VMware Cloud Community
orhiee
Contributor
Contributor
Jump to solution

esx 6.5 cant get netflow - have vcenter and followed the docs

Hello,

well i have a esxi 6.5 with vcenter 6.5 (runnig on windows)

I have multiple distributed switches with 2 port groups each, 1 for network 1 for span (using it as a hub to get the all traffic from the switch), and all switches are connected via a firewall on the port group

i have been going over the docs and tutorials online and did the usual: set the setting on switch and enabled on the portgroup, but i dont recevice any data

the tcp dump on the netflow collector has no data coming in (nmap shows te port is open and can see data on port via tcpdump during scan)

the firewall logs are empty, the bro logs are empty and dont show any thing on that port

i am very stuck and any help would be appreciated

thanks

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
orhiee
Contributor
Contributor
Jump to solution

So apparently you also have to enable netflow on the uplink as well, then all is fine Smiley Happy

so set Distributed virtual switch settings,

set port group settings

set uplink settings

ps. by set i mean enable netflow Smiley Happy

View solution in original post

Reply
0 Kudos
5 Replies
jhboricua
Enthusiast
Enthusiast
Jump to solution

There's hardly any information on your post to make a guess. You need to post more detailed info of how you configured this.

Reply
0 Kudos
orhiee
Contributor
Contributor
Jump to solution

okidoki letme start from the begining:

1 esx server connected to a vcenter server (all 6.5)

-the vcenter is a VM inside the esx running on w2k12

on the Data-center (just 1 esx) i have 5 distributed switches with 2 port groups each

-example of switch:

     port group 1 - for normal vm to vm networking

     port group 2 - security security settings disabled, so it acts like a hub so i can see the whole traffic going trough "port gorup 1"

all the port group 1 for each switch are connected thought a firewall (the firewall is also a vm on the esx)

so to get netflow: (based on VMware vSphere 6.5 Documentation Library)

-i opened the distrubuted swith settings: set netflow collecter ip and port,

-i opened the portgorup 1 settings and enabled monitoring and netflow

But i am not receiving any data on the netflow collector (looking with tcpdump)

- the netflow collecter is on the same switch port group 1,

- the netflow colleceter firewall settting are checked

hoping that clears it Smiley Happy 

Reply
0 Kudos
jhboricua
Enthusiast
Enthusiast
Jump to solution

Gotcha.

Did you set a valid IP address for the distributed switch itself in the Netflow settings? Can you elaborate on what is software/platform the collector runs on?

Reply
0 Kudos
orhiee
Contributor
Contributor
Jump to solution

tanks for the response,

i did try it with both the ip set and with no ip set (its not a must to set it up)

the collector runs on win10 with manageEngine collector,

how ever for debugging i set the ip to a linux servers and ran tcpdump, but no data was being delivered to the listening port (did check if the port was open etc)

looking for something else, i found that there are vlan and netflow settings defined in the "uplink"s which was disabled by default. although i didnt have time to check it i am hoping thats blocking the transmission (however it doesnt make much sense because destination is on the same switch so why use uplink but we shall see)

Reply
0 Kudos
orhiee
Contributor
Contributor
Jump to solution

So apparently you also have to enable netflow on the uplink as well, then all is fine Smiley Happy

so set Distributed virtual switch settings,

set port group settings

set uplink settings

ps. by set i mean enable netflow Smiley Happy

Reply
0 Kudos