There is another project out there in the ether that I have a hand in providing input for. One of the features that I felt was necessary for it is exporting NetFlow information from traffic the Linux machine handled, to a collector. This is dual-stack traffic, but I have the collector listening on IPv6.
Firstly, I needed something that would gather and export the data, so I found softflowd. My ubuntu server had it in the repo, so a quick apt install got it onto the machine easily enough. You need to edit
/etc/default/softflowd and set what interface(s) you want it capturing & generating flow data from, and what options to feed to the daemon, like what server:port to export that data to:
OPTIONS="-v 9 -n [x:x:x:x::x]:9995"
Fill in the correct interface name you want to gather data from. The -v 9 option tells it to use Netflow v9, which has IPv6 support. The -n option is used for specifying the collector machine’s IP and port, so fill in for the correct IPv6 address of that collector. And that is the format for specifying an IPv6 host running a collector, like nfcapd. Then you can fire up the softflowd daemon, and you should start getting data sent to the collector:
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2015-02-13 23:18:13.316 0.001 UDP 22.214.171.124:53 -> 126.96.36.199:41933 1 213 1 2015-02-13 23:18:13.316 0.001 UDP 188.8.131.52:41933 -> 184.108.40.206:53 1 55 1 2015-02-13 23:15:17.715 180.139 ICMP6 2001:470:1:9::1.0 -> 2001:470:1:9::6666.0.0 4 288 1 2015-02-13 23:15:17.715 180.139 ICMP6 2001:470:1:9::6666.0 -> 2001:470:1:9::1.0.0 4 256 1 Summary: total flows: 75, total bytes: 291951, total packets: 1559, avg bps: 10006, avg pps: 6, avg bpp: 187 Time window: 2015-02-13 23:15:05 - 2015-02-13 23:18:58 Total flows processed: 75, Blocks skipped: 0, Bytes read: 5300 Sys: 0.008s flows/second: 9149.7 Wall: 0.006s flows/second: 12209.0