The preceding diagrams show the communication between the two VMs running on two different hosts and the flows monitored by the IPFIX feature for vSphere Distributed Switch.
The Flow on Host 1 shows the flows are collected from Host 1. The IPv4 template has additional information about the ingress and egress port and the standard elements.
The ingressInterfaceAttr text box 0x02 indicates it is an access port where the virtual machine is connected. The access port number is assigned to the ingressInterface parameter in the template.
The egressInterfaceAttr value of 0x03 shows that it is a VXLAN tunnel port and the port number associated with it is a management VMKNic port. This port number is assigned to the egressInterface parameter in the template.
The IPv4 VXLAN template on the other hand has additional information about the VXLAN ID, inner source, and destination IP/Port and protocol. The ingress and egress interfaces are VXLAN tunnel port and dvuplink port respectively.
The Flow on Host 1 shows the flows on Host 2.
The templates in the Flow on Host 1 differs from the Flow on Host 1 only in the Ingress and egress attributes and port numbers.
The additional information provided through this template helps the collector tool vendors to correlate the external VXLAN flows and the internal virtual machine flows.
Information Relevant to the Collector Tool Vendor
IPFIX support on vSphere Distributed Switch provides the required visibility into the virtual machine flows and VXLAN flows. If you are using any collector tool vendor, you can use additional information available in the templates to provide a correlation between the internal and external flows and the port connections.
The following section provides the details regarding how to decode the new parameters that are added in the VXLAN templates. IANA defines IPFIX information elements and their element IDs. You can find the list of standard element IDs at http://www.iana.org/assignments/ipfix/ipfix.xml.
All the new elements defined as part of VXLAN template have their new element IDs.
These custom parameters or elements provide additional information about the VXLAN and internal flows. The following are the new elements and their IDs:
| Element ID | Parameter Name | Data Type | Unit |
|---|---|---|---|
| 880 | tenantProtocol | unsigned8 | 1 byte |
| 881 | tenantSourceIPv4 | ipv4Address | 4 bytes |
| 882 | tenantDestIPv4 | ipv4Address | 4 bytes |
| 883 | tenantSourceIPv6 | ipv6Address | 16 bytes |
| 884 | tenantDestIPv6 | ipv6Address | 16 bytes |
| 886 | tenantSourcePort | unsigned16 | 2 bytes |
| 887 | tenantDestPort | unsigned16 | 2 bytes |
| 888 | egressInterfaceAttr | unsigned16 | 2 bytes |
| 889 | vxlanExportRole | unsigned8 | 1byte |
| 890 | ingressInterfaceAttr | unsigned16 | 2 bytes |
The following table shows an example of complete list of element IDs. You can find data type and unit for standard element IDs at http://www.iana.org/assignments/ipfix/ipfix.xml.
| Element ID | Parameter Name |
|---|---|
| 1 | octetDeltaCount |
| 2 | packetDeltaCount |
| 4 | protocolIdentifier |
| 5 | IPv4TOS |
| 5 | IPv6TOS |
| 6 | tcpFlags |
| 7 | sourceTransportPort |
| 8 | sourceIPv4Address |
| 10 | ingressInterface |
| 11 | destinationTransportPort |
| 12 | destinationIPv4Address |
| 14 | egressInterface |
| 15 | nextHopIPv4 |
| 27 | sourceIPv6Address |
| 28 | destinationIPv6Address |
| 53 | maxTTL |
| 61 | flowDir |
| 136 | flowEndReason |
| 152 | flowStartSysUpTime |
| 153 | flowEndSysUpTime |
| 210 | paddingOctets |
| 351 | vxlanId |
| 880 | tenantProtocol |
| 881 | tenantSourceIPv4 |
| 882 | tenantDestIPv4 |
| 883 | tenantSourceIPv6 |
| 884 | tenantDestIPv6 |
| 886 | tenantSourcePort |
| 887 | tenantDestPort |
| 888 | egressInterfaceAttr |
| 889 | vxlanExportRole |
| 890 | ingressInterfaceAttr |
