A neat upgrade in VMwares’s vDS 5.1(vSphere) is the introduction of IPFIX. While ESX has supported NetFlow for a long time now; with version 5.1 they have joined the long list of vendors who support IPFIX. It is a more advanced and flexible protocol that enables users to define the flow records that can be collected at the VDS and sent across to a collector. The following are some key attributes of the protocol:
- Users can employ templates to define the records.
- Template descriptions are communicated by the VDS to the collector engine.
- IPv6, MPLS, VXLAN flows can be exported.
Configuring IPFIX exports for vSphere 5.1 is a very easy process, and completely replaces NetFlow in this version.
Another exciting feature in 5.1 is RSPAN. This feature allows for Port-mirroring on the vDS. Network administrators can use this feature to troubleshoot network related issues in the virtual infrastructure. Monitoring virtual machine to virtual machine traffic that is flowing on the same ESXi host. If you were to forward this to an IPFIX probe like nProbe, you could see information about all 7 layers of the network traffic exported as IPFIX to a flow collector.This information is crucial for finding issues in a virtual environment.
If you are looking to report on the syslog messages exported by your VM servers, we can help there as well. The Flow Replicator can receive all of those syslogs and forward them onto your NetFlow and IPFIX collector as IPFIX. Check this out, you can set thresholds that match on certain criteria within the log messages.
If you have any questions about IPFIX on vSphere, feel free to comment below.