2 Replies Latest reply on Jul 9, 2019 11:46 PM by tmichaeli

    How to find flows in VRNI that are or are not RFC1918?

    vmmedmed Novice

      I tried to make a query where Destination IP matched 10.* or did not match 10.*. This

      failed as there was only an = or != following Destination IP. For a microsegmentation

      project I'm trying narrow the number of flows that get exported by, for example,

      excluding all flows from a particular Security Group to the Internet.I'm just interested

      flows internal to the company. Is there a way that I could filter based on IP range?

        • 1. Re: How to find flows in VRNI that are or are not RFC1918?
          vmmedmed Novice

          With some more experimenting this morning I found the answer:

           

          For internal private traffic:

           

          flow where Destination IP Address = 10.0.0.0/8 or Destination IP Address = 172.16.0.0/12 or Destination IP Address = 192.168.0.0/16

           

          For Internet bound traffic it looks like:

           

          flow where Destination IP Address != 10.0.0.0/8 and Destination IP Address != 172.16.0.0/12 and Destination IP Address != 192.168.0.0/16

           

          This will result also in showing multicast traffic. But that could then be filtered in like fashion or kept as needed.

           

          ..and now I know.

          • 2. Re: How to find flows in VRNI that are or are not RFC1918?
            tmichaeli Novice
            VMware Employees

            For Internet flows, would following query be more easier?

            flow where Flow Type = 'Destination is Internet'

             

            for RFC

            flow where Flow Type = 'Switched' or Flow Type = 'Routed'

            1 person found this helpful