IPFIX (Internet Protocol Flow Information Export) is a standard for the format and export of network flow information. You can configure IPFIX for switches and firewalls. For switches, network flow at VIFs (virtual interfaces) and pNICs (physical NICs) is exported. For firewalls, network flow that is managed by the distributed firewall component is exported.

NSX Cloud Note: If using NSX Cloud, see How to use NSX-T Data Center Features with the Public Cloud for a list of auto-generated logical entities, supported features, and configurations required for NSX Cloud.

When you enable IPFIX, all configured host transport nodes will send IPFIX messages to the IPFIX collectors using port 4739. In the case of ESXi, NSX-T Data Center automatically opens port 4739. In the case of KVM, if firewall is not enabled, port 4739 is open, but if firewall is enabled, you must ensure that the port is open because NSX-T Data Center does not automatically open the port.

IPFIX on ESXi and KVM sample tunnel packets in different ways. On ESXi the tunnel packet is sampled as two records:

  • Outer packet record with some inner packet information
    • SrcAddr, DstAddr, SrcPort, DstPort, and Protocol refer to the outer packet.
    • Contains some enterprise entries to describe the inner packet.
  • Inner packet record
    • SrcAddr, DstAddr, SrcPort, DstPort, and Protocol refer to the inner packet.

On KVM the tunnel packet is sampled as one record:

  • Inner packet record with some outer tunnel information
    • SrcAddr, DstAddr, SrcPort, DstPort, and Protocol refer to the inner packet.
    • Contains some enterprise entries to describe the outer packet.

Prerequisites

  • Install at least one IPFIX collector.
  • Verify that the IPFIX collectors have network connectivity to the hypervisors.
  • Verify that any relevant firewalls, including ESXi firewall, allow traffic on the IPFIX collector ports.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Tools > IPFIX from the navigation panel.
  3. To configure switch IPFIX, click the Switch IPFIX Collectors tab.
  4. Click Add.
  5. Enter a name and optionally a description.
  6. Click Add and enter the IP address and port of a collector.
    You can add up to 4 collectors.
  7. Click Save.