Configure Flowlink

This section provides requirements and steps you need to follow to configure Flowlink.

Requirements

CentOS or RHEL server
Root privileges to the server
Flowlink RPM downloaded from the Illumio Support site
PCE with API Key and Secret

Important

Role! You must have Global Administrator or Global Organization Owner privileges.

CPU, Memory, and Storage Requirements

To install Flowlink, your hardware must meet the capacity requirements detailed in this section.

Machine Type	Cores/Clock Speed1	RAM per Node2	Storage Device Size3 and IOPS4
Flowlink 2500 workloads	2 cores Intel® Xeon(R) CPU E5-2695 v4 at 2.10GHz or equivalent	8 GB	1 x 20 GB 100 IOPS per device

Machine Type

Cores/Clock Speed1

RAM per Node2

Storage Device Size3 and IOPS4

Flowlink

2500 workloads

2 cores
Intel® Xeon(R) CPU E5-2695 v4 at 2.10GHz or equivalent

8 GB

1 x 20 GB
100 IOPS per device

Footnotes:

1 CPUs:

The recommended number of cores is based only on physical cores from allocated CPUs, irrespective of hyper-threading or virtual cores. For example, in AWS one vCPU is only a single hyper-thread running on a physical core, which is half a core. 16 physical cores equates to 32 vCPUs in AWS.
Full reservations for vCPU. No overcommit.

2 Full reservations for vRAM. No overcommit.

3 Additional disk notes:

Storage requirements for network traffic data can increase rapidly as the amount of network traffic increases. Allocating a separate, large storage device for traffic data can accommodate these rapid changes without potentially interrupting the service.
Network File Systems (NFS) is not supported.

4 Input/output operations per second (IOPS) are based on 8K random write operations. IOPS specified for an average of 300 flow summaries (80% unique src_ip, dest_ip, dest_port, proto) per workload every 10 minutes. Different traffic profiles might require higher IOPS.

Flowlink Storage Partitioning

Storage Device	Partition mount point	Size to Allocate	Notes
Device 1, Partition A	`/`	20 GB	Logrotate must be configured to limit the disk consumption of Flow & System Logs.

Install Flowlink RPM

Login as a root user.
Install the RPM.
The default install location is: /usr/local/bin/
Standard installation:
```
sudo su
rpm -ivh illumio-flowlink-1.1.0-45.x86_64.rpm
```
For FIPS compliance (see FIPS Compliance for Flowlink for more information):
```
sudo rpm -ivh --nodigest illumio-flowlink-1.2.0-104.x86_64.rpm
```
Important
Login! Only the Install Flowlink RPM step needs root user login.
The Create PCE API File, Create YAML Configuration File, and Run Flowlink steps can be run by logging in as any user.

In the following sections /home/employee directory is used as an example. The api_info file should be in a directory writable by the user, for example in the /home/employee directory.

Create PCE API File

To generate an API key, click My API Keys from the upper-right corner drop-down menu in the PCE UI.
The 'API Keys' page opens. Click Add.
The 'Create API Key' page opens. Enter a Name (mandatory) and Description (optional) and click Save.
The API Key is created.
Copy the values of the 'Authentication Username' and 'Secret' in to a text file on the Flowlink server.
Use a space to separate the key and secret. For example:
api_xxxxxxxxxxxxxx yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Copy the absolute path of the file PCE API file /home/employee/api_info. You will need it in the Flowlink configuration file.

Configure HTTP/HTTPS Proxy

When Flowlink is running behind a proxy or in a corporate network and PCE is in the cloud, Flowlink can access the PCE via HTTP/HTTPS proxy configurations.

The following configuration parameters are available to define an HTTP/HTTPS proxy:

proxy_config:
  https_proxy: <HTTPS_PROXY>
  http_proxy: {} <HTTPS_PROXY>{}

The following is an example of a Flowlink YAML configuration file:

proxy_config:
  https_proxy: http://proxy.corporate.com:3128
  http_proxy: http://proxy.corporate.com:3128

In the example above, the HTTP/HTTPS proxy is running on FQDN proxy.corporate.com{{ port: 3128}}.

Create YAML Configuration File

In the /home/employee directory, create a YAML configuration file. You can find an example yml file at /usr/local/illumio/config.yml.example.

Enter the parameters. For more details about parameters, see Key Value Parameters.

Example of Flowlink configuration:

pce_addr: mypce.example.com:8443
api_key: $cat /home/employee/api_info
data_directory: /home/employee
aggregation_minutes: 10
consumers:
  - name: netflow
    parser:
      type: netflow
    connectors:
      - type: udp
        properties:
          ports: '2055'

The above configuration listens for NetFlow on UDP 2055 from any data source. The absolute path is: /home/employee/config.yaml.netflow

Run Flowlink

To manage Flowlink, use the following commands:

illumio-flowlink-ctl start --config <path to config file> [--log-file <path to log file>]
illumio-flowlink-ctl stop
illumio-flowlink-ctl status

The default path for the log file is <data_directory specified in config file>/flowlink.log

To start Flowlink, use the illumio-flowlink-ctl start command. Make sure that you include the --config option in the start command, which will begin running the program in the background.

Example with expected output:

illumio-flowlink-ctl start --config /home/employee/config.yaml.netflow
 
OUTPUT TO CONSOLE
Checking Flowlink started successfully.
OK.
Output logs can be found at: /home/employee/flowlink.log
 
OUTPUT IN LOG FILE (/home/employee/flowlink.log)
2020-03-11T09:58:51.173203-07:00 Waiting for signal
2020-03-11T09:58:51.330757-07:00 Starting Data Consumer: netflow
2020-03-11T09:58:51.331162-07:00 Listening for netflow messages on udp port: 2055
2020-03-11T09:58:51.332929-07:00 Reporting flows every 10 minutes

To stop Flowlink, use the illumio-flowlink-ctl stop command.

Example with expected output:

illumio-flowlink-ctl stop
 
OUTPUT ON CONSOLE
/illumio-flowlink-ctl stop
Stopping Flowlink: ......... Stopped.
 
OUTPUT IN LOG FILE (/home/employee/flowlink.log)
2020-03-11T09:58:57.097817-07:00 Got signal
2020-03-11T09:58:57.097835-07:00 Telling connectors to stop
2020-03-11T09:58:57.097856-07:00 Allowing parsers to drain
2020-03-11T09:58:57.098766-07:00 udp exiting
2020-03-11T09:58:57.098800-07:00 udp exiting
2020-03-11T09:58:57.101361-07:00 udp exiting
2020-03-11T09:58:57.101400-07:00 udp exiting
2020-03-11T09:58:57.103881-07:00 udp exiting
2020-03-11T09:58:57.103905-07:00 udp exiting
2020-03-11T09:58:57.106527-07:00 udp exiting
2020-03-11T09:58:57.106579-07:00 udp exiting
2020-03-11T09:58:57.109120-07:00 udp exiting
2020-03-11T09:58:57.109145-07:00 udp exiting
2020-03-11T09:58:57.111790-07:00 udp exiting
2020-03-11T09:58:57.111837-07:00 udp exiting
2020-03-11T09:58:57.113853-07:00 udp exiting
2020-03-11T09:58:57.113912-07:00 udp exiting
2020-03-11T09:58:57.116262-07:00 udp exiting
2020-03-11T09:58:57.116397-07:00 udp exiting
2020-03-11T09:58:57.118365-07:00 udp exiting
2020-03-11T09:58:57.119002-07:00 udp exiting
2020-03-11T09:58:57.120865-07:00 udp exiting
2020-03-11T09:58:57.121108-07:00 udp exiting
2020-03-11T09:58:57.123517-07:00 udp exiting
2020-03-11T09:58:57.123552-07:00 udp exiting
2020-03-11T09:58:57.126043-07:00 udp exiting
2020-03-11T09:58:57.126079-07:00 udp exiting
2020-03-11T09:59:02.100923-07:00 Writing flows
2020-03-11T09:59:02.100969-07:00 Flow count: 48468
2020-03-11T09:59:02.417261-07:00 Waiting for file senders to drain
2020-03-11T09:59:02.418564-07:00 Sending file: /home/employee/traffic_flows_1583945942416835.pb.gz
2020-03-11T09:59:07.390307-07:00 Response Code 204

To check the status of Flowlink, use the illumio-flowlink-ctl status command.
Example with expected output:
```
illumio-flowlink-ctl status
 
OUTPUT ON CONSOLE
/illumio-flowlink-ctl status
Flowlink: RUNNING
```

Illumio Core 24.2 Install, Configure, Upgrade

Configure Flowlink

Requirements

Important

CPU, Memory, and Storage Requirements

Flowlink Storage Partitioning

Install Flowlink RPM

Important

Create PCE API File

Configure HTTP/HTTPS Proxy

Create YAML Configuration File

Run Flowlink

Search results