iRule/Netflow IPFix v10 - Scenario

Are there any example setups/scenarios for sending Netflow data from remote routers to an F5 VIP?

 

We will have hundreds of routers setup to send Netflow IPFix V10 [UDP traffic] to our F5 load balancer which will then get load balanced to our AVC collector servers [50 or more]. The traffic is based on a template/option template in the UDP payload.

 

Trying to achieve the following:

 

1. Create a persistent connection based on the routers source IP coming in to the load balancer. Which will be the router loopback address. For example, we’ll want RTR1 to always send traffic to C1 collector. Issues: For each of the collectors, there is a threshold limit approximately 800 packets per second. Once the collector hits 80% of its threshold we don’t want traffic to go to that collector anymore and the traffic gets re-balanced to another server.

Is it possible to achieve this with a UDP persistence profile – or will we also need an iRule, and can we limit based on a bandwidth threshold on our node/server?

 

If I create a UDP persistence profile, and set my time out to “indefinite”, are there repercussions to that? Considering even though this is basically all UDP traffic, We are talking about million flows per second and 50k packets per second.

 

Our second option is enable F5 rule to match UDP traffic between routers and inspect elements on the UDP payload to FWD to the collectors [nodes] accordingly. There are specific fields in the netflow payload and we would broadcast 2 types of data records – a template for regular IPFix table, AVC and MediaNet table, and secondly an Option Table.

 

For example – if we can match the flowSet length count

 

I guess i'm just looking at getting an example iRule of something similar or perhaps alternative option settings for what we need done.

 

Thanks