Configuring Netflow

NetFlow is a feature that was introduced on Cisco routers that provides the ability to collect IP network traffic as it enters or exits an interface. Starting with vSphere 5.1, VMware supports Internet Protocol Flow Information Export (IPFIX) to analyze VM IP traffic by collecting data from a vDS and sending it across to a NetFlow collector tool.

You can configure the NetFlow collector using the vSphere Web Client, in the Configure tab of the selected vDS. Just select the NetFlow menu in the Settings section. Then click on the Edit... button:

The different parameters are the following:

• Collector IP address and Collector port of the NetFlow collector. You can contact the NetFlow collector via the IPv4 or IPv6 address.
• Observation Domain ID identifies the information related to the switch.
• Switch IP address is used to see the information from the vDS in the NetFlow collector under a single network device instead of under a separate device for each host on the switch.
• The (optional) Active flow export timeout (Seconds) and Idle flow export timeout (Seconds) textboxes set the time, in seconds, to wait before sending information after the flow is initiated.
• The (optional) Sampling rate option is used to change the portion of data that the switch collects. The sampling rate represents the number of packets that NetFlow drops after every collected packet. A sampling rate of x instructs NetFlow to drop packets in a collection of packets: dropped packets ratio 1:x.
• The (optional) Process internal flows only option is used to collect data on network activity between virtual machines on the same host.

For more information, see the vSphere 6.5 Networking guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-55FCEC92-74B9-4E5F-ACC0-4EA1C36F397A.html).