Setting up NetFlow on vSphere distributed switch

By Tomi Hakala, on February 1st, 2012 | One comment

Many networking devices like routers and switches, implement a NetFlow protocol which is used to export information of passing network traffic to a specific NetFlow collector application for analysis and visualization. Back in days, VMware ESX 3.5 had experimental support for NetFlow but it was dropped for vSphere 4, with release of vSphere 5 VMware introduced full production ready NetFlow support for vNetwork distributed switches.

NetFlow will export only information about source, destination, protocol and volume of network traffic passing the distributed switch, it will not have any visibility to actual payload.

NetFlow Analyzer

Ability to export NetFlow data doesn’t do much as-is, you need NetFlow analyzer application in which you import NetFlow data from vSphere distributed switch. While searching for application to do this I stumped on ManageEngine NetFlow Analyzer which is available as free download for 30 day evaluation, http://www.manageengine.com/products/netflow/download.html.

manageengine_netflow_analyzer_download

ManageEngine NetFlow analyzer is available as Windows and Linux versions, I downloaded Windows version and had it running in no time as installation and configuration was very easy. Once installed I glanced though NetFlow Analyzer configuration for TCP port to which I should send NetFlow data from vDS. I found this quickly under “Admin”, “Server Settings”, “NetFlow Listener Port”.

manageengine_netflow_analyzer_config

As I knew IP address of my NetFlow Analyzer server and NetFlow listener port of application I was ready to proceed with vDS configuration.

vSphere Distributed Switch Configuration

NetFlow export is configured at distributed switch level, go to the networking view in vSphere Client click “edit settings” on switch you wish to export NetFlow data from. In switch Settings you can see “NetFlow” tab and on that page you will have following settings.

distributed_switch_netflow_config

First setting you should configure is “Collector IP address”, that is the IP of your NetFlow analyzer or collector application. You also need to configure correct port as every NetFlow analyzer and collector may have different default settings.

By default each ESXi host will export NetFlow data by using their own management address, because of this you will see multiple sources of traffic in your NetFlow analyzer. If you wish to have only single source for all your distributed switch traffic, you can configure specific source IP address for your vDS. This IP should be entered in “VDS IP address” field. Please note that you need to allow access from your ESXi host management IP addresses to your NetFlow analyzer/collector no matter what IP address you would type in vDS IP address.

By default distributed switch will send information about active network flow while 60 seconds have passed since flow was initiated, if you wish to have data about new flows quicker you could lower the value on “Active flow export timeout” but I do not recommend it unless you fully understand all implications it might have. I do not, so I don’t try to explain it. Data of idle network flows will be exported after 15 seconds of initial packet has passed.

Exporting NetFlow data from a vDS which is passing a LOT of traffic might have performance hit on ESXi host CPU, if you do not mind having lower resolution on your NetFlow data you could increase “Sampling rate” value. By default it is set to 0 which means that every packet is inspected and included in NetFlow export. If you set “Sampling rate” to 2 it means that every other network packet is inspected and included in NetFlow export, and so on. Increasing sampling rate will improve performance if you are having CPU utilization issues but it will also decrease NetFlow data resolution.

As last setting there is “Process internal flows only” check box. By default distributed switch will export data about all traffic passing internally on vDS or passing to or from physical network. If you have NetFlow enabled on your physical network devices it could be unnecessary to send information about flows which are passing on physical network layer also, as those are already seen and reported by other network devices. In this case you could check “Process internal flows only” setting and have distributed switch to export data only about flows which is switched directly by vDS and not passed to physical network layer, this would decrease any overhead NetFlow data exporting might have on your ESXi hosts.

Inspecting NetFlow data

Once you have your NetFlow analyzer and distributed switch properly set you should eventually have some data about network traffic taking place in your virtual infrastructure. Below is a screenshot of ManageEngine NetFlow Analyzer output about my vSphere lab traffic, you can see larger version of image by clicking of it.

manageengine_netflow_analyzer

Tags: , , , | Category: Virtualization, VMware

vCenter Server 5 Data Migration Tool compatibility issues

By Tomi Hakala, on January 21st, 2012 | 2 comments

While preparing for vSphere 5: What’s New training delivery I found out that vCenter Server Data Migration Tool on vCenter Server 5 installation media is not quite compatible with vCenter Server 4.1 contrary to documentation. vCenter Server Data Migration Tools is set of scripts for exporting and importing vCenter Server configuration and it is useful if you are migrating vCenter Server to a new operating system (32-bit to 64-bit migration for example).

Data Migration Tool can be used to back up vCenter Server settings such as:

  • LDAP data
  • vCenter Services port settings (HTTP, HTTPS, Web services, etc)
  • SSL certificates
  • Licenses

Data Migration Tool is available on vCenter Server installation media in “datamigration” folder. Datamigration folder on vCenter Server install CD

First snag I hit was that for some weird reason Windows 2008 R2 built in unzip feature was not able to successfully extract datamigration.zip, most of the files in the archive were never extracted. I installed IZArc (which is a great freeware archive tool btw) to my test vCenter Server and it extracted all files successfully.

Once Data Migration Tool fully extracted I went on to do a backup of my vCenter Server configuration running backup.bat in the Data Migration Tool installation folder. I was greeted with a message that my vCenter Server 4.1 Update 2 installation does not satisfy migration prerequisite… Datamigration vCS 4.1 error

Even though I was asked to continue backup with “Y” backup eventually failed with error. I then went on to VMware KB to lookup Data Migration Tool solutions entry and found KB article 2005328, in that article it clearly reads that “vCenter Server 4.x and its update releases” are supported.

I started up going through Data Migration Tool scripts and found out that compatibility issue is very easy to fix. There is set of Python scripts for vCenter Server, Update Manager and vCenter Orchestrator services and you need to edit backup script for each of the service to successfully back up data from vCenter 4.1.

First open vCenter Orchestrator backup script, on my installation it was located in C:\datamigration\vco\vcobackup.py, open this file in text editor, such as notepad. In the beginning of the script there is regex entry to check software version

# supported VMware vCenter Orchestrator versions regex
supported_vco_version_regex =’4\.0\.[0-9]+’

replace regex with following entry and save file

# supported VMware vCenter Orchestrator versions regex
supported_vco_version_regex =’4\.[0-9]+’

Next proceed to edit vCenter Server backup script C:\datamigration\vpx\vcenterbackup.py and search for entry

# supported vSphere versions regex
supported_vc_ver_regex =’2\.5\.+|4\.0\.+’

replace regex with following entry and save file

# supported vSphere versions regex
supported_vc_ver_regex =’2\.5\.+|4\.+’

 

Finally proceed to edit Update Manager backup script C:\datamigration\vum\vumbackup.py and search for entry

# supported VMware vSphere Update Manager versions regex
supported_vum_ver_regex =’1\.0\.+|4\.0\.+’

replace regex with following entry and save file

# supported VMware vSphere Update Manager versions regex
supported_vum_ver_regex =’1\.0\.+|4\.+’

Now running the backup.bat against vCenter Server 4.1 will succeed

Datamigration backup of vCS 41 success

Data Migration Tool saves configuration in data folder of your Data Migration Tool installation folder, you can then copy that folder to a Data Migration Tool installation folder on a new server and run install.bat to restore configuration to a new vCenter Server instance.

See VMware KB article 2005328 for detailed instructions of Data Migration Tool backup and restore process.

    Tags: , , , , | Category: Virtualization, VMware

    A new challenges awaits

    By Tomi Hakala, on January 15th, 2012 | 2 comments

    Change AheadYear 2012 kicks off with a big bang for me, I left my stable income position at Capgemini Data Center Solutions unit and joined a new, small but agile company Suomen IT-Virtuoosit Oy as VMware Certified Instructor. In my new position I will deliver VMware training in Finland through VATC’s such as Arrow ECS and have some time to work on consulting as well, in fact I already have a deal to work on a very large SAP Landscape in which VMware virtualization will be in a key role with some other very interesting enabler technologies.

    I hope that my new position also allow me to work more on my blog which I feel I have neglected a bit lately, I feel that I can contribute more to the excellent community that we have around VMware.

    With these changes I really feel energized and full of new ideas, even though Capgemini was a great employer I expect that year 2012 will be most exciting time I have had for a while!

    Tags: , | Category: Personal

    VMware vCenter AppSpeed got End of Availability date

    By Tomi Hakala, on December 22nd, 2011 | Leave a comment

    VMware has decided to kill vCenter AppSpeed, no new licenses will be sold after January 3rd, 2012. Support for existing licenses will continue until September 15th, 2012. Official notification of EOA and ESL is available at http://kb.vmware.com/kb/2010764 which I will quote briefly:

    We want to provide you with an important update about the VMware® vCenter AppSpeed™ product. As customers continue to expand the use of virtualization and cloud resources, we are focusing on delivering management solutions that can support the flexibility that enterprises require. As a result of this focus, we have decided not to produce additional releases of vCenter AppSpeed. vCenter AppSpeed will be end of availability for new license purchases as of January 3, 2012, however it will continue to be supported through September15, 2012, in line with our General Support Policy.

    I was suspecting that AppSpeed has been killed off since there has not been any updates to it in a long time and latest vSphere version it is officially compatible is vSphere 4.0 U2.

    AppSpeed support

    I don’t know how many customers actually implemented AppSpeed on their infrastructure, but when I did the hands on lab in VMworld 2009 I was quite impressed by the product. In real life though it may have been that limited support for applications it could monitor was not enough to spark the customers interest in product.

    Tags: , | Category: VMware
    « Newer Entries  
      Older Entries »