Analyze virtual machine IP traffic that flows through a vSphere Distributed Switch by sending reports to a NetFlow collector.
vSphere Distributed Switch supports IPFIX (NetFlow version 10).
Note: To configure IPFIX on a vSphere Distributed Switch backed by ESXi on DPU, you must create vmknic on ops TCP/IP stack. Else, the flow information is not exported to collector.
Procedure
- On the vSphere Client Home page, click Networking and navigate to the distributed switch.
- From the Actions menu, select .
- Type the Collector IP address and Collector port of the NetFlow collector.
You can contact the NetFlow collector by IPv4 or IPv6 address.
- Set an Observation Domain ID that identifies the information related to the switch.
- To see the information from the distributed switch in the NetFlow collector under a single network device instead of under a separate device for each host on the switch, type an IPv4 address in the Switch IP address text box.
- (Optional) In the Active flow export timeout and Idle flow export timeout text boxes, set the time, in seconds, to wait before sending information after the flow is initiated.
- (Optional) To change the portion of data that the switch collects, configure Sampling Rate.
The sampling rate represents the number of packets that NetFlow drops after every collected packet. A sampling rate of
x instructs NetFlow to drop packets in a
collected packets:
dropped packets ratio 1:
x. If the rate is 0, NetFlow samples every packet, that is, collect one packet and drop none. If the rate is 1, NetFlow samples a packet and drops the next one, and so on.
- (Optional) To collect data on network activity between virtual machines on the same host, enable Process internal flows only.
Collect internal flows only if NetFlow is enabled on the physical network device to avoid sending duplicate information from the distributed switch and the physical network device.
- Click OK.
What to do next
Enable NetFlow reporting for traffic from virtual machines connected to a distributed port group or a port. See Manage NetFlow Monitoring on a Distributed Port Group or Distributed Port.