Enabling NetFlow on a vSwitch

With the increasing popularity of vSwitches; some of you may be asking “how do I go about enabling NetFlow / IPFIX in a virtual environment?” Well today, I’m going to help answer that question for not one, but 3 of the most popular virtual switches: OpenVSwitch, VMware vSphere, and the Cisco Nexus 1000v.

OpenVSwitch ( Xen ):

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is currently included with the Xen Hypervisor and has been gaining a lot of popularity in the vswitch world. Open VSwitch monitoring can be a very valuable resource in solving virtual network issues.

OpenVSwitch NetFlow Configuration:

root@XorPlus# ovs-vsctl –db=tcp:10.10.50.215:6633 — set Bridge br0 netflow=@nf — –id=@nf

create NetFlow targets=\”10.10.50.207:2055\” active-timeout=1

root@XorPlus#

In above CLI, the parameter is shown as following:

COLLECTOR_IP=10.10.50.207

COLLECTOR_PORT=2055

ACTIVE_TIMEOUT=1

VMware vSphere ESX v5.1:

The vSphere Distributed Switch provides rich monitoring and troubleshooting capabilities. Added in version 5.1 was vSphere IPFIX support which makes for better details in its flow exports.

VMware IPFIX configuration:

First, edit the settings of the distributed switch by right clicking on your virtual switch; then click on the 4^th tab over labeled “NetFlow”. IPFIX on Distributed Switches can be enabled at the port group level, at an individual port level or at the uplink level.

If you configure IPFIX export here first, be sure to ENABLE NetFlow at the port group level, at an individual port level or at the uplink level.

The NetFlow configuration screen shows the different parameters that can be controlled during the setup.

1.      The Collector Settings of IP address and Port should be configured according to the information collected about the collector tool installed in your environment.

2.      The Advanced Settings parameters allow you to control the timeout and sampling rate for the flows. To change the amount of information that is collected for a flow, you can change the sampling rate. For example, a sampling rate of 2 indicates that the Virtual Distributed Switch (VDS) will collect data from every other packet. You can also modify the Idle flow export timeout values.

3.      The VDS IP address configuration is useful when you want to see all flow information in the collector tool as part of one VDS IP address and not as a separate host management network IP address.

If the VDS IP address is left blank each virtual machine will appear as a separate exporter at the collector.

When configuring IPFIX at the port level, administrators should select the NetFlow override tab, which will make sure that flows are monitored even if the port group–level IPFIX is disabled.

Nexus 1000v:

Cisco Nexus 1000V Series Switches provide a comprehensive and extensible architectural platform for virtual machine (VM) and cloud networking. Cisco is the organization who invented NetFlow and was the first to have virtual NetFlow support. The 1000v NetFlow configuration is very similar to its hardware based Nexus 7000 cousin.

Nexus 1000v Netflow configuration:

Configuring virtual switch NetFlow is very easy no matter what Hypervisor you are monitoring. NetFlow technology doesn’t only provide valuable information about virtual network issues but it can help keep the network secure by performing behavioral analysis and IP reputation checking on the network as a whole. Are you taking full advantage of the monitoring features available in your vSwitch solution? Please share your success stories in the comments below.

October 30th, 2013 Update on this topic!