Create NetFlow Session for Virtual Environment
Note: This configuration is applicable only when using NetVUE Base Bundle.
To create an NetFlow session, follow these steps:
- Drag and drop Application Metadata from APPLICATIONS to the graphical workspace.
- Click the Application Metadata application and select Details. The Application quick view appears.
- In the Application quick view, enter or select the following details in the General tab:
Parameter
Description
Name
Enter a name for the application.
Description
Enter the description.
Application Metadata Settings
Flow Direction
Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.
Timeout
Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.
Data Link
If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.
Observation ID
Enter a value to identify the source from where the metadata is collected. The range is from 0 to 255. The calculated value of Observation Domain Id in Hexadecimal is 00 01 02 05, and in Decimal is 66053.
Advanced Settings
Number of Flows
The number of flows supported by the application.
Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.Cloud Platform Instance Size
Maximum Number of Flows
VMware
Large (8 vCPU and 16GB RAM)
200k
AWS
AMD - Large (c5n.2xlarge)
300k
AMD - Medium (t3a.xlarge)
100k
ARM - Large (c7gn.2xlarge)
100k
ARM - Medium (m7g.xlarge) 200k Azure
Large (Standard_D8s_V4)
500k
Medium (Standard_D4s_v4)
100k
Nutanix
Large (8 vCPU and 16GB RAM)
200k
Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.. If the rate of unique UDP sessions per second exceeds the threshold—calculated as maximum number of flows per second divided by the UDP timeout value—the system may fail to classify applications correctly. In such cases, AFI may not filter packets accurately, resulting in incorrect packet passes or drops. However, this limitation does not apply to DNS flows. Note: When using NetVUE Base Bundle, Multi-Collect, Fast Mode, and Aggregate round-trip time fields are disabled.
- In the Application quick view, enter or select the following details in the Exporters tab:
Parameter
Description
Exporter Name
Enter a name for the Exporter.
Actions
Using this option, you can perform the following functions:
Add Exporter - Use to add a new Exporter to this Application Metadata Intelligence Application Apply Template - Use to select the tool template.Refer to Create Custom Tool Templates for more details on what are tool templates and to create custom tool templates. Save as New Template - Use to save the current configuration as a new custom tool template. Delete this Exporter - Use to delete the Exporter. APPLICATION ID
Enable to export the data with Application Id.
Format
Select NetFlow
NetFlow: Select this option to use NetFlow
Record / Template type
Segregated - The application-specific attributes and the generic attributes will be exported as individual records to the tool. Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool. Active Timeout
Enter the active flow timeout value in seconds.
Inactive Timeout
Enter the inactive flow timeout in seconds.
Version
Select the NetFlow version.
Template Refresh Interval
Enter the time interval at which the template must be refreshed in seconds
APPLICATION & ATTRIBUTES:
Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application. (Not applicable when using Netflow V5, V9, Netflow IPFIX(V10), or CEF when the flow direction is Uni-Directional in the above Template drop-down menu.)
Add Application
Click on the Add Application button. The Add Application dialog box opens.
Select a Type. The available options are:
Application Family: Each application is mapped only mapped to one Application Family
■ Select an Application Family and the Applications that needs to be filtered from the traffic. ■ Attributes for the selected application is displayed in the Attribute column. You can select the required attributes. Application Tag: Each application can be mapped to one or more Application Tags.
■ Select an Application Tag and the Applications that needs to be filtered from the traffic. ■ Attributes for the selected application is displayed in the Attribute column. You can select the required attributes. NETWORK & TRANSPORT PARAMETERS:
Select the Network and the transport packet attributes with the respective parameters
Data Link
Select any one of the parameters such as Source MAC Address, Destination MAC Address and VLAN.
Interface
Select any one of the parameter such as Input Physical, Output Physical and Input Name.
IP
Select the parameter as Version if required.
IPv4
Select the required attributes. By default, Source Address, Destination Address, and Protocol are enabled.
IPv6
Select the required attributes. By default, Source Address, Destination Address, and Next Header are enabled.
Transport
Select the required attributes. By default, Source Port, Destination Port are enabled.
Counter
Select the Bytes, and Packets.
Timestamp
Select the required timestamp such as System Uptime First, Flow Start, System Uptime Last, and Flow End.
Flow
Select the parameter as End Reason if required.
GTP-U
Select the required parameters such as QFI and TEID.
Outer IPv4
Select any one of the parameter such as Source or Destination.
Outer IPv6
Select any one of the parameter such as Source or Destination.
- Click Save.
