Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Configure NetFlow Settings from VMware vSphere Distributed Switch

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Apr 05, 2019
2 min read

Part 1) Exporting Netflows

Analyze virtual machine IP traffic that flows through a vSphere Distributed Switch by sending reports to a NetFlow collector.

Version 5.1 and later of vSphere Distributed Switch supports IPFIX (NetFlow version 10).

Procedure

  1. In the vSphere Web Client, navigate to the distributed switch.
  2. From the Actions menu, select Settings > Edit Netflow.
  3. Type the Collector IP address and Collector port of the NetFlow collector.

    You can contact the NetFlow collector by IPv4 or IPv6 address.

  4. Set an Observation Domain ID that identifies the information related to the switch.
  5. To see the information from the distributed switch in the NetFlow collector under a single network device instead of under a separate device for each host on the switch, type an IPv4 address in the Switch IP address text box.
  6. (Optional) In the Active flow export timeout and Idle flow export timeout text boxes, set the time, in seconds, to wait before sending information after the flow is initiated.
  7. (Optional) To change the portion of data that the switch collects, configure Sampling Rate.

    The sampling rate represents the number of packets that NetFlow drops after every collected packet. A sampling rate of x instructs NetFlow to drop packets in a collected packets:dropped packets ratio 1:x. If the rate is 0, NetFlow samples every packet, that is, collect one packet and drop none. If the rate is 1, NetFlow samples a packet and drops the next one, and so on.

  8. (Optional) To collect data on network activity between virtual machines on the same host, enable Process internal flows only.

    Collect internal flows only if NetFlow is enabled on the physical network device to avoid sending duplicate information from the distributed switch and the physical network device.

  9. Click OK.
 

Part 2) Enable or Disable NetFlow Monitoring on a Distributed Port Group or Distributed Port(Only if required)

You can enable NetFlow to monitor IP packets that are passing through the ports of a distributed port group or through individual distributed ports.

You configure the NetFlow settings on the vSphere Distributed Switch. See the article above in Part 1.

Prerequisites

To override a policy on distributed port level, enable the port-level override option for this policy. See Configure Overriding Networking Policies on Port Level.

Procedure

  1. In the vSphere Web Client, navigate to the distributed switch.

  2. Navigate to the monitoring policy for the distributed port group or distributed port.

    Option

    Action

    Distributed port group

    1. From the Actions menu, select Distributed Port Group > Manage Distributed Port Groups.

    2. Select Monitoring.

    3. Select the port group and click Next.

    Distributed port

    1. Select Related Object, and select Distributed Port Groups.

    2. Select a distributed port group.

    3. Under Manage select Ports.

    4. Select a port and click Edit distributed port settings.

    5. Select Monitoring.

    6. Select Override next to the drop-down menu.

  3. From NetFlow the drop-down menu, enable or disable NetFlow and click Next.
  4. Verify your settings and apply the configuration.

Reference link: https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.networking.doc/GUID-3CF9AEEB-08B0-47F5-A3B6-ADD8A919DFA0.html#GUID-3CF9AEEB-08B0-47F5-A3B6-ADD8A919DFA0

Seceon Inc. All rights reserved. https://www.seceon.com