Paolo, it's my pleasure, hope you're doing great also. Wonderful to see all the progress pmacct has been making since we last met.
Thanks for confirming IPFIX/DTLS is a topic that's still ongoing. While the immediate need for encrypted transport can be alleviated by utilizing IPSEC tunnels and the like, being able to produce encrypted streams will make ingesting data over untrusted transport much simpler. Wondering how DE-CIX produces theirs. Out of curiosity I've been playing around with ncat, trying to encrypt a regular IPFIX stream and sending it to nfacctd_dtls_port. While nfacctd acknowledges that it's receiving DTLS there seem to be some issues that prevent successful parsing of data. Hope I'll be able to find some more time to dig deeper and make it work. Stay safe, Felix Am 09.10.20, 21:49 schrieb "Paolo Lucente" <pa...@pmacct.net>: Hi Felix, Monumental pleasure to read from you, hope all is well. The feature was conceived in conjunction with the great DE-CIX folks, you can see the announcement here: https://twitter.com/thking/status/1292903640877932544 . In the context of pmacct, yes, i have indeed on the roadmap to "disseminate" DTLS a bit further to the 'nfprobe' (export) and 'tee' (replication) plugins. Yet another dimension would be to apply this to sFlow - curious if anybody reading cares. I am not aware of any vendors supporting this at this very moment but i do agree with you that that would be intriguing (in general but perhaps specifically) for all people that do rely on 3rd party services to run their own infrastructure, thinking to L2/L3 MPLS VPNs and suchs. Paolo On 09/10/2020 13:28, Felix Stolba wrote: > Hi everyone, > > so recently the config parameter nfacctd_dtls_port was introduced. By using this, pmacct can consume flow data contained in a DTLS stream as specified in RFC5153. > > Having an integrated, secure transport for flow data is an intriguing idea. But that poses the question, how can such a stream be produced? Is this a vendor specific feature on various network operating systems or is there a 3rd party software that can handle the encryption? Which vendors support that? Anyone willing to share any experience here? > > Has this feature been considered for the pmacct roadmap? Being able to produce encrypted Netflow using the tee plugin would be very useful in certain scenarios. > > Appreciate any input on the matter. > > Thanks, > Felix > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists