VMware NSX

  • 1.  Creating an IDS, getting all network traffic on Clusters and non VM traffic to a single VM

    Posted Oct 13, 2022 04:27 PM

    Hello all,

    I have recently created a VM and now I want to send all traffic on my network to this VM so I can monitor it and do appropriate actions.

    The problem is I have never done this. Looking at our settings we have a Virtual Network that the Clusters vSphere uses and then we have our main Physical Network with VLANs, switches, etc. 

    I looked at creating a virtual and created one with a I think it was a 4096 VLAN Port.

    I can gather any information needed to help with this process. We use Cisco Switches and have vSphere 6.5.

    I am looking at setting up this new VM and sending all network traffic to it.

    I;m not sure if I should go a virtual route or a physical route.

    Thank you all, 

    I look forward to hearing and working with everyone.



  • 2.  RE: Creating an IDS, getting all network traffic on Clusters and non VM traffic to a single VM

    Broadcom Employee
    Posted Oct 14, 2022 05:50 PM

    You can try Virtual Port Mirroring functionality. If VM supports IPFIX/Netflow, you can also configure the same at the DVS layer and steer all the flows to the VM. 



  • 3.  RE: Creating an IDS, getting all network traffic on Clusters and non VM traffic to a single VM

    Posted Oct 25, 2022 04:03 PM

    I know I have virtual switches, I'm not sure what to do to see if I can make this work. I have a virtual network setup in VSphere and I have tried creating a 4095 VLAN to grab all network traffic and I assigned that to my VM but that did not grab everything as I hoped, I'm not sure exactly what to do, but I can do whatever is needed. I recently took over the VSphere network, we have multiple clusters all with VMs but the doing everything is what I am still learning.

    I know if this was a normal switch I could Create a SPAN port on the switch to grab all traffic on that switch, I would then assign it to a port and use that port on the server that my VM is on. Then connecting my VM to that port is something I'm not sure about. I have never done that part of anything yet. I would love to learn how to do any network traffic monitoring.  

    My end goal is to eventually get all network traffic and send it to my VM. I first want to just get vmware traffic and send that to my VM so I can start the learning process on how to do all of this. 

    I would greatly appreciate any and all info I get on this, I will also try anything suggested that you think would work.

    Thank you@



  • 4.  RE: Creating an IDS, getting all network traffic on Clusters and non VM traffic to a single VM

    Posted Oct 14, 2022 09:35 PM

    Are you using NSX or not?

     



  • 5.  RE: Creating an IDS, getting all network traffic on Clusters and non VM traffic to a single VM

    Posted Oct 25, 2022 03:33 PM

    Hello, how do I know if I am using NSX?

    I am new to taking over all the VMWare infrastructure. I want to say no. but I really have no idea...  I can get any information that is needed.