlow telemetry for IPFIX (click the small information icon next to the IPFIX records to view a tool tip indicating what will be in the records):
◦ Application Performance (enabled by default)
◦ Basic Flow (enabled by default)
◦ Cisco SNA (enabled by default)
◦ Platform (enabled by default)
◦ Signaling DN (enabled by default)
◦ Voice/Video Performance (enabled by default)
◦ LiveNX Telemetry: Enable this option to send LiveFlow telemetry optimized for LiveNX.
◦ Server: Enter the IP address of the server which receives the telemetry optimized for LiveNX.
◦ IPFIX Records: Select the check box of the types of IPFIX records to include in the LiveFlow telemetry for LiveNX (click the small information icon next to the IPFIX records to view a tool tip indicating what will be in the records):
◦ Application Performance (enabled by default)
◦ Basic Flow (enabled by default)
◦ Cisco SNA
◦ Platform
◦ Signaling DN
◦ Voice/Video Performance (enabled by default)
Router Mappings
◦ Router Mappings: Router mappings are used exclusively when you are exporting LiveFlow data to LiveNX, and are used by LiveNX to display aggregated traffic from different segments as separate interfaces per the router map entries you enter in the Router Mappings settings.
To add a router map entry for any adapter other than the Bridge adapter on LiveWire Edge, you will need to specify an interface name (ifname) and a MAC address of the gateway or router. The interface name can be up to 15 characters, and can include letters, numbers, and underscores. This will tell LiveNX to display aggregated traffic from different segments as separate interfaces per the router map entries.
To find the MAC address of the gateway or router, the CLI can be used; otherwise, capture some traffic, or do a Forensics search and look at the Nodes view in hierarchical mode. The top level addresses should be the MAC addresses of the gateways and routers for each segment being captured.
NOTE: Although the CLI may display the MAC address using the abbreviated dot notation, the address must be formatted in full colon notation in the LiveWire Router Mapping entry dialog.
◦ Interface Name: Displays the interface name of the router. All interface names must be unique, must not be empty, must not be more than 15 characters long, and may only include the following characters: numbers, letters and an underscore (_).
◦ MAC: Displays the MAC address of the router. All MAC addresses must be a valid MAC address.
◦ MPLS Label: Displays the MPLS label (optional).
◦ VLAN ID: Displays the VLAN ID (optional).
◦ VXLAN VNI: Displays the VXLAN Network Identifier (optional).
◦ Insert: Click to add a new router mapping. You can add an unlimited number of router mappings..
◦ Edit: Click to edit the selected router mapping.
◦ Delete: Click to delete the selected router mappings from the list of router mappings.
NOTE: The combination of MAC address, MPLS Label, VLAN ID and VXLAN VNI must be unique within the router mappings.
The router mappings are checked from top to bottom so you should be mindful to specify them in their desired order. Up and down arrows are provided for each row in the table to allow you to reorder them.
The router mappings are checked from top to bottom so you should be mindful to specify them in their desired order. Up and down arrows are provided for each row in the table to allow you to reorder them.
LiveNX SNMP Configuration
◦ LiveNX SNMP Configuration: For each LiveWire device that you want to use with LiveNX, you must use the Web client in LiveNX to add the device to LiveNX (see the LiveNX documentation). Since you are most likely adding LiveWire as an SNMP device to LiveNX, you will need the information provided below when adding the LiveWire device.
When configuring the 'Enter SNMP connection settings for this device' option from the Add Device dialog in LiveNX client, configure the option as follows:
SNMP Version: Version 3
User Name: admin
Authentication Protocol: SHA
Authentication Password: Ys2Q5Xxu7g3gUoHxfUFifqiXSXjd2tkc
Privacy Protocol: AES 128-bit
Privacy Password: x3Fmpv9OpIsnk0Qg3rH25BKBd66fxzSK
User Name: admin
Authentication Protocol: SHA
Authentication Password: Ys2Q5Xxu7g3gUoHxfUFifqiXSXjd2tkc
Privacy Protocol: AES 128-bit
Privacy Password: x3Fmpv9OpIsnk0Qg3rH25BKBd66fxzSK
NOTE: You can configure and change the Authentication Password and Privacy Password. See ‘SNMP Credentials’ in SNMP.