Netflow source interface’s primary IP address should come from VMware SASE Orchestrator. In absence of the optional source interface configuration, the flow records would consume one of the up and advertised LAN/Routed IP address as source IP address. It is mandatory to have at least one up and advertised LAN/Routed interface on the particular segment, for Netflow to function. The Orchestrator UI needs to be modified to reflect this.
When multiple Netflow exporting processes originate from the same IP, Netflow provides the information element to ensure the uniqueness of the export. The options are:
- Use different source interface for each segment.
- If we consider segments distinct exporting processes, then use observation DomainId to distinguish between segments.
Interface Mappings
Interface numbering: 32-bit number (RFC2863). Ingress or egress is defined by source/destination route in flow container. Interface index is derived from route type and destination system ID or interface for direct traffic. The same mapping must be used for SNMP interface table (ifTable - RFC1213).
0..7 0..7 0..16 destination_type reserved destination_if_idx
destination_type:
- E2E
- E2DC
- CLOUD
- ANY/DIRECT
destination_if_idx:
- E2E, E2DC, CLOUD: map(next_hop_id) -> if_idx
- ANY/DIRECT: map(link_logical_id) -> if_idx
Filtering
Allow Netflow to be filtered by:
- ingressVRFID (or all segments)
- ApplicationID
- sourceIPv4Address (mask)
- destinationIPv4Address (mask)
- protocolIdentifier