Apart from other Cisco Physical switches, Cisco Nexus 1000 V is a virtual switch which is custom made for VMware Vsphere environment. The NetFlow export from Cisco 1000V helps in analyzing the traffic between VMware Host and traffic to other part of network from these Hosts.
The earlier blog was regarding deployment of Cisco Nexus 1000V on ESX host and this is about configuring 1000V for NetFlow export.
Once the Routing, switching, Policing has been done on Cisco Nexus 1000V, the next step is to monitor traffic using NetFlow export. To configure Cisco Nexus 1000V from the scratch, visit the following link.
NetFlow Configuration on 1000V:
Cisco Nexus 1000 V can be configured to export Flexible NetFlow. The process of configuring Flexible NetFlow consists of four major steps:
- Flow Record Creation
- Flow Exporter Configuration
- Flow Monitoring Configuration
- Attaching the Flow monitor to all Interfaces
Flow Record :-
Flow record defines collection of Pre-Defined fields that NetFlow can gather. Given below is the configuration for creating flow records with Pre-Defined fields.
Nexus1000v(config)# flow record ManageEngine
Nexus1000v(config-flow-record)# match ipv4 source address
Nexus1000v(config-flow-record)# match ipv4 destination address
Nexus1000v(config-flow-record)# match ip protocol
Nexus1000v(config-flow-record)# match ip tos
Nexus1000v(config-flow-record)# match transport source-port
Nexus1000v(config-flow-record)# match transport destination-port
Nexus1000v(config-flow-record)# match interface input
Nexus1000v(config-flow-record)# match interface output
Nexus1000v(config-flow-record)# match flow direction
Nexus1000v(config-flow-record)# collect routing source as
Nexus1000v(config-flow-record)# collect routing destination as
Nexus1000v(config-flow-record)# collect routing next-hop address ipv4
Nexus1000v(config-flow-record)# collect transport tcp flags
Nexus1000v(config-flow-record)# collect counter bytes
Nexus1000v(config-flow-record)# collect counter packets
Nexus1000v(config-flow-record)# collect timestamp sys-uptime first
Nexus1000v(config-flow-record)# collect timestamp sys-uptime last
Flow Exporter Configuration:
Flow exporter is the one which exports NetFlow packets to server where NetFlow Analyzer is installed. Find the configuration for flow exporter.
Nexus1000V(config)# flow exporter ManageEngine
Nexus1000V(config-flow-exporter)# destination 192.0.2.1 // NetFlow Analyzer listener port
Nexus1000V(config-flow-exporter)# source mgmt 0
Nexus1000V(config-flow-exporter)# transport udp 9996 // Default listener port for NetFlow Analyzer
Nexus1000V(config-flow-exporter)# version 9
Nexus1000V(config-flow-exporter-version-9)# option exporter-stats timeout 60
Nexus1000V(config-flow-exporter-version-9)# template data timeout 60
Flow Monitor Configuration:-
A flow monitor is the one which caches all the traffic passing through the applied interface and the flow exporter will export all the traffic as UDP datagram to NetFlow Analyzer server.
Nexus1000V(config)# flow monitor ManageEngine
Nexus1000V(config-flow-monitor)# description Ipv4Monitor
Nexus1000V(config-flow-monitor)# exporter ManageEngine
Nexus1000V(config-flow-monitor)# record ManageEngine
Nexus1000V(config-flow-monitor)# timeout active 60
Nexus1000V(config-flow-monitor)# timeout inactive 60
Attaching to the Interface:-
In order to enable NetFlow export on the interfaces, you need to attach the flow monitor to each interfaces
Example :-
Nexus1000V(config)# interface ehternet0
Nexus1000V(config)# ip flow monitor ManageEngine input
Already deployed Nexus 1000 V on ESX Host ? Now start monitoring the Nexus 1000 V using NetFlow Analyzer for detail traffic analysis.
Praveen Kumar
NetFlow Analyzer Technical Team
Download | Interactive Demo | Twitter | Customers
You can do some tests with this online nexus 1000v
http://www.sharontools.com/online-lab/
Dave