Recently we were contacted by a customer who wanted to make sure that we had Viptela IPFIX support in our IPFIX collector. Viptela was recently acquired by Cisco and exports IPFIX as part of their Software Defined Wide Area Network (SD-WAN) strategy. If Cisco’s current SD-WAN technology called IWAN becomes end of life’d and replaced with the Viptela solution, customers should be aware that the Viptela IPFIX export is significantly different from the home grown Cisco IWAN (SD-WAN) export. By the way, IWAN is basically a rename of Cisco performance routing which we started supporting back in 2011. From our observation, the Viptela flow export is a step backwards from Cisco IWAN!
List of Viptela IPFIX Elements
Both of these SD-WAN exports work with our NetFlow Reporting system without issue. Below is a list of the IPFIX elements Viptela is exporting. Notice the first element VPN Id. It is the only enterprise specific element as the rest are all IANA industry standard.
[table id=75 /]
Flow End Reason
As pointed out in the post listing all of the competing SD-WAN vendors, what is missing from all of these flow exports is “when/why traffic is rerouted.” We noticed in the above table that Viptela is exporting the ‘flowEndReason’. We need to dig into their export with some customers to ascertain whether or not they are exporting anything more than was is listed on the IANA web site:
[table id=76 /]
Certainly there is some value in the above details when exported in IPFIX however, in an SD-WAN environment, companies are going to need specific details on which applications the SD-WAN is rerouting. The Viptela exports are a far cry from the IWAN flow details. For example, customers will want to know things like:
[table id=77 /]
Application Aware would be Nice
In addition to the above, customers are going to want information regarding which applications were rerouted as not all applications are a priority. Something similar to Cisco NBAR2 would be ideal as relying on source/destination port to determine the application is not always reliable. Perhaps the Viptela element ‘VPN ID’ will provide some insight into this.
Lastly, customers are going to want to know where the flow was rerouted to and the IPFIX reporting system can provide insight into this. Contact our team to learn more about our Viptela IPFIX support. You can also read this post on SD-WAN Short Comings which goes into specific detail on what SD-WAN vendors need to export ether as IPFIX or maybe JSON if they want help customers understand what is going on in their SD-WAN.