IPFIX Exporter Removal

IPFIX Exporter is a service that runs to collect network traffic information. The port is commonly seen on UDP 10000. If Security Central is uninstalled incorrectly and the VM is just deleted, the exporter could be left behind. Follow these steps to remove the left over exporter.
***Note: The proper uninstall method for Security Central can be found here***

Setup the environment – Ubuntu 24.04.4 Linux in this example

Windows / Mac can be used as well and those instructions can be found HERE but still modify the configuration.py file as instructed below.

  • Install Python3 / PIP
    • sudo apt-get install python3 python3-pip
  • Install virtualenv
    • sudo apt-get install virtualenv
  • Virtualenv Setup
    • virtualenv -p python3 [myenv]. ## [myenv] is a name you chose, I used dev
    • source [myenv]/bin/activate
  • Install Nutanix Network API Client
    • pip install ntnx-networking-py-client

Do Not Skip This Step

  • Modify configuration.py to accept invalid certificates (Prism Central typically is just self signed certs)
    • cd [myenv]/lib/python3.10/site-packages/ntnx_networking_py_client/
    • Modify line 145 of the configuration.py file
      • Change “self.__verify_ssl = True” to “self.__verify_ssl = False

IPFIX API Requests

Reference Nutanix for Developers for all IPFIX API request examples

  • create a file called ipfix-get.py and paste in the content below, changing config.host | config.username | config.password to match your Prism Central.
import ntnx_networking_py_client
if __name__ == "__main__":
# Configure the client
config = ntnx_networking_py_client.Configuration()
# IPv4/IPv6 address or FQDN of the cluster
config.host = "10.0.0.0"
# Port to which to connect to
config.port = 9440
# Max retry attempts while reconnecting on a loss of connection
config.max_retry_attempts = 3
# Backoff factor to use during retry attempts
config.backoff_factor = 3
# UserName to connect to the cluster
config.username = "username"
# Password to connect to the cluster
config.password = "password"
# Please add authorization information here if needed.
client = ntnx_networking_py_client.ApiClient(configuration=config)
i_pfix_exporters_api = ntnx_networking_py_client.IPFIXExportersApi(api_client=client)
page = 0
limit = 50
try:
     api_response = i_pfix_exporters_api.list_ipfix_exporters(_page=page, _limit=limit)
     print(api_response)
except ntnx_networking_py_client.rest.ApiException as e:
     print(e)
  • create another file called ipfix-delete.py and paste in the content below, changing config.host | config.username | config.password | ext_id to match your environment
import ntnx_networking_py_client

if __name__ == "__main__":
    # Configure the client
    config = ntnx_networking_py_client.Configuration()
    # IPv4/IPv6 address or FQDN of the cluster
    config.host = "10.x.x.x"
    # Port to which to connect to
    config.port = 9440
    # Max retry attempts while reconnecting on a loss of connection
    config.max_retry_attempts = 3
    # Backoff factor to use during retry attempts
    config.backoff_factor = 3
    # UserName to connect to the cluster
    config.username = "username"
    # Password to connect to the cluster
    config.password = "password"
    # Please add authorization information here if needed.
    client = ntnx_networking_py_client.ApiClient(configuration=config)
    i_pfix_exporters_api = ntnx_networking_py_client.IPFIXExportersApi(api_client=client)
   
    ext_id = "EDCE9eE8-fb0B-EcbD-5CD2-Befb57220FC8"  ## <- You'll receive this in the next step


    try:
        api_response = i_pfix_exporters_api.delete_ipfix_exporter_by_id(extId=ext_id)
        print(api_response)
    except ntnx_networking_py_client.rest.ApiException as e:
        print(e)

Executing against the PC API

Get the Exporters from PC:
Run from the same directory is your ipfix-get.py file. Make sure your virtualenv is still active from earlier. Indicated in the image below by (dev) in front of nutanix@cl-ipfix:~$
Note: [dev] is the name you chose from earlier when creating the virtualenv denoted by [myenv]

Execute
(dev) nutanix@cl-ipfix:~$ python3 ipfix-get.py
You should see output similar the following, copy the ext_id value and make note of the name to make sure it’s the correct exporter.

Remove the Exporter from PC:
Execute
(dev) nutanix@cl-ipfix:~$ python3 ipfix-delete.py

Confirm Removal by running ipfix-get.py again

Demo of removing a left behind IPFIX exporter