vRNI is functioning great for the most part after installation, but I'm currently having an issue where I'm seeing SOME flows, but not ALL flows.
I have logged into the VM and ran a pcap and I see data coming in from the internet to a smtp server, but there is not netflow/ipfix data for that flow showing up in vRNI. I do see some flows from this VM coming from the vds, but there are flows that I see taking place on the VM that aren't being sent to vRNI.
This is problematic, because if we're not capturing 100% of the flows my customer loses confidence in the product as a whole. It's also not really safe to begin configuring firewall rules based on vRNI if I can't guarantee 100% accuracy of flow reporting.
Is there a reason i'd only be seeing some of the flows and not others?
If you are ,manually enabling the IPFIX on the DVS rather than having vRNI enable this during the addtion of the data source you will encounter issue's like this. We would recommend you remove the data source and re-add it allowing vRNI to enable the IPFIX function on the DVS.
If you are ,manually enabling the IPFIX on the DVS rather than having vRNI enable this during the addtion of the data source you will encounter issue's like this. We would recommend you remove the data source and re-add it allowing vRNI to enable the IPFIX function on the DVS.
Thanks. That's the behavior that I saw.
Any reason as to why manually enabling doesn't work? I would think if I'm sending flows to a netflow collector it should be getting all of those no matter what.
I'm glad I have a resolution, but it'd be cool to understand the difference between setting up a "Data source" in vRNI and just manually configuring IPFIX/Netflow.
Did it really fix your issue ?
The way we enable IPFIX should not impact the way we collect the flows..