As part of the Network Monitoring and Troubleshooting features, vSphere 5 provides NetFlow and Port Mirroring capabilities. In this blog entry I will discuss the NetFlow feature that is available in vSphere 5.
NetFlow
NetFlow is a networking protocol that collects IP traffic information as records and sends them to a collector such as CA NetQoS for traffic flow analysis. VMware vSphere 5 supports NetFlow v5, which is the most common version supported by network devices. NetFlow capability in the vSphere 5 platform provides visibility into virtual infrastructure traffic that includes
• Intrahost virtual machine traffic (virtual machine–to–virtual machine traffic on the same host)
• Interhost virtual machine traffic (virtual machine–to–virtual machine traffic on different hosts)
• Virtual machine to physical infrastructure traffic
Figure below shows a Distributed Switch configured to send NetFlow records to a collector that is connected to an external physical network switch. The blue dotted line with arrow indicates the NetFlow session that is established to send flow records for the collector to analyze.
Usage
NetFlow capability on a Distributed Switch along with a NetFlow collector tool helps monitor application flows and measures flow performance over time. It also helps in capacity planning and ensuring that I/O resources are utilized properly by different applications, based on their needs.
IT administrators who want to monitor the performance of application flows running in the virtualized environment can enable flow monitoring on a Distributed Switch.
Configuration
NetFlow on Distributed Switches can be enabled at the port group level, at an individual port level or at the uplink level. When configuring NetFlow at the port level, administrators should select the NetFlow override tab, which will make sure that flows are monitored even if the port group–level NetFlow is disabled.
The NetFlow configuration screen below shows the different parameters that can be controlled during the setup.
1. The Collector Settings of IP address and Port should be configured according to the information collected about the collector tool installed in your environment.
2. The Advanced Settings parameters allow you to control the timeout and sampling rate for the flows. To change the amount of information that is collected for a flow, you can change the sampling rate. For example, a sampling rate of 2 indicates that the VDS will collect data from every other packet. You can also modify the Idle flow export timeout values.
3. The VDS IP address configuration is useful when you want to see all flow information in the collector tool as part of one VDS IP address and not as a separate host management network IP address. In this example screen shot, because the VDS IP address is not entered, the collector tool will provide flow details under each host’s management network IP address.
You can also monitor only internal flows of the virtual infrastructure by checking “Process Internal flows only” box.
I almost always get the question about the CPU impact of enabling NetFlow feature. Just wanted to address that while I am on this topic. Answer is, it all depends on how many flows you have in your environment and what traffic rate they are operating at. If you think you have lot many flows in your environment and are concerned about CPU resources, you can use the controls provided in the NetFlow setup to choose which flows gets monitored. For example, you can change the sampling rate or choose to monitor only internal flows. Also, you can selectively enable or disable NetFlow on a port group or a port.
As customers move to virtualize Tier 1 applications, they need the proper tools to manage the SLA requirements of these applications. NetFlow feature on vSphere 5 platform helps in monitoring these tier 1 application flows and also helps in capacity planning of network resources.
In the next post I will talk about the Port-mirroring feature