Configure Netflow Settings

In an Enterprise network, Netflow monitors traffic flowing through SD-WAN Edge and exports Internet Protocol Flow Information Export (IPFIX) information directly from SD-WAN Edge to one or more Netflow collectors. IPFIX is an IETF protocol that defines the standard of exporting flow information from an end device to a monitoring system. VMware supports IPFIX version 10 to export IP flow information to a collector. Generally, an IP flow is identified by five tuples namely: Source IP, Destination IP, Source Port, Destination Port, and Protocol. But the Netflow records that are exported by SD-WAN Edge aggregates the source port. This means that data of different flows that have same source and destination IPs, same destination port, but different source ports will be aggregated.

The SASE Orchestrator allows you to configure Netflow collectors and filters as network services at the Profile, Edge, and Segment level. You can configure a maximum of two collectors per Segment and eight collectors per Profile and Edge. Also, you can configure a maximum of 16 filters per collector.

Procedure

In the SD-WAN service of the Enterprise portal, go to Configure > Network Services.
The Network Services page appears.
To configure a collector, scroll down to the Network Management category and click Netflow.
Under Collectors, click the + New. The New Collector dialog box appears.
1. In the Collector Name text box, enter a unique name for the collector.
2. In the Collector IP text box, enter the IP address of the collector.
3. In the Collector Port text box, enter the port ID of the collector.
4. Click Save Changes.
  Under Network Services, the newly added collector appears in the Collector table.
SASE Orchestrator allows filtering of traffic flow records by source IP, destination IP, and application ID associated with the flow.

Note: Netflow filters are not applicable for the SD-WAN Control, Overflow, and Private data.

To configure a Netflow filter, under Filters click the +New button. The Add Filter dialog box appears.
1. In the Filter Name text box, enter a unique name for the filter.
2. In the Match tab, click Define to define per collector filtering rules to match by source IP or destination IP or application associated with the flow, or click Any to use any of the source IP or destination IP or application associated with the flow as the match criteria for Netflow filtering.
3. In the Action tab, select either Allow or Deny as the filter action for the traffic flow, and click OK.
  
  Under Network Services, the newly added filter appears in the Filter table.

Results

At the Profile and Edge level, the configured collectors and filters appears as a list under the Netflow area in the Device tab.

While configuring a Profile or Edge, you can either select a collector and filter from the available list or add a new collector and a filter. For steps, see Configure Netflow Settings for Profiles.
To override Netflow settings at the Edge level, see Configure Netflow Settings for Edges.

After you enable Netflow on the SD-WAN Edge, it periodically sends messages to the configured collector. The contents of these messages are defined using IPFIX templates. For more information on templates, see IPFIX Templates.