You can enable IPFIX on vSphere Distributed Switch.

Logical representation of enabling IPFIX on the vSphere Distributed Switch for tracking flows.

You can enable IPFIX for a logical switch as follows:

  1. Configure the NetFlow collector on the vSphere Distributed Switch backing the NSX transport zone (Logical Switch). For more information on how to configure NetFlow collector, see "Configure the NetFlow Settings of a vSphere Distributed Switch" topic in the vSphere Networking Guide.
  2. You can enable NetFlow monitoring on the distributed port group corresponding to the Logical Switch.  If the NSX transport zone spans multiple vSphere Distributed Switches (VDS), then repeat these steps for each VDS/distributed port group. For more information on how to enable NetFlow monitoring, see "Enable or Disable NetFlow Monitoring on a Distributed Port Group or Distributed Port in the vSphere documentation.

In an NSX environment, the virtual machine data traffic on a logical switch traversing the NSX uplink of ESXi is VXLAN encapsulated. When NetFlow is enabled on the host uplink, the IP flow records are exported using a custom IPFIX flow-record template. The template includes the outer VXLAN UDP/IP header information and the information of the inner encapsulated IP packet. Such flow record, as a result provides visibility on the VTEP that is encapsulating the packet (outer header) and the details of the virtual machine that generated inter-host traffic (inner header) on a NSX logical switch (VXLAN).

For more details on the IPFIX templates for vSphere Distributed Switch, refer to IPFIX Templates.