Create NetFlow Generation Session for Virtual Environment
Note: This configuration is applicable only when using NetVUE Base Bundle.
NetFlow Generation is a simple and effective way to increase visibility into traffic flows and usage patterns across systems. The flow-generated data can be used to build relationships and usage patterns between nodes on the network.
To create an NetFlow session, follow these steps:
- On the left navigation pane, select Traffic > Solutions >Application Intelligence.
- Click Create . The Create Application Intelligence Session page appears.
- In the Basic Info section, enter the name and description, and in the Environment select Virtual for the session to be created.
- In the Environment section, select the Environment Name, and the Connection Name. To create an Environment and connection, refer to the Configure Environment section in the respective cloud guides.
- In the Configurations section, complete the following:
- The Export Interval during which you want the Application Intelligence session to generate the reports for application visualization is 5 seconds
- By default, Management Interface is enabled.
- In the Source Traffic section, select anyone of the following:
- Source Selector‑ Select the source from the drop-down list box. To create new source, select New Source Selector and add the filters. For more information on creating a New Source Selector, refer to Create Source Selectors.
Note: You cannot configure Source Selectors when you deploy the GigaVUE V Series Nodes using Third Party Orchestration in VMware ESXi Host
- Tunnel Specification- Select the tunnel from the drop-down list box. To create new tunnel, select New Source Tunnel Spec and add the details for the tunnel. For more information on creating a new tunnel, refer to Create Tunnel Specifications.
Note: Select the ens192 interface for the Tunnel Specifications from the drop-down menu when using third party orchestration. Tunnel Specification for the source must always be configured with Traffic Direction as IN, to indicate that it is an ingress tunnel. For Azure Connection, VXLAN is the only supported Tunnel Type.
- Raw End Point- Select the Raw End Point Interface from the drop-down menu which will tap the traffic for application monitoring.
Note: This field is applicable only when you deploy your GigaVUE V Series Nodes using third party orchestration in VMware ESXi Host, Nutanix and Google Cloud Platform.
- Source Selector‑ Select the source from the drop-down list box. To create new source, select New Source Selector and add the filters. For more information on creating a New Source Selector, refer to Create Source Selectors.
- Click on the Application Metadata tab.
- In the Destination Traffic section, click + Add New to create an exporter to receive application-specific traffic. You can only create a maximum of 5 exporters. Enter the following details:
Field Description Tool Name Enter the tool name. Tool IP Address Enter the tool IP address. Template Select the tool template. Refer to Tool Templates for more details on what tool templates are and to create custom tool templates. L4 Source Port Port from which the connection will be established to the target. For Example, if A is the source and B is the destination, this port value belongs to A.
L4 Destination Port Port to which the connection will be established from the source. For Example, if A is the source and B is the destination, this port value belongs to B.
APPLICATION ID Enable to export the data with Application Id. Format NetFlow Record / Template type Segregated - The application-specific attributes and the generic attributes will be exported as individual records to the tool. Cohesive- The application-specific attributes and the generic attributes will be combined as a single record and exported to the tool. Active Timeout Enter the active timeout value in seconds. Inactive Timeout Enter the inactive timeout in seconds. Version Select the NetFlow version. Template Refresh Interval Enter the time interval at which the template must be refreshed in seconds. - In the Advanced Settings > Collects section, the following details are already configured.
Note: When the template is NetFlow v5 or when the format is NetFlow and the version as V5 you cannot modify the Collects.
- TimeStamp
- Counter
- Interface
- IPv4
- Transport
- In the Application Metadata Settings section:
- Select the Flow Behavior as any one of the following:
- Uni-Directional
- Bi-Directional. The default value is Bi-Directional.
- Enter the Timeout and Cache Size.
- You can enable or disable the Multi-Collect option to perform the following:
- Enable — Enables the multi-collect of attributes within a given Metadata Store cache which means that if a configured attributes is seen in multiple packets within the same flow, each of these information is collected. By default, when a new cache is created, multi-collect is enabled. When upgraded from an older release, the multi-collect option is enabled.
- Disable — Disables the multi-collect of attributes within a given Metadata Store cache.
- You can use the toggle button to enable or disable the Aggregate Mode, which is disabled by default. You need to delete the existing solution and recreate the solution to enable the Aggregate Mode. The Aggregate Mode option is applicable only for Gen 3 devices. Only one exporter is supported with the Aggregate Mode enabled.
Protocol Name Attribute http rtt icmp rtt icmp6 rtt ssh rtt tcp rtt tcp rtt_app telnet rtt wsp connect_rtt wsp query_rtt Note: You need to enable the Aggregate Mode option to export the minimum, maximum, and mean of RTT values for the following list of supported protocols and attributes and also the aggregate of TCP Lost byte values collected per export time interval.
- You can enable or disable the Advance Hash option to perform the following:
- Enable — Configures metadata cache advance-hash for encapsulated flows . This feature improves the efficiency of scheduling the distribution of encapsulated flows. It also improves the distribution of flows in service provider deployment cases. By default, when a new cache is created, advance hash is enabled. When upgraded from an older release, the advance hash is enabled.
- Disable — Disables the metadata cache advance-hash for flows.
- If you want to include the VLAN ID along with the 5-tuple to identify the traffic flow, select the Data Link and enable the VLAN option.
- In the Observation Domain ID field, enter a value to identify the source from where the metadata is collected. The range is from 0 to 255. The calculated value of Observation Domain Id in Hexadecimal is 00 01 02 05, and in Decimal is 66053.
- Select the Flow Behavior as any one of the following:
- Click Save.
NetFlow Dashboard
In Appviz, only the traffic statistics are displayed as applications cannot be configured and used in the NetFlow configuration