Configure Flowlink
This section provides requirements and steps you need to follow to configure Flowlink.
Requirements
CentOS or RHEL server
Root privileges to the server
Flowlink RPM downloaded from the Illumio Support site
PCE with Service Account API Key and Secret
Important
You must have Global Owner privileges to configure Flowlink.
CPU, Memory, and Storage Requirements
To install Flowlink, your hardware must meet the capacity requirements detailed in this section.
Machine Type | Cores/Clock Speed1 | RAM per Node2 | Storage Device Size3 and IOPS4 |
|---|---|---|---|
Flowlink 2500 workloads |
| 8 GB |
|
Footnotes:
1 CPUs:
The recommended number of cores is based only on physical cores from allocated CPUs, irrespective of hyper-threading or virtual cores. For example, in AWS one vCPU is only a single hyper-thread running on a physical core, which is half a core. 16 physical cores equates to 32 vCPUs in AWS.
Full reservations for vCPU. No overcommit.
2 Full reservations for vRAM. No overcommit.
3 Additional disk notes:
Storage requirements for network traffic data can increase rapidly as the amount of network traffic increases. Allocating a separate, large storage device for traffic data can accommodate these rapid changes without potentially interrupting the service.
Network File Systems (NFS) is not supported.
4 Input/output operations per second (IOPS) are based on 8K random write operations. IOPS specified for an average of 300 flow summaries (80% unique src_ip, dest_ip, dest_port, proto) per workload every 10 minutes. Different traffic profiles might require higher IOPS.
Flowlink Storage Partitioning
Storage Device | Partition mount point | Size to Allocate | Notes |
|---|---|---|---|
Device 1, Partition A |
| 20 GB | Logrotate must be configured to limit the disk consumption of Flow & System Logs. |
Install Flowlink RPM
Login as a root user.
Install the RPM.
The default install location is:
/usr/local/bin/Standard installation:
sudo su rpm -ivh illumio-flowlink-x.x.x-yy.x86_64.rpmImportant
Only the Install Flowlink RPM step needs root user login.
The Create a Service Account API Key, Create YAML Configuration File, and Run Flowlink steps can be run by logging in as any user.
In the following sections, /home/employee directory is used as an example. The api_info file should be in a directory writable by the user, for example in the /home/employee directory.
Create a Service Account API Key
Note
This procedure requires Global Owner privileges.
Keep in mind
There are two ways to create a Service Account API key for Flowlink:
Through the API. See API Keys.
Through the PCE Web Console (described in the procedure below).
The Org ID value is not shown when you create a Service Account API key.
Service accounts are always organization-based and specific to a PCE. While creating a service account, users create their permissions and an
api_keyis created implicitly. Deleting a service account removes its permissions and all associated API keys.
In the PCE UI, go to Access > Service Accounts.
Click Add and configure settings.
Name
Description (optional)
Access Restriction: None.
API Key expiration: Keep the default or choose a different option.
Roles and Scopes: Select Global Administrator. The All is chosen automatically and cannot be changed.
Click Save.
When the API Key Created dialog appears, preserve the credentials (make a note or download them).
Copy the values of the Authentication Username and Secret into to a text file on the Flowlink server.
Use a space to separate the key and secret. For example:
api_xxxxxxxxxxxxxx yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyCopy the absolute path of the file PCE API file
/home/employee/api_info. You will need it in the Flowlink configuration file.
Configure HTTP/HTTPS Proxy
Note
Applies only to version 1.3.0 and later.
When Flowlink is running behind a proxy or in a corporate network and the PCE is in the cloud, Flowlink can access the PCE via HTTP/HTTPS proxy configurations.
The following configuration parameters are available to define an HTTP/HTTPS proxy:
proxy_config:
https_proxy: <HTTPS_PROXY>
http_proxy: {} <HTTPS_PROXY>{}The following is an example of a Flowlink YAML configuration file:
proxy_config: https_proxy: http://proxy.corporate.com:3128 http_proxy: http://proxy.corporate.com:3128
In the example above, the HTTP/HTTPS proxy is running on FQDN proxy.corporate.com{{ port: 3128}}.
Create YAML Configuration File
In the
/home/employeedirectory, create a YAML configuration file. You can find an example yml file at/usr/local/illumio/config.yml.example.Enter the parameters.
Example of Flowlink configuration:
pce_addr: mypce.example.com:8443 api_key: $cat /home/employee/api_info data_directory: /home/employee aggregation_minutes: 10 destinations: - name: netflow parser: type: netflow connectors: - type: udp properties: ports: '2055'The above configuration listens for NetFlow on UDP 2055 from any data source. The absolute path is:
/home/employee/config.yaml.netflow
Run Flowlink
To manage Flowlink, use the following commands:
illumio-flowlink-ctl start --config <path to config file> [--log-file <path to log file>] illumio-flowlink-ctl stop illumio-flowlink-ctl status
The default path for the log file is <data_directory specified in config file>/
flowlink.logTo start Flowlink, use the
illumio-flowlink-ctl startcommand. Make sure that you include the--configoption in the start command, which will begin running the program in the background.Example with expected output:
illumio-flowlink-ctl start --config /home/employee/config.yaml.netflow OUTPUT TO CONSOLE Checking Flowlink started successfully. OK. Output logs can be found at: /home/employee/flowlink.log OUTPUT IN LOG FILE (/home/employee/flowlink.log) 2020-03-11T09:58:51.173203-07:00 Waiting for signal 2020-03-11T09:58:51.330757-07:00 Starting Data source: netflow 2020-03-11T09:58:51.331162-07:00 Listening for netflow messages on udp port: 2055 2020-03-11T09:58:51.332929-07:00 Reporting flows every 10 minutes
To stop Flowlink, use the
illumio-flowlink-ctl stopcommand.Example with expected output:
illumio-flowlink-ctl stop OUTPUT ON CONSOLE /illumio-flowlink-ctl stop Stopping Flowlink: ......... Stopped. OUTPUT IN LOG FILE (/home/employee/flowlink.log) 2020-03-11T09:58:57.097817-07:00 Got signal 2020-03-11T09:58:57.097835-07:00 Telling connectors to stop 2020-03-11T09:58:57.097856-07:00 Allowing parsers to drain 2020-03-11T09:58:57.098766-07:00 udp exiting 2020-03-11T09:58:57.098800-07:00 udp exiting 2020-03-11T09:58:57.101361-07:00 udp exiting 2020-03-11T09:58:57.101400-07:00 udp exiting 2020-03-11T09:58:57.103881-07:00 udp exiting 2020-03-11T09:58:57.103905-07:00 udp exiting 2020-03-11T09:58:57.106527-07:00 udp exiting 2020-03-11T09:58:57.106579-07:00 udp exiting 2020-03-11T09:58:57.109120-07:00 udp exiting 2020-03-11T09:58:57.109145-07:00 udp exiting 2020-03-11T09:58:57.111790-07:00 udp exiting 2020-03-11T09:58:57.111837-07:00 udp exiting 2020-03-11T09:58:57.113853-07:00 udp exiting 2020-03-11T09:58:57.113912-07:00 udp exiting 2020-03-11T09:58:57.116262-07:00 udp exiting 2020-03-11T09:58:57.116397-07:00 udp exiting 2020-03-11T09:58:57.118365-07:00 udp exiting 2020-03-11T09:58:57.119002-07:00 udp exiting 2020-03-11T09:58:57.120865-07:00 udp exiting 2020-03-11T09:58:57.121108-07:00 udp exiting 2020-03-11T09:58:57.123517-07:00 udp exiting 2020-03-11T09:58:57.123552-07:00 udp exiting 2020-03-11T09:58:57.126043-07:00 udp exiting 2020-03-11T09:58:57.126079-07:00 udp exiting 2020-03-11T09:59:02.100923-07:00 Writing flows 2020-03-11T09:59:02.100969-07:00 Flow count: 48468 2020-03-11T09:59:02.417261-07:00 Waiting for file senders to drain 2020-03-11T09:59:02.418564-07:00 Sending file: /home/employee/traffic_flows_1583945942416835.pb.gz 2020-03-11T09:59:07.390307-07:00 Response Code 204
To check the status of Flowlink, use the
illumio-flowlink-ctl statuscommand.Example with expected output:
illumio-flowlink-ctl status OUTPUT ON CONSOLE /illumio-flowlink-ctl status Flowlink: RUNNING