EdgeOS NetFlow IPFIX Configuration

EdgeOS is an operating system from Ubiquiti which allows you to configure and manage your EdgeRouter. This includes the ability to generate, view, and forward NetFlow information.

I will be using NetFlow version 10 also called IPFIX. IPFIX information can be sent to a third party collector to help gain better network visibility.  A collector like IBM’s QRadar and IPFIX can discover malicious behavior indicating a compromise, finding unusual ports, unknown destinations, and much more.

For more information on IPFIX see the following RFC’s: 5101 and 5153.


Configuration

The configuration will be from the Command Line Interface (CLI).

Set Port interface for collection, typically eth0 which is my WAN interface:

set system flow-accounting interface <interface>

Choose the ID number of the flow switching engine:

set system flow-accounting netflow engine-id <0-255>

Collect flows for egress traffic:

set system flow-accounting netflow enable-egress

Set the IP and Port of the remote collector that will receive flows:

set system flow-accounting netflow server <IP> port <2055>

Specify version number of NetFlow to use:

set system flow-accounting netflow version <10>

I have the timeout options using default values found in EdgeOS configuration.

You can double check your work once you committed and saved your configuration by using the following command to view flow activity:

show flow-accounting

Example running config

}
system {
    domain-name name.local
    flow-accounting {
        ingress-capture post-dnat
        interface eth0
        netflow {
            enable-egress {
            }
            engine-id 2
            server 192.168.0.0 {
                port 2055
            }
            timeout {
                expiry-interval 60
                flow-generic 3600
                icmp 300
                max-active-life 604800
                tcp-fin 300
                tcp-generic 3600
                tcp-rst 120
                udp 300
            }
            version 10
        }

Ubiquiti UniFi AC HD Overview

I recently was in the market for a new AP and happen to stumble across an announcement made by a user on Reddit about the UniFi AC HD being available on the Ubiquiti Beta Store. I decided to purchase it for my home and home lab environment even though it’s in Beta.

Below is a quick overview of the unit and I will have more posts in the future so stay tuned.


802.11AC Wave 2

The UniFi AC HD features 802.11AC Wave 2 4×4 MU-MIMO which allows the access point to transmit to multiple client devices simultaneously unlike 802.11AC Wave 1.

The UniFi AC HD and Wave 2 4×4 MU-MIMO technology are going to provide higher speeds or bandwidth needed for supporting things like video and voice traffic which may be susceptible to latency issues, but also the delivery of large files.

I have not tested the speeds or performance yet, but this model should succeed up to following:

  • 800 Mbps using 2.4 Ghz ( 6-25 dBm / 2 Antennas, 3 dBi each)
  • 1700 Mbps at 5 GHz (6-25 dBm / 2 Antennas, 4 dBi each)

Traffic Management & Security

The UniFi AC HD has great features for traffic management such as 802.1Q VLAN tagging compartmentalizing your traffic, advanced QoS functionality for user rate limiting, and guest traffic isolation.

For protected Wi-Fi access this unit supports WEP, WPA-PSK, and WPA-Enterprise (WPA/WPA2, TKIP/AES) for security protocols.


Gigabit Ethernet

The back side of the UniFi AC HD features 2 Gigabit Ethernet ports and 1 USB C port.

  • The “Main” port is used to for power and connected to the LAN / DHCP server.
  • The “Secondary” port is for bridging.
  • The “USB-C” port has been reserved for future use by Ubiquiti.
It also uses 802.3at PoE+ functionality which can work with the UniFi PoE Switches or the EdgeRouter ERPoe‑5.

What’s included

When you purchase a single pack you get the following:

  • 1 UniFi AP AC HD
  • 1 Mounting bracket
  • 1 Ceiling backing plate
  • 4 Flathead screws
  • 4 Nuts
  • 4 Screws
  • 4 Screw anchors
  • 1 Gigabit PoE power adapter with mount bracket
  • 1 Quick Start Guide

The UniFi AC HD is compatible with existing UAP-AC-PRO mounts.


UniFi AC HD product photos