vSphere vNetwork

 View Only
  • 1.  NetFlow and Interfaces

    Posted Nov 04, 2011 08:07 PM

    We're testing out the new NetFlow feature of the vDS and not being the most experienced with networking, I had a couple of questions.

    The NetFlow tool allows you to set an IP address for the vDS and from several blog posts I finally found out that this is nothing more than an identifier to funnel all your traffic through. Now, this could be helpful because you wouldn't need to spend a whole lot of money to license a product like Scrutinizer since you'd only be configuring it for essentially one device. However, the information you get from the analyzer shows the traffic on interfaces, which display as vSphere port numbers, e.g. Instance 1002, Instance 1004, etc.

    I attempted to add some information to our ports, giving them a name and description, which I didn't really think would change anything (and it didn't), but it was worth a try. If you could name these such that you could see what they were in the analysis tool, that would probably be a lot more helpful.

    I guess my main question is how useful is it to set this vDS "IP address", or whether to just leave it blank so you can see all your individual ESXi servers by name.

    Secondly, if you only want to view internal, vmware traffic, my guess is that you'd leave the netflow monitoring disabled on your uplinks. I found that enabling that caused Scrutinizer to start throwing a lot of alarms that were happening on external IPs, tracing back through showed that the data was originating from the uplink ports.

    Finally, I wonder if VMWare would consider renaming their console protocol so that it isn't using "ideafarm-chat" as it's protocol name. Maybe use something more identifiable as vmware traffic.



  • 2.  RE: NetFlow and Interfaces

    Posted Nov 11, 2011 09:50 PM

    tsmori wrote:

    Finally, I wonder if VMWare would consider renaming their console protocol so that it isn't using "ideafarm-chat" as it's protocol name. Maybe use something more identifiable as vmware traffic.

    I do not think that VMware is using that name. The port number (TCP and UDP 902) used by vSphere is also used by some strange and unusal system called ideafarm-chat, that is why your network analyzer is displaying that name.



  • 3.  RE: NetFlow and Interfaces

    Posted Nov 13, 2011 07:34 PM

    Hello tsmori,

    I hope I understand your question.  There are two ways in Scrutinizer to define ports as applications:
    * Admin tab > Definitions > Well Known Ports

    * Admin tab > Definitions > Applications

    The above tools allow you to rename ports.  Defined Applications trump Well Known Ports when running Application reports.

    Are you talking about interfaces (e.g. 1002, 1004, etc.)?  If so, visit Device Details to rename these interfaces.  Contact plixer for pre or post sales support.

    I hope this helps you.

    Sincerely,

    Jake