Analyze virtual machine IP traffic that flows through a vSphere Distributed Switch by sending reports to a NetFlow collector.
Version 5.1 and later of vSphere Distributed Switch supports IPFIX (NetFlow version 10).
Procedure
- In the vSphere Web Client, navigate to the distributed switch.
- From the Actions menu, select .
- Type the Collector IP address and Collector port of the NetFlow collector.
You can contact the NetFlow collector by IPv4 or IPv6 address.
- Set an Observation Domain ID that identifies the information related to the switch.
- To see the information from the distributed switch in the NetFlow collector under a single network device instead of under a separate device for each host on the switch, type an IPv4 address in the Switch IP address text box.
- (Optional) In the Active flow export timeout and Idle flow export timeout text boxes, set the time, in seconds, to wait before sending information after the flow is initiated.
- (Optional) To change the portion of data that the switch collects, configure Sampling Rate.
The sampling rate represents the number of packets that NetFlow drops after every collected packet. A sampling rate of
x instructs NetFlow to drop packets in a
collected packets:
dropped packets ratio 1:
x. If the rate is 0, NetFlow samples every packet, that is, collect one packet and drop none. If the rate is 1, NetFlow samples a packet and drops the next one, and so on.
- (Optional) To collect data on network activity between virtual machines on the same host, enable Process internal flows only.
Collect internal flows only if NetFlow is enabled on the physical network device to avoid sending duplicate information from the distributed switch and the physical network device.
- Click OK.
What to do next
Enable NetFlow reporting for traffic from virtual machines connected to a distributed port group or a port. See Enable or Disable NetFlow Monitoring on a Distributed Port Group or Distributed Port.