Skip to main content
All CollectionsGetting StartedData Sources Configuration
Configure Netflow In VMware
Configure Netflow In VMware
A
Written by Alex Patnick
Updated this week

Note: This guide is for using NetFlow on VMware vSphere. If you are using VMware NSX, see the VMware documentation for instructions on how to enable IPFIX for Logical Switches: IPFIX for Logical Switch

If you are using IPFIX on NSX and NetFlow on vDS switches, you MUST set a different Observation Domain ID for each of them

If you wish to enable NetFlow from Faddom see How to Enable Traffic Collection in VMware

Prerequisites:

  • vSphere Enterprise Plus edition

  • vSphere Distributed Switch version 5.0.0 and later

Configuration steps

To enable NetFlow statistics collection in a VMware environment, there are two main configuration steps:

  • Configuring NetFlow settings using VMware client or VMware Web Client

  • Setting up a Monitoring Policy for each relevant Distributed Port Group

Configuring NetFlow settings with the vSphere web client

  1. In the Networking tab in vSphere Client, navigate to the distributed switch you want to enable NetFlow for.

  2. Right click on the switch, select Settings -> Edit Netflow.

  3. Set the collector address to the Faddom server and set the port number to 4739.

  4. It is recommended to leave the Observation Domain ID empty.

For additional information, please refer to the VMware documentation here.

Setting up a Monitoring Policy for each relevant Distributed Port Group on the Distributed Switch

Each Distributed port group should be configured to send monitoring data, which will be sent via the NetFlow settings described above.

  1. For each distributed switch, right-click -> Distributed Port Group -> Manage Distributed Port Group

  2. Select to edit the Monitoring policy, then click Next

  3. Click on Select distributed port groups. and select the port groups you want to enable NetFlow for, then click Next

  4. Select Enabled for the NetFlow policy configuration, then click Next

  5. Click Finish to save the policy changes

  6. Select the Uplink port group for the Distributed switch

  7. In the Settings -> Monitoring screen, set NetFlow to Enabled.

Source link.

Configuring NetFlow settings with the vSphere client

NetFlow is a network analysis tool that you can use to monitor network monitoring and virtual machine traffic.

NetFlow is supported in vSphere Enterprise Plus edition and is available for a vSphere Distributed Switch version 5.0.0 and later.

Version 5.1 and later of the switch supports IPFIX (NetFlow version 10).

  1. Log in to the vSphere Client and select the Networking inventory view Procedure.

  2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings

  3. Navigate to the NetFlow tab.

  4. Type the IP address of the NetFlow collector (Faddom Sensor). Preferably use port 4739 (the default NetFlow port); however, any other port can be used as the Faddom Sensor captures data from any port.

  5. The VDS IP address is not required and can be left empty; the Faddom Sensor does not require or use this setting.

  6. (Optional) Use the up and down menu arrows to set the Sampling rate.
    The sampling rate represents the number of packets that NetFlow drops after every collected packet.
    A sampling rate of x instructs NetFlow to drop packets in collected packets:dropped packets ratio 1:x.
    If the rate is 0, NetFlow samples every packet, that is, collect one packet and drop none.
    If the rate is 1, NetFlow samples a packet and drops the next one, and so on.

  7. (Optional) Select Process internal flows only to collect data only on network activity between virtual machines on the same host

  8. Click OK.

Source link.

Did this answer your question?