• /
  • Log in

Set up network flow data monitoring

Set up your network devices so they send network data to New Relic One.

Prerequisites

Network security prerequisites

Direction

Source

Destination

Ports

Protocol

Outbound

Docker host

Kentik's docker image GitHub repository

80, 443

UDP, TCP

Outbound

Docker host

EU Logs endpoint

https://log-api.eu.newrelic.com/log/v1

US Logs endpoint

https://log-api.newrelic.com/log/v1

80, 443

UDP, TCP

Outbound

Docker host

EU Events endpoint

http://insights-collector.eu01.nr-data.net/

US Events endpoint

http://insights-collector.newrelic.com/

80, 443

UDP, TCP

Inbound

Network flow data device

Docker host

9995

UDP

Supported types of network flow data

Kentik's integration supports four types of network flow data. When running the ktranslate image, you can specify which type you want to monitor using the -nf.source option.

Important

The ktranslate image only supports monitoring one type of network flow data type at a time. If you want to monitor several types, each will require a container. IPFIX and NetflowV9 can be sent to the same container, but we recommend running a separate container as a best practice.

To check the equivalence among the network flow data type and the value you need to specify when running the image, see the following table:

Network flow data type

-nf.source value

IPFIX

ipfix

NetFlow version 5

netflow5

NetFlow version 9

netflow9

sFlow

sflow

Important

For Juniper Networks' jFlow, use the netflow5 value.

Scaling Network Flow Collection

When planning your strategy for collecting network flows at scale, New Relic recommends 1 CPU per 2000 flows-per-second (120,000 flows-per-minute). Deciding whether to run more small containers to distribute load or fewer large containers to consolidate management is a matter of personal preference.

Set up network flow data monitoring in New Relic One

  1. In your local machine, from a Linux host with Docker installed, download the ktranslate image from dockerhub by running

    bash
    $
    docker pull kentik/ktranslate:v2
  2. Copy the snmp-base.yaml file to the local $HOME directory of your Docker user, and discard the container by running

    bash
    $
    cd .
    $
    id=$(docker create kentik/ktranslate:v2)
    $
    docker cp $id:/etc/ktranslate/snmp-base.yaml .
    $
    docker rm -v $id
  3. In the snmp-base.yaml file, add your network flow devices inside the devices variable with the following structure:

    devices:
    flowDevice:
    device_name: edge-router
    device_ip: 10.10.1.254
    flow_only: true
    user_tags:
    owning_team: net_eng
    environment: production

    Tip

    If you're already monitoring SNMP data devices that send network flow data, you don't need to add them in your snmp-base.yaml file.

  4. Run ktranslate to listen for network flows from devices by entering the following commands:

    Important

    Add your New Relic license key and your account ID in the $NR_LICENSE_KEY and $NR_ACCOUNT_ID variables respectively.

    bash
    $
    docker run -d --name ktranslate-sflow --restart unless-stopped --net=host \
    >
    -v `pwd`/snmp-base.yaml:/snmp-base.yaml \
    >
    -e NEW_RELIC_API_KEY=$NR_LICENSE_KEY \
    >
    kentik/ktranslate:v2 \
    >
    -snmp /snmp-base.yaml \
    >
    -nr_account_id=$NR_ACCOUNT_ID \
    >
    -metrics=jchf \
    >
    -log_level=info \
    >
    -tee_logs=true \
    >
    -flow_only=true \
    >
    -nf.source=sflow \
    >
    nr1.flow
    $
    ## If your account is located in Europe, you need to add the following option before the nr1.flow line
    $
    ## -nr_region=EU \
  5. To get better visibility into your network, set up SNMP data monitoring.

  6. Visualize your network performance data in New Relic.

For more help

If you need more help, check out these support and learning resources:

Create issueEdit page
Copyright © 2021 New Relic Inc.