After you enable Netflow on the VMware SD-WAN Edge , it periodically sends messages to the configured collector. The contents of these messages are defined using templates. Internet Protocol Flow Information Export (IPFIX) templates have additional parameters that provide more information regarding the traffic flows.
Non-NAT Template https://www.iana.org/assignments/ipfix/ipfix.xhtml
. This is an aggregated flow. Keys for this flow record are: sourceIPv4Addres, destinationIPv4Address, destinationTransportPort, ingressVRFID, ApplicationID, protocolIdentifier. Source port is aggregated out.
NAT Template
Flow Link Stats Template The Flow Link Stats template captures the flow stats broken down by link.
Tunnel Stats Template A tunnel is established over a link and has communication with a peer. A peer can be a Gateway (edge to Cloud traffic), Hub (edge to data center traffic) or Edge (dynamic edge-to-edge VPN traffic). The Tunnel Stats template captures the stats of a tunnel and it is sent every one minute. The linkUUID field lists the link established for the tunnel. The interfaceIndex field says to which peer it is communicating.
Application Option Template https://tools.ietf.org/html/rfc6759 .
The Application Option template is sent every 5 minutes or when changed. Only applications that have been referenced in flows are exported.
Interface Option Template Interfaces in the VMware Netflow context can be broadly classified into two types: Physical and SD-WAN.
VMware Segment ID to Segment Mapping Template The template is sent every 10 minutes and utilizes VRF as the nomenclature to define a segment.
Link Option Template The link option template provides a mapping between linkUUID and the interface index to which this link points. From the link option template, it is also possible to get the link name which is a configurable field in the .
Netflow Source Address and Segmentation Netflow source interface’s primary IP address should come from VMware SD-WAN Orchestrator . In absence of the optional source interface configuration, the flow records would consume one of the up and advertised LAN/Routed IP address as source IP address. It is mandatory to have at least one up and advertised LAN/Routed interface on the particular segment, for Netflow to function. The Orchestrator UI needs to be modified to reflect this.
IPFIX Information Element Definitions