.svg?sv=2022-11-02&spr=https&st=2024-11-01T00%3A14%3A29Z&se=2024-11-01T00%3A24%3A29Z&sr=c&sp=r&sig=g%2FkyojKximKImoobR3JqS1Gx6q%2BFVcePJs%2F2fcvaOtg%3D){kind=logo}
Configuring the flow broker
- 25 Sep 2024
- 20 Minutes to read
- Contributors
- Print
- PDF
Configuring the flow broker
- Updated on 25 Sep 2024
- 20 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The flow broker is a flexible, remote packet capture solution that provides all-layer, end-to-end network visibility through efficient brokering, lossless delivery, and granular/shared filters. With the flow broker, you can perform Deep Packet Inspection (DPI) to ensure the integrity of the data going through the network, as well as application reliability and network efficiency.
Configuring a flow broker Packet Engine
The Module flow broker Packet Engine ensures QoE for Cisco Provider Connectivity Assurance (formerly Skylight) modules, such as the Sensor Module 1G (Advanced Features), and optical and copper Sensor SFP 1G. It is part of a centralized solution that monitors mobile network backhaul performance over multiple service priorities and provides direct QoE visibility into voice/video quality, application latency, and streaming media performance.
The FSX flow broker Packet Engine provides traceability of the individual trade transactions within a trading network to meet new regulations governing financial transactions. Ensuring reliable traceability requires identifying capture points, as well as timestamping each captured frame.
Both types of Packet Engines are described below:
Module Packet Engine
This type of Packet Engine is used to connect to the Provider Connectivity Assurance.
Provider Connectivity Assurance modules must be authorized by the Cisco Provider Connectivity Assurance Sensor Control before the flow broker can be enabled on them.
An initial configuration must be completed for each Module:
- An IP address must be configured for this Module to set up a tunnel on which to send captured frames.
Once the initial configuration is complete, you are ready to provide a list of ports, filters, and actions.
FSX Packet Engine
This type of Packet Engine is used to connect to FSX Performance Elements. Unlike Provider Connectivity Assurance modules, FSX Performance Elements do not require pre-configuration via the Sensor Control.
Configuring an FSX Performance Element requires the IP address and TCP port of the flow broker server, as provided in the FSX Performance Element User Manual. The DSCP of the TCP link can also be configured if necessary.
The actual configuration of the flows must be done through the interface of the FSX Performance Element, and not through the Sensor Control. The Sensor Control will report them as unsolicited flows.
You must also provide a default Analyzer Set that will be used to handle any unsolicited flows received for this device.
▶ To add or view a Packet Engine
Access the page Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration.
A listing of all flow broker Packet Engines currently associated with this instance of the Sensor Control is displayed.
(Optional) To limit the view to only certain flow broker Packet Engines, enter a value on which to filter, then click Search. You can filter by the instance name, state, type, or device name.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.
Click the Add button to create a new flow broker Packet Engine or click the Name of an existing flow broker Packet Engine to edit its settings.
Enter values in the required fields, then click Apply to save your changes.
For information on specific parameters, refer to the following table.
Packet Engine Parameters (Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration)
| Value | Description |
|---|---|
| Name | The name of the port from which to filter |
| State | Select this box to enable this Packet Engine Note: It is possible to create more than one Packet Engine per device; however, only one engine can be enabled at a time. |
| Type | Select from the drop-down list to indicate the type of Packet Engine Acceptable values are:
|
| Device Name | The name assigned to the device |
| TCP Port | The TCP port number used by the flow broker server |
| TCP DSCP | The DSCP value to use for the TCP link |
| Capture timer enable | Select this box to enable the Packet Engine Capture timer. |
| Capture timer (min) | The maximum period to wait before disabling the Packet Engine if it has not reached to maximum capture size, expressed in minutes. This field is shown when Capture timer enable is checked. |
| Remaining time (min) | Read-only text box. Show status of the remaining capture timer, expressed in minutes (if Remaining time is less than one minute, the unit will be seconds). This field is shown when Capture timer enable is checked. |
| Max capture size enable | Enable/disable the Packet Engine max capture size. |
| Max capture size | The Packet Engine will automatically disable when maximum capture size is reached, expressed in kilobytes. This field is shown when Max capture size enable is checked. |
| Remaining size | Read-only text box. Shows status of the remaining capture size, expressed in Kilobytes. This field is shown when Max capture size enable is checked. |
Configuring Packet Engine Rules
A Packet Engine Rule defines the filters to apply on the device, the port on which to filter, the action to perform when the filter matches, which data to extract from the packet, and to which Analyzer Set to send the data.
Only the Module Packet Engine can specify rules; FSX rules must be specified directly on the FSX Performance Element, as opposed to on the Sensor Control.
▶ To configure Packet Engine rules
Access the page Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration.
A listing of all flow broker Packet Engines currently associated with this instance of the Sensor Control is displayed.
(Optional) To limit the view to only certain flow broker Packet Engines, enter a value on which to filter, then click Search. You can filter by the instance name, state, type, or device name.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.Click the Name of the flow broker Packet Engine whose rules you want to configure.
The flow broker Packet Engine Configuration page appears, with details related to this Packet Engine displayed in the upper part of the page. The flow broker rules are listed in a table in the lower part of the page.
Click the Index of the flow broker rule you want to configure.
The flow broker Rule Configuration – Flow
– Rule # page appears.Enter values in the required fields, then click Apply to save your changes.
Note: If you modify a flow's configuration, then decide to discard those changes, click Reset to revert to the last set of saved configuration values. Once you click Apply, however, you must manually restore the previous configuration values.
For information on specific parameters, refer to the following table.
Rule Parameters (Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration)
| Value | Description |
|---|---|
| Action | Select from the drop-down list to indicate how the rule should react when the filter matches Valid values are:<UL |
| Analyzer Set | Select from the drop-down list to choose the Analyzer Set whose analyzers will specify how the captured data will be handled. |
| Port Name | Select from the drop-down list to choose the port to which this rule applies |
| Filter Type | Select from the drop-down list to indicate the type of filter this rule will use. Acceptable values are:
|
| Filter Name L2 Filter Name IPv4 Filter Name IPv6 | Select from the drop-down list to indicate the name of the filter to use with this rule The entries in this list are created in the page Traffic ▶ Filters ▶ L2Filters / IPv4 Filters / IPv6 Filters. |
| Data Extraction | Select from the drop-down list to indicate how the data will be captured from the filtered packets The entries in this list are created on the page Traffic ▶ flow broker ▶ Data Extraction. |
Viewing flow broker Packet Engine Statistics
Use this page to view the traffic statistics collected by a Module or FSX Packet Engine.
The flow broker Packet Engine is a licensed feature of the flow broker Controller. The licensing status of each flow broker Packet Engine instance is provided in its operational status code, as described in the table below. To view the status of all feature licenses, access the page System
▶ Licensing.
▶ To view Packet Engine statistics
Access the page Traffic ▶ flow broker ▶ Packet Engines ▶ Statistics.
A listing of all flow broker Packet Engine instances currently associated with this instance of the Sensor Control is displayed.
*(Optional) *To limit the view to only certain flow broker Packet Engine instances, enter a value on which to filter, then click Search. You can filter by the operation status code, instance name, type, or device name.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.Click the Instance Name of a flow broker Packet Engine instance to view additional details.
(Optional) To clear the statistics for all flow broker Packet Engine instances at the same time, click the X icon on the right side of the table header.
(Optional) Click Clear Unsolicited Flows to remove any unsolicited flows received from FSX Performance Elements from the table.
Note: These flows must be configured through the interface of the FSX Performance Element, and not through the Sensor Control. You must also provide a default Analyzer Set that will be used to handle any unsolicited flows.
For information on specific parameters, refer to the following tables.
Flow broker Packet Engine Statistics Parameters (Traffic ▶ flow broker ▶ Analyzer ▶ Statistics)
Packet Engine Statistics Summary
| Value | Description |
|---|---|
| OpSt | The flow broker Packet Engine instance's operational status code Valid values are:
|
| Instance Name | The name of the Packet Engine instance |
| Device Name | For Module, the device name from the Sensor Control For FSX, the IP:TCPPORT pair |
| Packets | The total number of frames that have been captured by this device |
| Missed Packets | The total number of frames that were missed, i.e., frames that were filtered, but unable to be sent Note: An asterisk ( * ) will appear beside this value if a disconnection from the device has been detected, indicating that the actual missed packets value may be greater. |
| Matching Bytes | The number of bytes on wire |
| Captured Bytes | The number of bytes captured after truncation Note: The number of bytes captured after truncation can vary, depending on how the flow broker Packet Engine has been configured. If no truncation by the flow broker Packet Engine has been applied, only the FCS' four bytes will be truncated. |
Packet Engine Statistics Details
| header | header |
|---|---|
| OpSt | The flow broker Packet Engine instance's operational status code |
| Rule Index | For Module, the rule index as specified by the user For FSX, the rule index received |
| Action | None, Include, Exclude |
| Port Name | For Module, the device name from sensor: control For FSX, the IP address:port pair |
| Packets | The total number of frames captured by this device |
| Missed Packets | The total number of frames missed (i.e., filtered, but unable to send) Note: An asterisk ( * ) will appear beside this value if a disconnection from the device has been detected, indicating that the actual missed packets value may be greater. |
| Matching Bytes | The total number of bytes on wire |
| Captured Bytes | The total number of bytes captured after truncation |
Extracting Data from Filtered Packets
A Data Extraction instance defines how much data must be captured from packets filtered by the Packet Engine.
Note: Data Extraction can only be used for Provider Connectivity Assurance modules, and not for FSX Performance Elements.
▶ To add a new flow broker Data Extraction instance
Access the page Traffic ▶ flow broker ▶ Data Extraction.
A listing of all Data Extraction instances currently associated with this instance of the Sensor Control is displayed.(Optional) To limit the view to only certain Data Extraction instances, enter a value on which to filter, then click Search. You can filter by the instance name, type, or length.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.Click the Add button to create a new Data Extraction instance or click the Name of an existing Data Extraction instance to edit its settings.
Enter values in the required fields, then click Apply to save your changes.
For information on specific parameters, refer to the following table.
Data Extraction Parameters (Traffic ▶ flow broker ▶ Data Extraction)
| Value | Description |
|---|---|
| Name | The Data Extraction identifier |
| Type | Select from the drop-down list to indicate the type of Data Extraction to perform Acceptable values are:
|
| Length | Specify the length, in bytes, for the Up-to-Length type |
Managing Captured Data with the flow broker Analyzer
The flow broker Analyzer specifies how the captured data will be handled. There are three types of Analyzers, each with its own set of parameters:
PCAP: Writes captured data to a PCAP file that is stored locally on the Sensor Control. When the PCAP file is marked as completed, it is sent to a remote server located at the specified URL.
Streaming: Sends the captured data to a local interface on the Sensor Control. The interface must be known to the Sensor Control. Any VLAN details from the interface are added to the streamed packets.
ERSPAN Type 3: Sends the captured data to a remote listener using the ERSPAN Type 3 protocol. The remote listener's IP address must be specified.
Note: You cannot change or delete the Analyzer's type while it is being used by a Packet Engine.
Analyzers cannot be associated directly with a Packet Engine rule. Instead, they must be grouped into Analyzer Sets, with a maximum of four analyzers per set. Each rule can be associated with only one Analyzer Set. To configure an Analyzer Set, access the page Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets.
CAUTION: The on-wire frame length calculated by the Sensor Control includes a four-byte Frame Check Sequence (FCS); however, these four bytes are omitted when writing traffic to the PCAP file or calculating the captured bytes. This means that the frame length when calculated directly "on the wire" and the frame length of captured traffic are not the same: the length of frames read while still on the wire will be four bytes longer than the captured length when examining the PCAP packet detail or the captured bytes value.
▶ To add a flow broker Analyzer instance
Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Instances.
A listing of all flow broker Analyzer instances currently associated with this instance of the Sensor Control is displayed.(Optional) To limit the view to only certain flow broker Analyzer instances, enter a value on which to filter, then click Search. You can filter by the instance name, type, or destination.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.Click the Add button to create a new flow broker Analyzer instance or click the Name of an existing flow broker instance to edit its settings.
Enter values in the required fields, then click Apply to save your changes.
For information on specific parameters, refer to the following tables.
flow broker Analyzer Parameters (Traffic ▶ flow broker ▶ Analyzer ▶ Instances)
Common Options
| Value | Description |
|---|---|
| Name | The name of the flow broker Analyzer |
| Type | The type of flow broker Analyzer, as described above |
PCAP File Options
| Value | Description |
|---|---|
| Scope | The scope of this flow broker Analyzer, which defines the kind of data to be aggregated
|
| Destination | The URL and directory of the file server, using the following format: ftp://username:password@domain.com/dir ftps://username:password@domain.com sftp://username@domain.com scp://username@domain.com:/ tftp://domain.com/ Note: The following special characters are not allowed in the URL input: "<", ">", "\n", "\r", "\t". |
| Password | The password for scp and sftp. For other protocols, the password |
| must be specified in the URL. | |
| Filename | The filename prefix for the PCAP file The filename assigned to the PCAP file follows the nomenclature given below:
|
| Max File Size (kB) | The maximum permitted file size of the PCAP file, expressed in kilobytes Once this value is reached, the file is closed and sent to the specified destination. |
| Max File Period (min) | The maximum period to wait before sending the PCAP file, if it has not reached its maximum size. Expressed in minutes. |
Streaming Options
| Value | Description |
|---|---|
| Interface Name | Select from the drop-down list to indicate the Sensor Control local interface to use for this flow broker Analyzer instance |
ERSPAN Type 3 Options
| Value | Description |
|---|---|
| Destination | The IP address of the listener |
| ERSPAN Session ID | The session ID to use |
| ERSPAN TTL | The TTL value to use in the IP header |
| ERSPAN DSCP | The DSCP to use in the IP header |
Managing flow broker Analyzer Sets
An Analyzer Set is a convenient way to associate multiple flow broker Analyzer instances to a Packet Engine rule by grouping the instances as a single unit.
▶ To add a flow broker Analyzer Set
Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets.
A listing of all flow broker Analyzer Sets currently associated with this instance of the Sensor Control is displayed. The Analyzers contained in each Analyzer Set are also given.(Optional) To limit the view to only certain flow broker Analyzer Sets, enter a value on which to filter, then click Search. You can filter by the instance name, type, or destination.
Click the Add button to create a new flow broker Analyzer Set or click the Name of an existing flow broker Analyzer Set to edit its settings.
Enter values in the required fields, then click Apply to save your changes.
For information on specific parameters, refer to the following table.
flow broker Analyzer Sets (Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets)
| Value | Description |
|---|---|
| Name | The name of the flow broker Analyzer Set |
| Analyzer Instances List | Select from the drop-list to add a flow broker Analyzer instance to this Analyzer Set. A maximum of four instances can be added to an Analyzer Set. Notes: The order in which you add flow broker Analyzer instances to an Analyzer Set is unimportant. You can add a flow broker Analyzer Instance to more than one Analyzer Set |
▶ To delete a flow broker Analyzer Set
Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets.
A listing of all flow broker Analyzer Sets currently associated with this instance of the Sensor Control is displayed. The Analyzers contained in each Analyzer Set are also given.(Optional) To limit the view to only certain flow broker Analyzer Sets, enter a value on which to filter, then click Search. You can filter by the instance name, or by the type of analyzers contained in the set.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.Click the Name of the flow broker Analyzer Set to delete.
Click Delete.
The system returns to the flow broker Analyzer Sets Summary page.
Viewing flow broker Analyzer Statistics
Use this page to view statistics for each of the flow broker Analyzer instances in the system. From here, you can also access the flow broker Analyzer Configuration page to update the settings of an existing flow broker Analyzer.
The flow broker Analyzer is a licensed feature of the flow broker Controller. The licensing status of each flow broker Analyzer instance is provided in its operational status code, as described in the table below. To view the status of all feature licenses, access the page System ▶ Licensing.
▶ To view flow broker Analyzer statistics
Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Statistics.
A listing of all flow broker Analyzer instances currently associated with this instance of the Sensor Control is displayed.(Optional) To limit the view to only certain flow broker Analyzer instances, enter a value on which to filter, then click Search. You can filter by the operation status code, instance name, or type.
Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.(Optional) To enable or disable real-time statistics monitoring, click the status LED icon on the right side of the table header.
Note: Disabling real-time statistics monitoring prevents the page from automatically refreshing the displayed values; it does not impact the underlying data.(Optional) To clear the statistics related to transmitted and dropped frames and bytes for all flow broker Analyzer instances at the same time, click the X icon on the right side of the table header.
Click the Instance Name of a flow broker Analyzer instance to view additional details or to edit its settings.
The flow broker Analyzer Configuration page is displayed. For details on how to use this page, see "Managing Captured Data with the flow broker Analyzer".
For information on specific parameters, refer to the following table.
flow broker Analyzer Statistics (Traffic ▶ flow broker ▶ Analyzer ▶ Statistics)
| Value | Description |
|---|---|
| OpSt | The flow broker Analyzer instance's operational status code Valid values are:
|
| Instance Name | The name of this flow broker Analyzer instance |
| Type | The type of flow broker Analyzer instance Valid values are:
|
| Buffered Frames | The total number of frames currently buffered by this flow broker Analyzer instance Note: Applies to PCAP Analyzers only. |
| Buffered Bytes | The total number of bytes currently buffered by this flow broker Analyzer instance Note: Applies to PCAP Analyzers only. |
| Transmitted Frames | For PCAP Analyzers, this value represents the total number of frames transmitted by this flow broker Analyzer instance since the statistics were last cleared or since the Sensor Control was restarted, whichever is more recent. For ERSPAN Type 3 and Streaming Analyzers, this value represents the total number of frames transmitted by this flow broker Analyzer instance since the statistics were last cleared. |
| Transmitted Bytes | The total number of captured bytes transmitted by this flow broker Analyzer instance since the statistics were last cleared Note: This value is less than the Analyzer's actual output because it does not contain bytes related to the Analyzer's encapsulation. |
| Dropped Frames | The total number of frames dropped by this flow broker Analyzer instance since the statistics were last cleared Note: Does not apply to ERSPAN Type 3 Analyzers. |
| Dropped Bytes | The total number of bytes dropped by this flow broker Analyzer instance since the statistics were last cleared Note: Does not apply to ERSPAN Type 3 Analyzers. |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?