Those of you who also read Brad Reese's blog here will recall that from time-to-time, he'd feature a choice and timely piece of information regarding NetFlow and other aspects of router/switch configuration. Just as Cisco breaks news recently about the Nexus 1000V, Mike Patterson breaks out a tutorial for those of us needing to configure NetFlow. Mike?
Cisco's Nexus 1000V switches are virtual machine access switches, an intelligent software switch implementation for VMWare's vSphere environments running the Cisco NX-OS operating system. In this post, I will outline how to configure them to export NetFlow.
When we set this up for the customer, the Nexus 1000 was running version 4.0(4)SV1(2). We configured it to export NetFlow 9 via Flexible NetFlow. The process to set this up is similar to setting up NetFlow on the Nexus 7000. The steps to configure Flexible NetFlow are:
Create a Flow Record (e.g. netflow-original) and specify the fields that you want exported (we’ll use the default).
Create a Flow Exporter (e.g. scrutinizer) that specifies where and how the NetFlow is to be sent.
Create a Flow Monitor (e.g. tie the Flow Record to the Flow Exporter).
Map the Flow Monitor to selected interfaces.
Create a Flow Record
A flow record must be created. On the Nexus there are some predefined records (e.g. netflow-original) which contain all of the available options for creating a flow record. Because all available options are used in the "netflow-original" record, we have used this record in the example below.
Create a Flow Exporter
We defined a flow exporter called flow_export_scrutinizer. This flow exporter will be assigned to a flow monitor. We added the NetFlow option templates (exporter-stats and interface-table). These kick out new templates which contain information about all exported statistics and interface name details. It should be noted that if a transport udp port is not specified, the default used is 9995.
flow exporter flow_export_scrutinizer
description Export NetFlow to Scrutinizer
destination 10.10.91.77
source mgmt0
version 9
template data timeout 300
option exporter-stats timeout 60
option interface-table timeout 3600
Create a Flow Monitor
Next we created a flow monitor called v9_standard. The monitor is applied to individual interfaces or port-profiles. The flow monitor includes a defined flow exporter, a flow record (netflow-original in this case), a timeout and a cache size.
flow monitor v9_standard
description in_out_traffic
record netflow-original
exporter flow_export_scrutinizer
timeout active 60
cache size 4096
Map the Flow Monitor
Finally you need to apply your monitor to an interface or a port-profile. In this instance, as port-profiles are used extensively, we applied the monitor to the profiles.
port-profile type vethernet 72-General-Server
description VLAN 72 General Servers
vmware port-group VLAN-72-General-Server
vmware max-ports 480
switchport mode access
switchport access vlan 72
ip flow monitor v9_standard input
ip flow monitor v9_standard output
no shutdown
state enabled
port-profile type vethernet 78-General-Server
description VLAN 78 General Servers
vmware port-group VLAN-78-General-Server
vmware max-ports 240
switchport mode access
switchport access vlan 78
ip flow monitor v9_Standard input
ip flow monitor v9_Standard output
no shutdown
state enabled
port-profile type vethernet 79-Exchange-Server
description VLAN 79 Exchange Servers
vmware port-group VLAN-79-Exchange-Server
vmware max-ports 240
switchport mode access
switchport access vlan 79
ip flow monitor v9_Standard input
ip flow monitor v9_Standard output
no shutdown
state enabled
port-profile type vethernet 86-Enterprise-Servers
description VLAN 86 Enterprise Servers
vmware port-group VLAN-86-Enterprise-Server
vmware max-ports 240
switchport mode access
switchport access vlan 86
ip flow monitor v9_Standard input
ip flow monitor v9_Standard output
no shutdown
state enabled
rt-profile type vethernet 88-Oracle-Servers
description VLAN 88 Oracle Servers
vmware port-group VLAN-88-Oracle-Server
vmware max-ports 240
switchport mode access
switchport access vlan 88
ip flow monitor v9_Standard input
ip flow monitor v9_Standard output
no shutdown
Below you can see the virtual interface definitions and which port profile they are using:
interface Vethernet1
inherit port-profile 72-General-Server
description oit-isa1as64w8k, Network Adapter 1
vmware dvport 2112
interface Vethernet2
inherit port-profile 72-General-Server
description oit-isa1ascwtst, Network Adapter 1
vmware dvport 2124
interface Vethernet3
inherit port-profile 72-General-Server
description oit-isa1asw8kts, Network Adapter 1
vmware dvport 2142
interface Vethernet4
inherit port-profile 72-General-Server
description oit-isa1asw2kvm, Network Adapter 1
vmware dvport 2144
interface Vethernet5
inherit port-profile 72-General-Server
description oit-isa1ascogt1, Network Adapter 1
vmware dvport 2125
interface Vethernet6
inherit port-profile 72-General-Server
description oit-isa1asinet2, Network Adapter 1
vmware dvport 2118
interface Vethernet7
inherit port-profile 72-General-Server
description DOT0ISA1ASIIS03, Network Adapter 1
vmware dvport 2147
interface Vethernet8
inherit port-profile 72-General-Server
description oit-isa1astdwis, Network Adapter 1
vmware dvport 2149
interface Vethernet10
inherit port-profile 72-General-Server
description oit-isa1trackit, Network Adapter 1
vmware dvport 2146
Once the data is coming into your NetFlow collector (e.g. Scrutinizer) you can view the data.
Please contact Plixer with any of your network traffic monitoring needs.