It's Virtually Pain-Free: Netflow and Cisco's Nexus 1000V

Plixer's Mike Patterson gives us a tutorial on watching the bits fly by...virtually!

Those of you who also read Brad Reese's blog here will recall that from time-to-time, he'd feature a choice and timely piece of information regarding NetFlow and other aspects of router/switch configuration. Just as Cisco breaks news recently about the Nexus 1000V, Mike Patterson breaks out a tutorial for those of us needing to configure NetFlow. Mike?

Plixer's Michael Patterson

Cisco's Nexus 1000V switches are virtual machine access switches, an intelligent software switch implementation for VMWare's vSphere environments running the Cisco NX-OS operating system. In this post, I will outline how to configure them to export NetFlow.

When we set this up for the customer, the Nexus 1000 was running version 4.0(4)SV1(2). We configured it to export NetFlow 9 via Flexible NetFlow. The process to set this up is similar to setting up NetFlow on the Nexus 7000. The steps to configure Flexible NetFlow are:

  1. Create a Flow Record (e.g. netflow-original) and specify the fields that you want exported (we’ll use the default).

  2. Create a Flow Exporter (e.g. scrutinizer) that specifies where and how the NetFlow is to be sent.

  3. Create a Flow Monitor (e.g. tie the Flow Record to the Flow Exporter).

  4. Map the Flow Monitor to selected interfaces.

Create a Flow Record

A flow record must be created. On the Nexus there are some predefined records (e.g. netflow-original) which contain all of the available options for creating a flow record. Because all available options are used in the "netflow-original" record, we have used this record in the example below.

Create a Flow Exporter

We defined a flow exporter called flow_export_scrutinizer. This flow exporter will be assigned to a flow monitor. We added the NetFlow option templates (exporter-stats and interface-table). These kick out new templates which contain information about all exported statistics and interface name details. It should be noted that if a transport udp port is not specified, the default used is 9995.

flow exporter flow_export_scrutinizer 

description Export NetFlow to Scrutinizer  

destination 10.10.91.77

source mgmt0

version 9

template data timeout 300

option exporter-stats timeout 60

option interface-table timeout 3600

Create a Flow Monitor

Next we created a flow monitor called v9_standard. The monitor is applied to individual interfaces or port-profiles. The flow monitor includes a defined flow exporter, a flow record (netflow-original in this case), a timeout and a cache size.

flow monitor v9_standard

description in_out_traffic

record netflow-original

exporter flow_export_scrutinizer

timeout active 60

cache size 4096

Map the Flow Monitor

Finally you need to apply your monitor to an interface or a port-profile. In this instance, as port-profiles are used extensively, we applied the monitor to the profiles.

port-profile type vethernet 72-General-Server

description VLAN 72 General Servers

vmware port-group VLAN-72-General-Server

vmware max-ports 480

switchport mode access

switchport access vlan 72

ip flow monitor v9_standard input

ip flow monitor v9_standard output

no shutdown

state enabled

port-profile type vethernet 78-General-Server

description VLAN 78 General Servers

vmware port-group VLAN-78-General-Server

vmware max-ports 240

switchport mode access

switchport access vlan 78

ip flow monitor v9_Standard input

ip flow monitor v9_Standard output

no shutdown

state enabled

port-profile type vethernet 79-Exchange-Server

description VLAN 79 Exchange Servers

vmware port-group VLAN-79-Exchange-Server

vmware max-ports 240

switchport mode access

switchport access vlan 79

ip flow monitor v9_Standard input

ip flow monitor v9_Standard output

no shutdown

state enabled

port-profile type vethernet 86-Enterprise-Servers

description VLAN 86 Enterprise Servers

vmware port-group VLAN-86-Enterprise-Server

vmware max-ports 240

switchport mode access

switchport access vlan 86

ip flow monitor v9_Standard input

ip flow monitor v9_Standard output

no shutdown

state enabled

rt-profile type vethernet 88-Oracle-Servers

description VLAN 88 Oracle Servers

vmware port-group VLAN-88-Oracle-Server

vmware max-ports 240

switchport mode access

switchport access vlan 88

ip flow monitor v9_Standard input

ip flow monitor v9_Standard output

no shutdown

Below you can see the virtual interface definitions and which port profile they are using:

interface Vethernet1

inherit port-profile 72-General-Server

description oit-isa1as64w8k, Network Adapter 1

vmware dvport 2112

interface Vethernet2

inherit port-profile 72-General-Server

description oit-isa1ascwtst, Network Adapter 1

vmware dvport 2124

interface Vethernet3

inherit port-profile 72-General-Server

description oit-isa1asw8kts, Network Adapter 1

vmware dvport 2142

interface Vethernet4

inherit port-profile 72-General-Server

description oit-isa1asw2kvm, Network Adapter 1

vmware dvport 2144

interface Vethernet5

inherit port-profile 72-General-Server

description oit-isa1ascogt1, Network Adapter 1

vmware dvport 2125

interface Vethernet6

inherit port-profile 72-General-Server

description oit-isa1asinet2, Network Adapter 1

vmware dvport 2118

interface Vethernet7

inherit port-profile 72-General-Server

description DOT0ISA1ASIIS03, Network Adapter 1

vmware dvport 2147

interface Vethernet8

inherit port-profile 72-General-Server

description oit-isa1astdwis, Network Adapter 1

vmware dvport 2149

interface Vethernet10

inherit port-profile 72-General-Server

description oit-isa1trackit, Network Adapter 1

vmware dvport 2146

Once the data is coming into your NetFlow collector (e.g. Scrutinizer) you can view the data.

Scrutinizer output

Please contact Plixer with any of your network traffic monitoring needs.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT