Create NetFlow Generation Session for Virtual Environment

Note: This configuration is applicable only when using NetVUE Base Bundle.

NetFlow Generation is a simple and effective way to increase visibility into traffic flows and usage patterns across systems. The flow-generated data can be used to build relationships and usage patterns between nodes on the network.

To create an NetFlow session, follow these steps:

  1. On the left navigation pane, select Traffic > Solutions >Application Intelligence.
  2. Click Create . The Create Application Intelligence Session page appears.
  3. In the Basic Info section, enter the name and description, and in the Environment select Virtual for the session to be created.
  4. In the Environment section, select the Environment Name, and the Connection Name. To create an Environment and connection, refer to the Configure Environment section in the respective cloud guides.
  5. In the Configurations section, complete the following:
    1. The Export Interval during which you want the Application Intelligence session to generate the reports for application visualization is 5 seconds
    2. By default, Management Interface is enabled.
  6. In the Source Traffic section, select anyone of the following:
    1. Source Selector‑ Select the source from the drop-down list box. To create new source, select New Source Selector and add the filters. For more information on creating a New Source Selector, refer to Create Source Selectors.

      Note:  You cannot configure Source Selectors when you deploy the GigaVUE V Series Nodes using Third Party Orchestration in VMware ESXi Host

    2. Tunnel Specification- Select the tunnel from the drop-down list box. To create new tunnel, select New Source Tunnel Spec and add the details for the tunnel. For more information on creating a new tunnel, refer to Create Tunnel Specifications.

      Note:  Select the ens192 interface for the Tunnel Specifications from the drop-down menu when using third party orchestration. Tunnel Specification for the source must always be configured with Traffic Direction as IN, to indicate that it is an ingress tunnel. For Azure Connection, VXLAN is the only supported Tunnel Type.

    3. Raw End Point- Select the Raw End Point Interface from the drop-down menu which will tap the traffic for application monitoring.

    Note:  This field is applicable only when you deploy your GigaVUE V Series Nodes using third party orchestration in VMware ESXi Host, Nutanix and Google Cloud Platform.

  7. Click on the Application Metadata tab.
  8. In the Destination Traffic section, click + Add New to create an exporter to receive application-specific traffic. You can only create a maximum of 5 exporters. Enter the following details:
    FieldDescription
    Tool NameEnter the tool name.
    Tool IP AddressEnter the tool IP address.
    TemplateSelect the tool template. Refer to Tool Templates for more details on what tool templates are and to create custom tool templates.
    L4 Source Port

    Port from which the connection will be established to the target. For Example, if A is the source and B is the destination, this port value belongs to A.

    L4 Destination Port

    Port to which the connection will be established from the source. For Example, if A is the source and B is the destination, this port value belongs to B.

    APPLICATION IDEnable to export the data with Application Id.
    FormatNetFlow
    Record / Template type
    Segregated - The application-specific attributes and the generic attributes will be exported as individual records to the tool.
    Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool.
    Active TimeoutEnter the active timeout value in seconds.
    Inactive TimeoutEnter the inactive timeout in seconds.
    VersionSelect the NetFlow version.
    Template Refresh IntervalEnter the time interval at which the template must be refreshed in seconds.
  9. In the Advanced Settings > Collects section, the following details are already configured.

    Note:  When the template is NetFlow v5 or when the format is NetFlow and the version as V5 you cannot modify the Collects.

    • TimeStamp
    • Counter
    • Interface
    • IPv4
    • Transport
  10. In the Application Metadata Settings section:
    1. Select the Flow Behavior as any one of the following:
      • Uni-Directional
      • Bi-Directional. The default value is Bi-Directional.
    2. Enter the Timeout and Cache Size.
    3. You can enable or disable the Multi-Collect option to perform the following:
      • Enable — Enables the multi-collect of attributes within a given Metadata Store cache which means that if a configured attributes is seen in multiple packets within the same flow, each of these information is collected. By default, when a new cache is created, multi-collect is enabled. When upgraded from an older release, the multi-collect option is enabled.
      • Disable — Disables the multi-collect of attributes within a given Metadata Store cache.
    4. You can use the toggle button to enable or disable the Aggregate Mode, which is disabled by default. You need to delete the existing solution and recreate the solution to enable the Aggregate Mode. The Aggregate Mode option is applicable only for Gen 3 devices. Only one exporter is supported with the Aggregate Mode enabled.
      Protocol NameAttribute
      httprtt
      icmprtt
      icmp6rtt
      sshrtt
      tcprtt
      tcprtt_app
      telnetrtt
      wspconnect_rtt
      wspquery_rtt

      Note:  You need to enable the Aggregate Mode option to export the minimum, maximum, and mean of RTT values for the following list of supported protocols and attributes and also the aggregate of TCP Lost byte values collected per export time interval.

    5. You can enable or disable the Advance Hash option to perform the following:
      • Enable — Configures metadata cache advance-hash for encapsulated flows . This feature improves the efficiency of scheduling the distribution of encapsulated flows. It also improves the distribution of flows in service provider deployment cases. By default, when a new cache is created, advance hash is enabled. When upgraded from an older release, the advance hash is enabled.
      • Disable — Disables the metadata cache advance-hash for flows.
    6. If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.
    7. In the Observation Domain ID field, enter a value to identify the source from where the metadata is collected. The range is from 0 to 255. The calculated value of Observation Domain Id in Hexadecimal is 00 01 02 05, and in Decimal is 66053.
  11. Click Save.

NetFlow Dashboard

In Appviz, only the traffic statistics are displayed as applications cannot be configured and used in the NetFlow configuration