网络工程 - 无法在 AWS 上的 Cisco CSR1000v 中获取 NetFlow 流 - 吾爱随笔录

我正在尝试在部署在AWS上的路由器中使用 SolarWinds 的 NetFlow 流量分析器或任何NetFlow监视器。Cisco CSR1000v

我无法在NetFlow 流量分析器仪表板中看到任何 NetFlow 流。我使用 Wireshark 追踪了流，在其中我看不到任何流向部署在AWS中的路由器的流。

我的假设是需要在 AWS 上设置一些设置。如果流通过UDP端口2055到达服务器，NetFlow 流量分析器可以显示信息。我检查了我的VPC的安全组，那里允许所有流量。

我发现了一个关于配置 AWS 帐户以进行云监控的主题，关于授予IAM 权限，必须在 AWS 管理控制台中配置该权限以提供对 Orion 平台的访问，以便它可以收集 AWS 实例的状态和指标。但是，它仍然无法正常工作。我看不到任何从 AWS 到任何 NetFlow 监视器的 NetFlow 流。

下面是 Monitor、Exporter 和 Record 的配置：

flow monitor NTAMonitor
 exporter NTAExport
 cache timeout inactive 10
 cache timeout active 10
 record NTArecord

flow exporter NTAExport
 description exports to ELK
 destination 10.9.0.223
 source GigabitEthernet1
 transport udp 2055
 template data timeout 10
 option application-table timeout 10
 option application-attributes timeout 300

flow record NTArecord
 description basic traffic analysis in RTP
 match ipv4 source address
 match ipv4 destination address
 match ipv4 protocol
 match transport source-port
 match transport destination-port
 match ipv4 tos
 match interface input
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
 collect application name
 collect routing source as
 collect routing destination as

我进行了故障排除，以确保从路由器发送 NetFlow。以下是出口商的详细信息：

ip-172-0-1-8#sh flow exporter 
Flow Exporter NTAExport:
  Description:              exports to ELK
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 10.9.0.223
    Source IP address:      172.0.1.8
    Source Interface:       GigabitEthernet1
    Transport Protocol:     UDP
    Destination Port:       2055
    Source Port:            54240
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Used
  Export template data timeout:        10
  Options Configuration:
    application-table (timeout 10 seconds) (active)
    application-attributes (timeout 300 seconds) (active)


ip-172-0-1-8#sh flow exporter statistics 
Flow Exporter NTAExport:
  Packet send statistics (last cleared 00:05:44 ago):
    Successfully sent:         3751                  (5028690 bytes)
    Reason not given:          20                    (1508 bytes)
    No destination address:    387                   (545303 bytes)

  Client send statistics:
    Client: Option options application-name
      Records added:           51415
        - sent:                49946
        - failed to send:      1469
      Bytes added:             4267445
        - sent:                4145518
        - failed to send:      121927

    Client: Option options application-attributes
      Records added:           2886
        - sent:                1443
        - failed to send:      1443
      Bytes added:             744588
        - sent:                372294
        - failed to send:      372294

    Client: Flow Monitor NTAMonitor
      Records added:           242
        - sent:                239
        - failed to send:      3
      Bytes added:             11132
        - sent:                10994
        - failed to send:      138

似乎有已发送的 NetFlow 流，但由于某些 AWS 限制，NetFlow 监视器无法捕获它。

这是我附加到所有角色的策略：

json{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "autoscaling:DescribeAutoScalingInstances",
                "ec2:DescribeInstances",
                "ec2:DescribeAddresses",
                "ec2:DescribeVolumeStatus",
                "ec2:TerminateInstances",
                "ec2:StartInstances",
                "autoscaling:DescribeAutoScalingGroups",
                "ec2:DescribeVolumes",
                "ec2:StopInstances",
                "cloudwatch:GetMetricStatistics"
            ],
            "Resource": "*"
        }
    ]
}