Blog :: Network Operations

vSphere Configure Netflow

Today we are going to take a look at how to configure NetFlow so that you can gain visibility into your vSphere virtual distributed switches.

Efficient traffic management requires usable and relevant information from all points on the network. Collecting NetFlow provides an efficient means to identify inappropriate behavior, problems and discrepancies.

NetFlow exports details on all of the traffic flowing through the device. By collecting all of the traffic details, you gain full visibility into all of the conversations traversing a network. By using an advanced monitoring solution, you can report and filter on anything occurring on the network. Security forensics and incident response using NetFlow becomes possible because we leverage the flows to aid in detecting advanced persistent threats that may be resident in the conversations taking place on the network.

By configuring your distributed virtual switch to send NetFlow statistics,  you gain insight into the traffic and added security in virtual environments. To be more specific, you will be able to monitor virtual host traffic on the same host, on different hosts, and to devices outside the virtual environment.

Let’s take a look at how to get this set up.

  • Log in to the vSphere Web Client and navigate to the Networking section.
  • Select the Distributed Switch Object that you want to configure, and go to Manage.
  • From the settings tab, click on NetFlow, and then click on Edit.
  • On the edit settings window, enter the IP address of the NetFlow collector, the port the it is listening on, and then the IP address of the vSphere distributed switch.

I would recommend that you configure the default values for active and inactive timeouts, and sampling.
The option – Process internal flows only, collects data only on network activity between virtual machines on the same host.

Now that the NetFlow is configured on the distributed switch, the next step is to configure NetFlow on the port groups from which we need to collect the data.

To do this:

  • Right click on the distributed switch, and click on Manage Distributed Port Groups.
  • Select Monitoring, then click on Next

  • Select the port groups that you want to enable NetFlow on.

vSphere - Enable NetFlow on Port Groups

  • Click on Next, and then enable NetFlow.
  • Click Next to review the settings, and then Finish.

I think that it is pretty safe to say that almost every network in the world suffers from either application performance problems or malware infections. Companies need to make sure that they have a reliable incident response system and visibility into all of the traffic traversing all points on the network. When security professionals need to go back in time and view a communication pattern, they can find the flows that contain the conversations that they want to investigate.

Do you need better security and traffic visibility on your virtual environments? Call us and we can help you with your vSphere NetFlow configuration.