NetFlow Monitoring

NetFlow Monitoring


Note


For Release 3.0(2), NetFlow monitoring is supported for end-host mode only.


NetFlow is a standard network protocol for collecting IP traffic data. NetFlow enables you to define a flow in terms of unidirectional IP packets that share certain characteristics. All packets that match the flow definition are then collected and exported to one or more external NetFlow collectors where they can be further aggregated, analyzed and used for application specific processing.

Cisco UCS Manager uses NetFlow-capable adapters (Cisco UCS VIC 1240, Cisco UCS VIC 1280, and Cisco UCS VIC 1225) to communicate with the routers and switches that collect and export flow information.

Network Flows

A flow is a set of unidirectional IP packets that have common properties such as, the source or destination of the traffic, routing information, or the protocol used. Flows are collected when they match the definitions in the flow record definition.

Flow Record Definitions

A flow record definition contains all information about the properties used to define the flow, which can include both characteristic properties or measured properties. Characteristic properties, also called flow keys, are the properties that define the flow. Cisco UCS Manager supports IPv4, IPv6, and Layer 2 keys. Measured characteristics, also called flow values or nonkeys, are values that you can measure, such as the number of bytes contained in all packets of the flow, or the total number of packets.

A flow record definition is a specific combination of flow keys and flow values. You can use the following type of flow record definitions:

  • System-defined—Default flow record definitions supplied by Cisco UCS Manager.

  • User-defined—Flow record definitions that you can create yourself.

Flow Exporters, Flow Exporter Profiles, and Flow Collectors

Flow exporters transfer the flows to the flow connector based on the information in a flow exporter profile. The flow exporter profile contains the networking properties used to export NetFlow packets. The networking properties include a VLAN, the source IP address, and the subnet mask for each fabric interconnect.


Note


In the Cisco UCS Manager GUI, the networking properties are defined in an exporter interface that is included in the profile. In the Cisco UCS Manager CLI, the properties are defined in the profile.


Flow collectors receive the flows from the flow exporter. Each flow collector contains an IP address, port, external gateway IP, and VLAN that defines where the flows are sent.

Flow Monitors and Flow Monitor Sessions

A flow monitor consists of a flow definition, one or two flow exporters, and a timeout policy. You can use a flow monitor to specify which flow information you want to gather, and where you want to collect it from. Each flow monitor operates in either the egress or ingress direction.

A flow monitor session contains up to four flow monitors: two flow monitors in the ingress direction and two flow monitors in the egress direction. A flow monitor session can also be associated with a vNIC.

NetFlow Limitations

The following limitations apply to NetFlow monitoring:

  • NetFlow monitoring is not supported on the Cisco UCS 6100 Series Fabric Interconnect.

  • NetFlow monitoring is supported on the Cisco UCS 1200 and 1300 series VIC adapters. However, on the 1200 series VIC adapters, NetFlow is not recommended with FCoE traffic.

  • You can have up to 64 flow record definitions, flow exporters, and flow monitors.

  • NetFlow is not supported in vNIC template objects.

  • PVLANs and local VLANs are not supported for service VLANs.

  • All VLANs must be public and must be common to both fabric interconnects.

  • VLANs must be defined as an exporter interface before they can be used with a flow collector.

  • You cannot use NetFlow with usNIC, the Virtual Machine queue, or Linux ARFS.

Creating a Flow Record Definition

Procedure
    Step 1   In the Navigation pane, click LAN.
    Step 2   On the LAN tab, expand LAN > Netflow Monitoring.
    Step 3   Right-click Flow Record Definitions and choose Create Flow Record Definition.
    Step 4   In the Create Flow Record Definition dialog box, complete the following fields:
    Field Description

    Name

    The name of the flow record definition.

    This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object is saved.

    Description

    The user-defined description of the flow record definition.

    Keys

    Choose the radio button for the key that you want to use. This can be one of the following:

    • IPv4—Populates the selection window with IPv4 keys.

    • IPv6—Populates the selection window with IPv6 keys.

    • Layer 2 Switched—Populates the selection window with Layer 2 keys.

    Check the check boxes for the properties to be included for the flow.

    Measured Properties

    Check the check box for the nonkey fields to be included for the flow. This can be one or more of the following:

    • Counter Bytes Long

    • Counter Packets Long

    • Sys Uptime First

    • Sys Uptime Last

    Step 5   Click OK.

    Viewing Flow Record Definitions

    Procedure
      Step 1   In the Navigation pane, click LAN.
      Step 2   On the LAN tab, expand LAN > Netflow Monitoring.
      Step 3   Choose Flow Record Definitions to view the list of all flow definitions.
      Step 4   Double-click the name of a flow definition to view the properties for the selected flow definition. On the Properties window, you can modify the keys and non-keys used for the flow.

      Defining the Exporter Profile

      Procedure
        Step 1   In the Navigation pane, click LAN.
        Step 2   On the LAN tab, expand LAN > Netflow Monitoring > Flow Exporters > Flow Exporter Profiles.
        Step 3   Click Flow Exporter Profile default.
        Step 4   In the Properties area, to the side of the Exporter Interface(s) table, click Add.
        Step 5   In the Create Exporter Interface dialog box, complete the following fields:
        Name Description

        VLAN

        Choose the VLAN that you want to associate with the exporter interface, or click Create VLANs to create a new one.

        PVLAN and local VLANs are not supported. All VLANs must be public and must be common to both fabric interconnects.

        Fabric A Source IP

        The source IP for the exporter interface on fabric A.

        Important:

        Make sure the IP address you specify is unique within the Cisco UCS domain. IP address conflicts can occur if you specify an IP address that is already being used by Cisco UCS Manager.

        Fabric A Subnet Mask

        The subnet mask for the exporter interface on fabric A.

        Fabric B Source IP

        The source IP for the exporter interface on fabric B.

        Important:

        Make sure the IP address you specify is unique within the Cisco UCS domain. IP address conflicts can occur if you specify an IP address that is already being used by Cisco UCS Manager.

        Fabric B Subnet Mask

        The subnet mask for the exporter interface on fabric B.

        Step 6   Click OK.

        Creating a Flow Collector

        Procedure
          Step 1   In the Navigation pane, click LAN.
          Step 2   On the LAN tab, expand LAN.
          Step 3   Click Netflow Monitoring.
          Step 4   In the Work pane, click the Flow Collectors tab.
          Step 5   Click Add at the side of the Flow Collectors table.
          Step 6   In the Create Flow Collectors dialog box, complete the following fields:
          Name Description

          Name

          The name of the flow collector.

          This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object is saved.

          Description

          The user-defined description of the flow collector.

          Collector IP

          The IP address for the flow collector.

          Port

          The port for the flow collector. Enter a value between 1 and 65535.

          Exporter Gateway IP

          The external gateway IP for the flow collector.

          VLAN

          The VLAN associated with the flow collector.

          VLANs must be defined in the Create Exporter Interface dialog box before they can be used with a flow collector.

          Step 7   Click OK.

          Creating a Flow Exporter

          Procedure
            Step 1   In the Navigation pane, click LAN.
            Step 2   On the LAN tab, expand LAN > Netflow Monitoring.
            Step 3   Right-click Flow Exporters and choose Create Flow Exporter.
            Step 4   In the Create Flow Exporter dialog box, complete the following fields:
            Name Description

            Name

            The name of the flow exporter.

            This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object is saved.

            Description

            The user-defined description of the flow exporter.

            DSCP

            The differentiated services codepoint (DSCP) value. The range of values is from 0 and 63.

            Version

            The exporter version. By default, this is version 9.

            Exporter Profile

            The exporter profile that you want to associate with the flow exporter.

            Flow Collector

            Choose the flow collector that you want to associate with the flow exporter, or click Create Flow Exporter to create a new one.

            Template Data Timeout

            The timeout period for resending NetFlow template data.

            Enter a value between 1 and 86400.

            Option Exporter Stats Timeout

            The timeout period for resending NetFlow flow exporter data.

            Enter a value between 1 and 86400.

            Option Interface Table Timeout

            The time period for resending the NetFlow flow exporter interface table.

            Enter a value between 1 and 86400.

            Step 5   Click OK.

            Creating a Flow Monitor

            Procedure
              Step 1   In the Navigation pane, click LAN.
              Step 2   On the LAN tab, expand LAN > Netflow Monitoring.
              Step 3   Right-click Flow Monitors and choose Create Flow Monitor.
              Step 4   In the Create Flow Monitor dialog box, complete the following fields:
              Name Description

              Name

              The name of the flow monitor.

              This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object is saved.

              Description

              The user-defined description of the flow monitor.

              Flow Definition

              Choose the flow definition that you want to use from the list of values, or click Create Flow Record Definition to create a new one.

              Flow Exporter 1

              Choose the flow exporter that you want to use from the list of values, or click Create Flow Exporter to create a new one.

              Flow Exporter 2

              Choose the flow exporter that you want to use from the list of values, or click Create Flow Exporter to create a new one.

              Timeout Policy

              The timeout policy that you want to use from the list of values.

              Step 5   Click OK.

              Creating a Flow Monitor Session

              Procedure
                Step 1   In the Navigation pane, click LAN.
                Step 2   On the LAN tab, expand LAN > Netflow Monitoring.
                Step 3   Right-click Flow Monitor Sessions and choose Create Flow Monitor Session.
                Step 4   In the Create Flow Monitor Session dialog box, complete the following fields:
                Name Description

                Name

                The name of the flow monitor session.

                This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters other than - (hyphen), _ (underscore), : (colon), and . (period), and you cannot change this name after the object is saved.

                Description

                The user-defined description of the flow monitor session.

                Host Receive Direction Monitor 1

                Choose the flow monitor that you want to use from the list of values, or click Create Flow Monitor to create a new one.

                Host Receive Direction Monitor 2

                Choose the flow monitor that you want to use from the list of values, or click Create Flow Monitor to create a new one.

                Host Transmit Direction Monitor 1

                Choose the flow monitor that you want to use from the list of values, or click Create Flow Monitor to create a new one.

                Host Transmit Direction Monitor 2

                Choose the flow monitor that you want to use from the list of values, or click Create Flow Monitor to create a new one.

                Step 5   Click OK.

                Associating a Flow Monitor Session to a vNIC

                Procedure
                  Step 1   In the Navigation pane, click LAN.
                  Step 2   On the LAN tab, expand LAN > Netflow Monitoring > Flow Monitor Sessions.
                  Step 3   Click the flow monitor session that you want to associate.
                  Step 4   Click Flow Exporter Profile default.
                  Step 5   In the Properties area, expand vNICs.
                  Step 6   Click Add at the side of the table.
                  Step 7   In the Add Monitoring Session Source dialog box, choose the vNIC that you want to associate with the flow monitor session.
                  Step 8   Click OK to close the dialog box.
                  Step 9   Click Save to close the dialog box.