You can configure IPFIX profiles for switches, also known as segments.

Flow-based network monitoring enable network administrators to gain insight into traffic traversing a network.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Select Plan & Troubleshoot > IPFIX.
  3. Click the Switch IPFIX Profiles tab.
  4. Click Add Switch IPFIX Profile.
  5. Enter the following details:
    Setting Description
    Name and Description Enter a name and optionally a description.
    Note: To create a global profile, name the profile Global. You cannot edit or delete a global profile from the UI, but you can do so using NSX-T Data Center APIs.
    Active Timeout (seconds) The length of time after which a flow times out, even if more packets associated with the flow are received. Default is 300.
    Idle Timeout (seconds) The length of time after which a flow times out, if no more packets associated with the flow are received (ESXi only, KVM times out all flows based on the active timeout). Default is 300.
    Packet Sampling Probability (%) An estimate of the percentage of packets that will be sampled. Increasing this setting can have a performance impact on the hypervisors and collectors. If all hypervisors are sending more IPFIX packets to the collector, the collector might not be able to collect all packets. Setting the probability at the default value of 0.1% decreases the performance impact.
    Collector Configuration Select a collector from the drop-down menu.
    Applied To Select a category: Segment, Segment Port, Groups, or Selected Count. The IPFIX profile applies to the selected object.
    Priority This parameter resolves conflicts when multiple profiles apply. The IPFIX exporter uses the profile with the highest priority only. A lower value means a higher priority.
    Max Flows The maximum flows cached on a bridge (KVM only, not configurable on ESXi). Default is 16384.
    Observation Domain ID The observation domain ID identifies which observation domain the network flows originate from. Enter 0 to indicate no specific observation domain.
    Export Overlay Flow This parameter defines whether to sample and export the overlay flows on uplink and tunnel ports. Both the vNIC flow and overlay flow are included in the sample. The default is enabled. When disabled, only vNIC flows are sampled and exported.
    Tags Enter a tag to make searching easier.
  6. Click Save and then Yes to continue configuring the profile.
  7. Click Applied To to apply the profile to an NSGroup. You can select one or more NSGroups.
    Note: IPFIX Profile supports NSGroups with member types: Other NSGroups, Segment, and Segment Port. To learn more about NSGroup, see Create an NSGroup in Manager Mode.
  8. Click Save.