Configuring the flow broker
  • 25 Sep 2024
  • 20 Minutes to read
  • Contributors
  • PDF

Configuring the flow broker

  • PDF

Article summary

The flow broker is a flexible, remote packet capture solution that provides all-layer, end-to-end network visibility through efficient brokering, lossless delivery, and granular/shared filters. With the flow broker, you can perform Deep Packet Inspection (DPI) to ensure the integrity of the data going through the network, as well as application reliability and network efficiency.

Configuring a flow broker Packet Engine

The Module flow broker Packet Engine ensures QoE for Cisco Provider Connectivity Assurance (formerly Skylight) modules, such as the Sensor Module 1G (Advanced Features), and optical and copper Sensor SFP 1G. It is part of a centralized solution that monitors mobile network backhaul performance over multiple service priorities and provides direct QoE visibility into voice/video quality, application latency, and streaming media performance.

The FSX flow broker Packet Engine provides traceability of the individual trade transactions within a trading network to meet new regulations governing financial transactions. Ensuring reliable traceability requires identifying capture points, as well as timestamping each captured frame.

Both types of Packet Engines are described below:

  1. Module Packet Engine

    This type of Packet Engine is used to connect to the Provider Connectivity Assurance.

    Provider Connectivity Assurance modules must be authorized by the Cisco Provider Connectivity Assurance Sensor Control before the flow broker can be enabled on them.

    An initial configuration must be completed for each Module:

    • An IP address must be configured for this Module to set up a tunnel on which to send captured frames.

    Once the initial configuration is complete, you are ready to provide a list of ports, filters, and actions.

  2. FSX Packet Engine

    This type of Packet Engine is used to connect to FSX Performance Elements. Unlike Provider Connectivity Assurance modules, FSX Performance Elements do not require pre-configuration via the Sensor Control.

    Configuring an FSX Performance Element requires the IP address and TCP port of the flow broker server, as provided in the FSX Performance Element User Manual. The DSCP of the TCP link can also be configured if necessary.

    The actual configuration of the flows must be done through the interface of the FSX Performance Element, and not through the Sensor Control. The Sensor Control will report them as unsolicited flows.

You must also provide a default Analyzer Set that will be used to handle any unsolicited flows received for this device.

▶ To add or view a Packet Engine

  1. Access the page Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration.

    A listing of all flow broker Packet Engines currently associated with this instance of the Sensor Control is displayed.

  2. (Optional) To limit the view to only certain flow broker Packet Engines, enter a value on which to filter, then click Search. You can filter by the instance name, state, type, or device name.


    Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.


  3. Click the Add button to create a new flow broker Packet Engine or click the Name of an existing flow broker Packet Engine to edit its settings.

  4. Enter values in the required fields, then click Apply to save your changes.

For information on specific parameters, refer to the following table.

Packet Engine Parameters (Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration)

ValueDescription
NameThe name of the port from which to filter
StateSelect this box to enable this Packet Engine

Note: It is possible to create more than one Packet Engine per device; however, only one engine can be enabled at a time.

TypeSelect from the drop-down list to indicate the type of Packet Engine

Acceptable values are:

  • Module: Used to connect to the Provider Connectivity Assurance modules
  • FSX: Used to connect to FSX Performance Elements
Device NameThe name assigned to the device
TCP PortThe TCP port number used by the flow broker server
TCP DSCPThe DSCP value to use for the TCP link
Capture timer enableSelect this box to enable the Packet Engine Capture timer.
Capture timer (min)The maximum period to wait before disabling the Packet Engine if it has not reached to maximum capture size, expressed in minutes. This field is shown when Capture timer enable is checked.
Remaining time (min)Read-only text box. Show status of the remaining capture timer, expressed in minutes (if Remaining time is less than one minute, the unit will be seconds). This field is shown when Capture timer enable is checked.
Max capture size enableEnable/disable the Packet Engine max capture size.
Max capture sizeThe Packet Engine will automatically disable when maximum capture size is reached, expressed in kilobytes. This field is shown when Max capture size enable is checked.
Remaining sizeRead-only text box. Shows status of the remaining capture size, expressed in Kilobytes. This field is shown when Max capture size enable is checked.

Configuring Packet Engine Rules

A Packet Engine Rule defines the filters to apply on the device, the port on which to filter, the action to perform when the filter matches, which data to extract from the packet, and to which Analyzer Set to send the data.

Only the Module Packet Engine can specify rules; FSX rules must be specified directly on the FSX Performance Element, as opposed to on the Sensor Control.

▶ To configure Packet Engine rules

  1. Access the page Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration.

    A listing of all flow broker Packet Engines currently associated with this instance of the Sensor Control is displayed.

  2. (Optional) To limit the view to only certain flow broker Packet Engines, enter a value on which to filter, then click Search. You can filter by the instance name, state, type, or device name.


    Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.

  3. Click the Name of the flow broker Packet Engine whose rules you want to configure.

    The flow broker Packet Engine Configuration page appears, with details related to this Packet Engine displayed in the upper part of the page. The flow broker rules are listed in a table in the lower part of the page.

  4. Click the Index of the flow broker rule you want to configure.

    The flow broker Rule Configuration – Flow – Rule # page appears.

  5. Enter values in the required fields, then click Apply to save your changes.


    Note: If you modify a flow's configuration, then decide to discard those changes, click Reset to revert to the last set of saved configuration values. Once you click Apply, however, you must manually restore the previous configuration values.

For information on specific parameters, refer to the following table.

Rule Parameters (Traffic ▶ flow broker ▶ Packet Engines ▶ Configuration)

ValueDescription
ActionSelect from the drop-down list to indicate how the rule should react when the filter matches

Valid values are:<UL

  • None: Disables the rule
  • Include: When the filter matches, the packet is sent to the Sensor Control
  • Exclude: When the filter matches, the packet is not sent to the Sensor Control, and no further comparison is performed. Note that the Exclude action does not impact actual traffic.
  • Analyzer SetSelect from the drop-down list to choose the Analyzer Set whose analyzers will specify how the captured data will be handled.
    Port NameSelect from the drop-down list to choose the port to which this rule applies
    Filter TypeSelect from the drop-down list to indicate the type of filter this rule will use.

    Acceptable values are:

    • L2: A Layer 2 filter
    • IPv4: An IPv4 (Layer 3) filter
    • IPv6: An IPv6 (Layer 3) filter
    Filter Name L2

    Filter Name IPv4

    Filter Name IPv6

    Select from the drop-down list to indicate the name of the filter to use with this rule

    The entries in this list are created in the page Traffic ▶ Filters ▶ L2Filters / IPv4 Filters / IPv6 Filters.

    Data ExtractionSelect from the drop-down list to indicate how the data will be captured from the filtered packets

    The entries in this list are created on the page Traffic ▶ flow broker ▶ Data Extraction.

    Viewing flow broker Packet Engine Statistics

    Use this page to view the traffic statistics collected by a Module or FSX Packet Engine.

    The flow broker Packet Engine is a licensed feature of the flow broker Controller. The licensing status of each flow broker Packet Engine instance is provided in its operational status code, as described in the table below. To view the status of all feature licenses, access the page System
    ▶ Licensing
    .

    ▶ To view Packet Engine statistics

    1. Access the page Traffic ▶ flow broker ▶ Packet Engines ▶ Statistics.

      A listing of all flow broker Packet Engine instances currently associated with this instance of the Sensor Control is displayed.

    2. *(Optional) *To limit the view to only certain flow broker Packet Engine instances, enter a value on which to filter, then click Search. You can filter by the operation status code, instance name, type, or device name.


      Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.

    3. Click the Instance Name of a flow broker Packet Engine instance to view additional details.

    4. (Optional) To clear the statistics for all flow broker Packet Engine instances at the same time, click the X icon on the right side of the table header.

    5. (Optional) Click Clear Unsolicited Flows to remove any unsolicited flows received from FSX Performance Elements from the table.


      Note: These flows must be configured through the interface of the FSX Performance Element, and not through the Sensor Control. You must also provide a default Analyzer Set that will be used to handle any unsolicited flows.

    For information on specific parameters, refer to the following tables.
    Flow broker Packet Engine Statistics Parameters (Traffic ▶ flow broker ▶ Analyzer ▶ Statistics)

    Packet Engine Statistics Summary

    ValueDescription
    OpStThe flow broker Packet Engine instance's operational status code

    Valid values are:

    • INAC: Feature is inactive
    • UNLK: Remote device is unlinked
    • IPNS: Remote device's IP address has not yet been set
    • WAPP: Waiting for an application that supports the flow broker to become active
    • UNSU: Filter is unsupported
    • PROG: Remote device is currently being programmed
    • FAIL: Remote device has encountered a failure
    • ACT: Remote device is active and fully functional
    Instance NameThe name of the Packet Engine instance
    Device NameFor Module, the device name from the Sensor Control

    For FSX, the IP:TCPPORT pair

    PacketsThe total number of frames that have been captured by this device
    Missed PacketsThe total number of frames that were missed, i.e., frames that were filtered, but unable to be sent

    Note: An asterisk ( * ) will appear beside this value if a disconnection from the device has been detected, indicating that the actual missed packets value may be greater.

    Matching BytesThe number of bytes on wire
    Captured BytesThe number of bytes captured after truncation

    Note: The number of bytes captured after truncation can vary, depending on how the flow broker Packet Engine has been configured. If no truncation by the flow broker Packet Engine has been applied, only the FCS' four bytes will be truncated.

    Packet Engine Statistics Details

    headerheader
    OpStThe flow broker Packet Engine instance's operational status code
    Rule IndexFor Module, the rule index as specified by the user

    For FSX, the rule index received

    ActionNone, Include, Exclude
    Port NameFor Module, the device name from sensor: control

    For FSX, the IP address:port pair

    PacketsThe total number of frames captured by this device
    Missed PacketsThe total number of frames missed (i.e., filtered, but unable to send)

    Note: An asterisk ( * ) will appear beside this value if a disconnection from the device has been detected, indicating that the actual missed packets value may be greater.

    Matching BytesThe total number of bytes on wire
    Captured BytesThe total number of bytes captured after truncation

    Extracting Data from Filtered Packets

    A Data Extraction instance defines how much data must be captured from packets filtered by the Packet Engine.


    Note: Data Extraction can only be used for Provider Connectivity Assurance modules, and not for FSX Performance Elements.

    ▶ To add a new flow broker Data Extraction instance

    1. Access the page Traffic ▶ flow broker ▶ Data Extraction.
      A listing of all Data Extraction instances currently associated with this instance of the Sensor Control is displayed.

    2. (Optional) To limit the view to only certain Data Extraction instances, enter a value on which to filter, then click Search. You can filter by the instance name, type, or length.


      Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.

    3. Click the Add button to create a new Data Extraction instance or click the Name of an existing Data Extraction instance to edit its settings.

    4. Enter values in the required fields, then click Apply to save your changes.

    For information on specific parameters, refer to the following table.

    Data Extraction Parameters (Traffic ▶ flow broker ▶ Data Extraction)

    ValueDescription
    NameThe Data Extraction identifier
    TypeSelect from the drop-down list to indicate the type of Data Extraction to perform

    Acceptable values are:

    • Up-to-Length: Only the first, specified number of bytes of the packet are retained; acceptable values range from 4 to 10240bytes. The length value you indicate must be a number that is divisible by two.
    • Whole-Packet: The entire packet is retained
    LengthSpecify the length, in bytes, for the Up-to-Length type

    Managing Captured Data with the flow broker Analyzer

    The flow broker Analyzer specifies how the captured data will be handled. There are three types of Analyzers, each with its own set of parameters:

    • PCAP: Writes captured data to a PCAP file that is stored locally on the Sensor Control. When the PCAP file is marked as completed, it is sent to a remote server located at the specified URL.

    • Streaming: Sends the captured data to a local interface on the Sensor Control. The interface must be known to the Sensor Control. Any VLAN details from the interface are added to the streamed packets.

    • ERSPAN Type 3: Sends the captured data to a remote listener using the ERSPAN Type 3 protocol. The remote listener's IP address must be specified.


      Note: You cannot change or delete the Analyzer's type while it is being used by a Packet Engine.

    Analyzers cannot be associated directly with a Packet Engine rule. Instead, they must be grouped into Analyzer Sets, with a maximum of four analyzers per set. Each rule can be associated with only one Analyzer Set. To configure an Analyzer Set, access the page Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets.


    CAUTION: The on-wire frame length calculated by the Sensor Control includes a four-byte Frame Check Sequence (FCS); however, these four bytes are omitted when writing traffic to the PCAP file or calculating the captured bytes. This means that the frame length when calculated directly "on the wire" and the frame length of captured traffic are not the same: the length of frames read while still on the wire will be four bytes longer than the captured length when examining the PCAP packet detail or the captured bytes value.

    ▶ To add a flow broker Analyzer instance

    1. Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Instances.
      A listing of all flow broker Analyzer instances currently associated with this instance of the Sensor Control is displayed.

    2. (Optional) To limit the view to only certain flow broker Analyzer instances, enter a value on which to filter, then click Search. You can filter by the instance name, type, or destination.


      Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.

    3. Click the Add button to create a new flow broker Analyzer instance or click the Name of an existing flow broker instance to edit its settings.

    4. Enter values in the required fields, then click Apply to save your changes.

    For information on specific parameters, refer to the following tables.

    flow broker Analyzer Parameters (Traffic ▶ flow broker ▶ Analyzer ▶ Instances)
    Common Options

    ValueDescription
    NameThe name of the flow broker Analyzer
    TypeThe type of flow broker Analyzer, as described above

    PCAP File Options

    ValueDescription
    ScopeThe scope of this flow broker Analyzer, which defines the kind of data to be aggregated
    • Valid values are:
      • Flow: Each flow has its PCAP file
      • Port: All data from a given port is combined in the same PCAP file
      • Device: Data from all a device's ports are combined in the same PCAP file
      • Global: Data from any flow and Packet Engine are sent through the same instance

      Note: The scope can only be specified for PCAP files. Streaming and ERSPAN Type 3 Analyzers are automatically assigned global scope.

    DestinationThe URL and directory of the file server, using the following format:

    ftp://username:password@domain.com/dir

    ftps://username:password@domain.com

    sftp://username@domain.com

    scp://username@domain.com:/

    tftp://domain.com/

    Note: The following special characters are not allowed in the URL input: "<", ">", "\n", "\r", "\t".

    PasswordThe password for scp and sftp. For other protocols, the password
    must be specified in the URL.
    FilenameThe filename prefix for the PCAP file

    The filename assigned to the PCAP file follows the nomenclature given below:

    • Global Scope: {filename_prefix}{date}.pcap
    • Device Scope / Skylight sensor: SFP compute 1G: {filename_prefix}{pktenginename}{devicename}{date}.pcap
    • Device Scope / FSX: {filename_prefix}{pktenginename}{ip}_ {tcpport}{date}.pcap Port Scope: {filename_prefix}{pktenginename}{port}{date}.pcap
    • Flow Scope / Skylight sensor: SFP compute 1G: {filename_prefix}{pktenginename}{ruleIdx}{date}.pcap
    • Flow Scope / FSX: {filename_prefix}{pktenginename}{port}{flowIdx}_{date}.pcap
    Max File Size (kB)The maximum permitted file size of the PCAP file, expressed in kilobytes

    Once this value is reached, the file is closed and sent to the specified destination.

    Max File Period (min)The maximum period to wait before sending the PCAP file, if it has not reached its maximum size. Expressed in minutes.

    Streaming Options

    ValueDescription
    Interface NameSelect from the drop-down list to indicate the Sensor Control local interface to use for this flow broker Analyzer instance

    ERSPAN Type 3 Options

    ValueDescription
    DestinationThe IP address of the listener
    ERSPAN Session IDThe session ID to use
    ERSPAN TTLThe TTL value to use in the IP header
    ERSPAN DSCPThe DSCP to use in the IP header

    Managing flow broker Analyzer Sets

    An Analyzer Set is a convenient way to associate multiple flow broker Analyzer instances to a Packet Engine rule by grouping the instances as a single unit.

    ▶ To add a flow broker Analyzer Set

    1. Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets.
      A listing of all flow broker Analyzer Sets currently associated with this instance of the Sensor Control is displayed. The Analyzers contained in each Analyzer Set are also given.

    2. (Optional) To limit the view to only certain flow broker Analyzer Sets, enter a value on which to filter, then click Search. You can filter by the instance name, type, or destination.

    3. Click the Add button to create a new flow broker Analyzer Set or click the Name of an existing flow broker Analyzer Set to edit its settings.

    4. Enter values in the required fields, then click Apply to save your changes.

    For information on specific parameters, refer to the following table.

    flow broker Analyzer Sets (Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets)

    ValueDescription
    NameThe name of the flow broker Analyzer Set
    Analyzer Instances ListSelect from the drop-list to add a flow broker Analyzer instance to this Analyzer Set. A maximum of four instances can be added to an Analyzer Set.

    Notes:

    The order in which you add flow broker Analyzer instances to an Analyzer Set is unimportant.

    You can add a flow broker Analyzer Instance to more than one Analyzer Set

    ▶ To delete a flow broker Analyzer Set

    1. Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Analyzer Sets.
      A listing of all flow broker Analyzer Sets currently associated with this instance of the Sensor Control is displayed. The Analyzers contained in each Analyzer Set are also given.

    2. (Optional) To limit the view to only certain flow broker Analyzer Sets, enter a value on which to filter, then click Search. You can filter by the instance name, or by the type of analyzers contained in the set.


      Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.

    3. Click the Name of the flow broker Analyzer Set to delete.

    4. Click Delete.
      The system returns to the flow broker Analyzer Sets Summary page.

    Viewing flow broker Analyzer Statistics

    Use this page to view statistics for each of the flow broker Analyzer instances in the system. From here, you can also access the flow broker Analyzer Configuration page to update the settings of an existing flow broker Analyzer.

    The flow broker Analyzer is a licensed feature of the flow broker Controller. The licensing status of each flow broker Analyzer instance is provided in its operational status code, as described in the table below. To view the status of all feature licenses, access the page System ▶ Licensing.

    ▶ To view flow broker Analyzer statistics

    1. Access the page Traffic ▶ flow broker ▶ Analyzer ▶ Statistics.
      A listing of all flow broker Analyzer instances currently associated with this instance of the Sensor Control is displayed.

    2. (Optional) To limit the view to only certain flow broker Analyzer instances, enter a value on which to filter, then click Search. You can filter by the operation status code, instance name, or type.


      Note: Enter an asterisk ( * ) as a wildcard to replace one or several characters.

    3. (Optional) To enable or disable real-time statistics monitoring, click the status LED icon on the right side of the table header.


      Note: Disabling real-time statistics monitoring prevents the page from automatically refreshing the displayed values; it does not impact the underlying data.

    4. (Optional) To clear the statistics related to transmitted and dropped frames and bytes for all flow broker Analyzer instances at the same time, click the X icon on the right side of the table header.

    5. Click the Instance Name of a flow broker Analyzer instance to view additional details or to edit its settings.

      The flow broker Analyzer Configuration page is displayed. For details on how to use this page, see "Managing Captured Data with the flow broker Analyzer".

    For information on specific parameters, refer to the following table.

    flow broker Analyzer Statistics (Traffic ▶ flow broker ▶ Analyzer ▶ Statistics)

    ValueDescription
    OpStThe flow broker Analyzer instance's operational status code

    Valid values are:

    • INAC: Feature is inactive
    • UNSU: Filter is unsupported
    • ACT: License is active and fully functional
    Instance NameThe name of this flow broker Analyzer instance
    TypeThe type of flow broker Analyzer instance

    Valid values are:

    • PCAP file
    • Streaming
    • ERSPAN type 3
    Buffered FramesThe total number of frames currently buffered by this flow broker Analyzer instance

    Note: Applies to PCAP Analyzers only.

    Buffered BytesThe total number of bytes currently buffered by this flow broker Analyzer instance

    Note: Applies to PCAP Analyzers only.

    Transmitted FramesFor PCAP Analyzers, this value represents the total number of frames transmitted by this flow broker Analyzer instance since the statistics were last cleared or since the Sensor Control was restarted, whichever is more recent.

    For ERSPAN Type 3 and Streaming Analyzers, this value represents the total number of frames transmitted by this flow broker Analyzer instance since the statistics were last cleared.

    Transmitted BytesThe total number of captured bytes transmitted by this flow broker Analyzer instance since the statistics were last cleared

    Note: This value is less than the Analyzer's actual output because it does not contain bytes related to the Analyzer's encapsulation.

    Dropped FramesThe total number of frames dropped by this flow broker Analyzer instance since the statistics were last cleared

    Note: Does not apply to ERSPAN Type 3 Analyzers.

    Dropped BytesThe total number of bytes dropped by this flow broker Analyzer instance since the statistics were last cleared

    Note: Does not apply to ERSPAN Type 3 Analyzers.

    © 2024 Cisco and/or its affiliates. All rights reserved.
     
    For more information about trademarks, please visit: Cisco trademarks
    For more information about legal terms, please visit: Cisco legal terms

    For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.