Configure Netflow

In an Enterprise network, Netflow monitors the traffic flowing through SD-WAN Edge and exports Internet Protocol Flow Information Export (IPFIX) information directly from SD-WAN Edge to one or more Netflow collectors. IPFIX is an IETF protocol that defines the standard of exporting flow information from an end device to a monitoring system. VMware supports IPFIX version 10 to export IP flow information to a collector. Generally, an IP flow is identified by five tuples namely: Source IP, Destination IP, Source Port, Destination Port, and Protocol. But the Netflow records that are exported by SD-WAN Edge aggregates the source port. This means that data of different flows that have same source and destination IPs, same destination port, but different source ports will be aggregated..

The SD-WAN Orchestrator allows you to configure Netflow collectors and filters as network services at the Profile, Edge, and Segment level. You can configure a maximum of two collectors per Segment and eight collectors per Profile and Edge. Also, you can configure a maximum of 16 filters per collector.

Procedure

In the Enterprise portal, go to Configure > Network Services, and then under Network Management area, expand Netflow.
To create a collector, click New or New Collector option in the Collectors area.

Note: The New Collector option appears only when there are no items in the table.

Following configuration options are available:


Option	Description
Collector Name	Enter a unique name for the collector.
Collector IP	Enter the IP address of the collector.
Collector Port	Enter the port ID of the collector.

Click Save Changes.
The newly added collector appears in the Collectors table.
SD-WAN Orchestrator allows filtering of traffic flow records by source IP, destination IP, and application ID associated with the flow. To configure a filter, click New or New Filter option in the Filters area. The Add New Filter dialog box appears.

Note: The New Filter option appears only when there are no items in the table.

Following configuration options are available:


Option	Description
Filter Name	Enter a unique name for the filter.
Match	Choose Any to use any of the Source IP or Destination IP or Application associated with the flow as the match criteria for Netflow filtering. Choose Define to define collector filtering rules to match by Source IP or Destination IP or Application associated with the flow.
Action	Select either Allow or Deny as the filter action for the traffic flow.

Click Save Changes.
The newly added filter appears in the Filters table.

Following are the other options available in the Netflow area:


Option	Description
Delete	Select an item and click this option to delete it.
Columns	Click and select the columns to be displayed or hidden on the page.

Results

At the Profile and Edge level, the configured collectors and filters appear as a list under the Netflow Settings area in the Device tab.

While configuring a Profile or an Edge, you can either select a collector and filter from the available list or add a new collector and a filter. For steps, see Configure Netflow Settings for Profiles.
To override Netflow settings at the Edge level, see Configure Netflow Settings for Edges.

After you activate Netflow on the SD-WAN Edge, it periodically sends messages to the configured collector. The contents of these messages are defined using IPFIX templates. For more information on templates, see IPFIX Templates.