Create NetFlow Session for Virtual Environment

Note:  This configuration is applicable only when using NetVUE Base Bundle.

To create an NetFlow session, follow these steps:

  1. Drag and drop Application Metadata from APPLICATIONS to the graphical workspace.
  2. Click the Application Metadata application and select Details. The Application quick view appears.
  3. In the Application quick view, enter or select the following details in the General tab:

    Parameter

    Description

    Name

    Enter a name for the application.

    Description

    Enter the description.

    Application Metadata Settings

    Flow Direction

    Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.

    Timeout

    Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.

    Data Link

    If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.

    Observation ID

    Enter a value to identify the source from where the metadata is collected. The range is from 0 to 255. The calculated value of Observation Domain Id in Hexadecimal is 00 01 02 05, and in Decimal is 66053.

    Advanced Settings

    Number of Flows

    The number of flows supported by the application.
    Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.

      Cloud Platform

    Instance Size

    Maximum Number of Flows

    VMware

    Large (8 vCPU and 16 GB RAM)

    200k

    AWS

    AMD - Large (c5n.2xlarge)

    300k

    AMD - Medium (t3a.xlarge)

    100k

    ARM - Large (c7gn.2xlarge)

    100k

    ARM - Medium (m7g.xlarge)200k

    Azure

    Large (Standard_D8s_V4)

    500k

    Medium (Standard_D4s_v4)

    100k

    Nutanix

    Large (8 vCPU and 16 GB RAM)

    200k

    Note:  Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.

    Note:  When using NetVUE Base Bundle, Multi-Collect, Fast Mode, and Aggregate round-trip time fields are disabled.

  4. In the Application quick view, enter or select the following details in the Exporters tab:

    Parameter

    Description

    Exporter Name

    Enter a name for the Exporter.

    Actions

    Using this option, you can perform the following functions:

    Add Exporter - Use to add a new Exporter to this Application Metadata Intelligence Application
    Apply Template - Use to select the tool template.Refer to Tool Templates for more details on what are tool templates and to create custom tool templates.
    Save as New Template - Use to save the current configuration as a new custom tool template.
    Delete this Exporter - Use to delete the Exporter.

    APPLICATION ID

    Enable to export the data with Application Id.

    Format

    Select NetFlow

    NetFlow: Select this option to use NetFlow

    Record / Template type

    Segregated - The application-specific attributes and the generic attributes will be exported as individual records to the tool.
    Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool.

    Active Timeout

    Enter the active flow timeout value in seconds.

    Inactive Timeout

    Enter the inactive flow timeout in seconds.

    Version

    Select the NetFlow version.

    Template Refresh Interval

    Enter the time interval at which the template must be refreshed in seconds

    APPLICATION & ATTRIBUTES:

    Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application. (Not applicable when using Netflow V5, V9, Netflow IPFIX(V10), or CEF when the flow direction is Uni-Directional in the above Template drop-down menu.)

    Add Application

    Click on the Add Application button. The Add Application dialog box opens.

    Select a Type. The available options are:

    • Application Family: Each application is mapped only mapped to one Application Family

    ■  Select an Application Family and the Applications that needs to be filtered from the traffic.
    ■  Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.
    • Application Tag: Each application can be mapped to one or more Application Tags.

    ■  Select an Application Tag and the Applications that needs to be filtered from the traffic.
    ■  Attributes for the selected application is displayed in the Attribute column. You can select the required attributes.

    NETWORK & TRANSPORT PARAMETERS:

    Select the Network and the transport packet attributes with the respective parameters

    Data Link

    Select any one of the parameters such as Source MAC Address, Destination MAC Address and VLAN.

    Interface

    Select any one of the parameter such as Input Physical, Output Physical and Input Name.

    IP

    Select the parameter as Version if required.

    IPv4

    Select the required attributes. By default, Source Address, Destination Address, and Protocol are enabled.

    IPv6

    Select the required attributes. By default, Source Address, Destination Address, and Next Header are enabled.

    Transport

    Select the required attributes. By default, Source Port, Destination Port are enabled.

    Counter

    Select the Bytes, and Packets.

    Timestamp

    Select the required timestamp such as System Uptime First, Flow Start, System Uptime Last, and Flow End.

    Flow

    Select the parameter as End Reason if required.

    GTP-U

    Select the required parameters such as QFI and TEID.

    Outer IPv4

    Select any one of the parameter such as Source or Destination.

    Outer IPv6

    Select any one of the parameter such as Source or Destination.

  5. Click Save.