IPFIX (Internet Protocol Flow Information Export) is a standard for the format and export of network flow information. You can configure IPFIX for switches and firewalls. For switches, network flow at VIFs (virtual interfaces) and pNICs (physical NICs) is exported. For firewalls, network flow that is managed by the distributed firewall component is exported.
This feature is compliant with the standards specified in RFC 7011 and RFC 7012.
When you enable IPFIX, all configured host transport nodes will send IPFIX messages to the IPFIX collectors using port 4739. On ESXi hosts, NSX automatically opens port 4739.
IPFIX on ESXi sample tunnel packets in different ways. On ESXi the tunnel packet is sampled as two records:
- Outer packet record with some inner packet information
- SrcAddr, DstAddr, SrcPort, DstPort, and Protocol refer to the outer packet.
- Contains some enterprise entries to describe the inner packet.
- Inner packet record
- SrcAddr, DstAddr, SrcPort, DstPort, and Protocol refer to the inner packet.