VMware Cloud Community
lasanthaj
Enthusiast
Enthusiast

vSphere Distributed Switch 5.5 IPFIX/Netflow Collector

Dear All,

I was trying to monitor IPFIX/Netflow on VDS 5.5 with solarwind netflow analyzer it not successful.anyone successfully monitored IPFIX/Netflow with VDS 5.5 ? please share your monitoring tool details.

Thanks & Regards,

Lasantha.

6 Replies
HeathReynolds
Enthusiast
Enthusiast

Yes, I've monitored netflow with solarwinds. You configure netflow at the

VDS level, and then have to turn it on for each port group you want.

My sometimes relevant blog on data center networking and virtualization : http://www.heathreynolds.com
lasanthaj
Enthusiast
Enthusiast

Dear Reynolds,

thanks for info..

i have configured netflow on VDS level.i got below error on solarwinds.

NTA informs you that the IPFIX template does not include required fields.

"NetFlow Receiver Service [xy] received an invalid IPFIX template with ID XX from device x.x.x.x. "

please share your solarwind version and netflow configuration .

Regards,

Lasantha.

Reply
0 Kudos
Shocko
Enthusiast
Enthusiast

I have the same issue. It's only with version 5+ dvswitches and if I monitor a version 5 dvSwitch is fine. Its because the latest dvswitches use NetFlow version 10. I've been in contact with SolarWinds and VMware and each blame the other. SolarWinds NTA latest version supports NetFlow 10 so I captured a packet trace and it seems like VMWare sending some flow data that does not adhere to the IPFIX standard with some fields missing or not as expected. These seem to relate to IPv6 so I have disabled IPv6 on my ESX hosts and I'm retesting.

Reply
0 Kudos
Shocko
Enthusiast
Enthusiast

Meant to post back here moths ago. Had an extended engagement with Solarwinds dev. here is the issue and its not fixed in NTA 4.1 either Smiley Sad

NTA does not play well with ESXi 5.1 dvSwitches (earlier switches should be fine) :

  1. Since these switches don't support SNMP, NTA cannot auto-discover them and hence the interfaces won't get managed. Lovely if you have 1000 dvSwitches!
  2. NTA offers no support for flows containing IPv6 data
  3. NTA only supports flows with data for UPD and TCP so any flows with things like ICMP will be dropped! Shame!

So, not very good in my opinion. I don't care about IPv6 but items 1 and 2 are critical in my onion.

Reply
0 Kudos
jakewilson
Contributor
Contributor

We have quite a bit of experience working with vmware IPFIX exports.  That post might help you.

Give us a holler if you need help.

Reply
0 Kudos
adiedrich
Contributor
Contributor

Hello

found your message the blog here ... we would like to know the ESX Netflow fields ? are they  identical to netflow9 or do they provide more fields beyond packets, bytes and tcp flags -

thank you

Reply
0 Kudos