In an Enterprise network, Netflow monitors traffic flowing through SD-WAN Edge and exports Internet Protocol Flow Information Export (IPFIX) information directly from SD-WAN Edge to one or more Netflow collectors. IPFIX is an IETF protocol that defines the standard of exporting flow information from an end device to a monitoring system. VMware supports IPFIX version 10 to export IP flow information to a collector. Generally, an IP flow is identified by five tuples namely: Source IP, Destination IP, Source Port, Destination Port, and Protocol. But the Netflow records that are exported by SD-WAN Edge aggregates the source port. This means that data of different flows that have same source and destination IPs, same destination port, but different source ports will be aggregated.
The
SD-WAN Orchestrator allows you to configure Netflow collectors and filters as network services at the profile, edge, and segment level. You can configure a maximum of two collectors per segment and eight collectors per profile and edge. Also, you can configure a maximum of 16 filters per collector.
Procedure
- From the SD-WAN Orchestrator, go to Configure > Network Services.
The
Services page appears.
- To configure a collector, go to the Netflow Settings area and click the New button at the right side of the Collector table. The Add New Collector dialog box appears.
- In the Collector Name text box, enter a unique name for the collector.
- In the Collector IP text box, enter the IP address of the collector.
- In the Collector Port text box, enter the port ID of the collector.
- Click Save Changes.
Under
Network Services, the newly added collector appears in the Collector table.
- SD-WAN Orchestrator allows filtering of traffic flow records by source IP, destination IP, and application ID associated with the flow. To configure a filter, go to the Netflow Settings area and click the New button at the right side of the Filter table. The Add New Filter dialog box appears.
- In the Filter Name text box, enter a unique name for the filter.
- Under the Match area, click Define to define per collector filtering rules to match by source IP or destination IP or application associated with the flow, or click Any to use any of the source IP or destination IP or application associated with the flow as the match criteria for Netflow filtering.
- Under the Action area, select either Allow or Deny as the filter action for the traffic flow, and click OK.
Under
Network Services, the newly added filter appears in the Filter table.
Results
At the profile and edge level, the configured collectors and filters appears as a list under the
Netflow Settings area in the
Device tab.
After you enable Netflow on the SD-WAN Edge, it periodically sends messages to the configured collector. The contents of these messages are defined using IPFIX templates. For more information on templates, see IPFIX Templates.