Create a new installation directory
mkdir /opt/akvorado
cd /opt/akvoradoDownload Akvorado
curl -sL https://github.com/akvorado/akvorado/releases/latest/download/docker-compose-quickstart.tar.gz | tar zxvf -Remove the demo compose file from .env
sed -i 's/:docker\/docker-compose-demo.yml//' .envComment out the demo config from akvorado.yaml
sed -i '/demo-exporter: / s/^/#/' config/akvorado.yamlConfiguration in this section will occur in config/inlet.yaml
Exporters are the devices that send flow data to Akvorado.
Make sure all participating routers
At this point in time, the default Metadata provider is SNMP - let's configure it for all Exporters.
In many cases, a router will provide an Agent address that doesn't line up with the management address you're needing to poll. Override the Agent address(es) by adding the agents parameter.
Make sure to set the SNMP communities for said Exporters as well. ::/0 defines the default community, add additional network/community combinations as needed.
metadata:
workers: 10
provider:
type: snmp
communities:
::/0: public
agents:
10.255.255.1: 192.168.1.100
10.255.255.2: 192.168.2.100
10.255.255.3: 192.168.4.100Use Classifiers to group Exporters. More details here.
To build a rule, define a condition then place the classification that will be set if the Exporter matches that condition.
Example: Exporter.IP matches "(10.255.255.2)" && ClassifyRegion("longmont")
Classifiers with no preceding rule will be set by default ASSUMING the Exporter was not caught by a preceding rule defining the same classifier.
core:
exporter-classifiers:
- ClassifySiteRegex(Exporter.Name, "^([^-]+)-", "$1")
- Exporter.IP matches "(10.255.255.[1-3])" && ClassifyRegion("longmont")
- Exporter.IP matches "(10.255.255.[1-3])" && ClassifyRole("core")
- ClassifyTenant("tenant1")Use Classifiers to describe interfaces that flows are traversing. More details here.
Building these rules is the same as building Exporter rules. In this case, I've defined multiple classifiers behind a single condition.
Classifiers with no preceding filter/rule will be set by default ASSUMING the Exporter was not caught by a preceding rule defining the same classifier.
core:
interface-classifiers:
- Interface.Description matches "Access" && ClassifyInternal() && ClassifyConnectivity("customer")
- |
ClassifyConnectivityRegex(Interface.Description, "^(?i)(transit|pni|ppni|ix):? ", "$1") &&
ClassifyProviderRegex(Interface.Description, "^\\S+?\\s(\\S+)", "$1") &&
ClassifyExternal()I removed the Netflow input since I won't be using it. My final config looks like this:
flow:
inputs:
- type: udp
decoder: sflow
listen: :6343
workers: 10
receive-buffer: 10485760Configuration in this section will occur in config/akvorado.yaml
Simply define all applicable ASNs like shown below
clickhouse:
asns:
64501: ACME Corporation
64502: Stark IndustriesTo define all applicable IP networks, define each network in CIDR format then add the name and role details to it.
clickhouse:
networks:
192.69.22.0/23:
name: ipv4-core-services
role: core-services
8.36.226.0/23:
name: ipv4-customers
role: customers
2606:8680::/32:
name: ipv6-customers
role: customers---
kafka:
compression-codec: zstd
geoip:
optional: true
asn-database: /usr/share/GeoIP/asn.mmdb
geo-database: /usr/share/GeoIP/country.mmdb
metadata:
workers: 10
provider:
type: snmp
communities:
::/0: lpcro
agents:
10.255.255.1: 192.168.1.100
10.255.255.2: 192.168.2.100
10.255.255.3: 192.168.3.100
flow:
inputs:
- type: udp
decoder: sflow
listen: :6343
workers: 10
receive-buffer: 10485760
core:
workers: 10
exporter-classifiers:
- ClassifySiteRegex(Exporter.Name, "^([^-]+)-", "$1")
- Exporter.IP matches "(10.255.255.[1-3])" && ClassifyRegion("longmont")
- Exporter.IP matches "(10.255.255.[1-3])" && ClassifyRole("core")
- ClassifyTenant("tenant1")
interface-classifiers:
- Interface.Description matches "Access" && ClassifyInternal() && ClassifyConnectivity("customer")
- |
ClassifyConnectivityRegex(Interface.Description, "^(?i)(transit|pni|ppni|ix):? ", "$1") &&
ClassifyProviderRegex(Interface.Description, "^\\S+?\\s(\\S+)", "$1") &&
ClassifyExternal()---
kafka:
topic: flows
version: 3.3.1
brokers:
- kafka:9092
topic-configuration:
num-partitions: 8
replication-factor: 1
config-entries:
segment.bytes: 1073741824
retention.ms: 86400000 # 1 day
cleanup.policy: delete
compression.type: producer
clickhouse:
orchestrator-url: http://akvorado-orchestrator:8080
kafka:
consumers: 4
servers:
- clickhouse:9000
asns:
64501: ACME Corporation
networks:
192.69.22.0/23:
name: ipv4-core-services
role: core-services
8.36.226.0/23:
name: ipv4-customers
role: customers
8.42.76.0/22:
name: ipv4-customers
role: customers
8.44.144.0/20:
name: ipv4-customers
role: customers
8.46.88.0/21:
name: ipv4-customers
role: customers
66.186.200.0/22:
name: ipv4-customers
role: customers
66.186.208.0/20:
name: ipv4-customers
role: customers
161.97.192.0/18:
name: ipv4-customers
role: customers
192.152.130.0/23:
name: ipv4-customers
role: customers
209.131.236.0/22:
name: ipv4-customers
role: customers
2606:8680::/32:
name: ipv6-customers
role: customers
network-sources: []
inlet: !include "inlet.yaml"
console: !include "console.yaml"
This should be the only required configuration parameters that need to be set.