Enabling NetFlow on Virtual Switch
I followed the steps of http://www.vmware.com/pdf/vi3_35_25_netflow.pdf, to
activate the Netlfow on the virtual switches.
To collect this information, I use the Netflow Analyzer 7 (NFA7).
The NFA7 began to collect traffic information. But I did not
know which interface is that, because the names of the interfaces are generic Ifindex1-ifindex6.
I know not why I see 6 interfaces. I already configure the SNMP protocol
Community in the NFA7 with these settings NFA7 usually recognize the name of
for the router and switching devices and interfaces. I have the default MIB
for SNMP.
Someone has this installation works?
Best account.
Hello
It is a well known problem with the exporter of Netflow 3.5. The problem lies in the design of ESX vSwitches who do not have true/static virtual port identifiers. The exporter so use the portIDs of the ports concerned, but unfortunately these values cannot be easily mapped to the specific user to the virtual port.
This is the main reason that the functionality is more experimental - we has not found a way to design it at the level of standards of VMware due to limitations of the Protocol.
I'd be happy to take any feedback on how to improve it.
Tags: VMware
Similar Questions
-
Can not pass traffic with label of vmware virtual switch fabric 10 GB
Hello
I need to understand how to move traffic labeled VMware VST to these virtual Fabric switch. Blades IBM HS22 connecting internally to the virtual switch between ports 1 to 14. I use 2 external ports (17-18), one connects to the Netgear switch and another to the other switch to virtual fabric. Did the same on the other virtual fabric switch. My Synology rackstation is configured with LUN iscsi that connect to the Netgear switch and I would like to connect my HS 22 rackstation blades. My main concern is that I can't ping the IP of netgear on the same interface vlan. I can ping my Synology diskstation to the netgear which are in the same vlan. NETGEAR and BNT switches are connected by cables DAC SFP +.
Even VLAN is also configured on Netgear switch. The default pvid is set as 1 on all interfaces, can I disable this? Do I need to use tagpvid-penetration on all interfaces.
SH run
Current configuration:
!
version "7.8.7.
switch type "IBM Networking OS virtual fabric 10 Gb Switch Module for IBM BladeCenter"
iscli-new
!
timezone system 295
! Europe/Denmark
Advanced System
!SNMP-name of the server "BNT01".
!
hostname "BNT01".
!
!
enable access userbbi
!
INT1 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT2 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT3 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT4 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT5 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT6 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT7 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!INT8 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT9 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT10 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT11 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!INT12 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
INT13 interface port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
interface INT14 port
switchport trunk allowed vlan 1, 16-50, 3998-4000, 4095
output
!
EXT1 interface port
switchport mode trunk
switchport trunk allowed vlan 1, 16-50, 3998-4000
output
!
EXT2 interface port
switchport mode trunk
switchport trunk allowed vlan 1, 16-50, 3998-4000
output
!!
VLAN 1
the name "Default".
!
VLAN 16
name "VLAN16".
!
VLAN 17
name "VLAN17".
!
VLAN 18
name "VLAN18".
!
VLAN 19
name "VLAN19".
!
VLAN 20
name "VLAN20.
!.
.
.
.
.
.
..
VLAN 46
name "VLAN46".
!
VLAN 47
name "VLAN47".
!
VLAN 48
name "VLAN48".
!
VLAN 49
name "VLAN49".
!
VLAN 50
name "VLAN50".
!
VLAN 3998
name "iscsi".
!
VLAN 3999
name "vmotion".
!
VLAN 4000
name "mgmt".
!
!
!
spanning tree mst configuration
lethosting-name "region1".
revision 2
output
!
spanning tree mst mode
!
spanning tree mst configuration
example of 1 vlan 16-50
instance 2 vlan 3997,4000
example 3 vlan 3998-3999
outputThe configuration is for Teddy. I donno what I'm missing here? Any ideas would be very appreciated.
Yes. Finally managed to do work. Tagged traffic now connects blades with ESXI 5.5 U2 to the Synology rackstation.
It was the same thing we had. ESXi 6.0 is not supported by this adapter emulex. Also ESXi 5.5 does not I think with the iSCSI driver. So I have updated drivers using esxcli.
VMware
Updated network driver
/ tmp # software esxcli vib install v - /tmp/elxnet-10.0.575.9-1OEM.550.0.0.1331820.x86_64.vib
Result of the installation
Message: The update completed successfully, but the system must be restarted for the changes to be effective.
Restart required: true
VIBs installed: Emulex_bootbank_elxnet_10.0.575.9 - 1OEM.550.0.0.1331820
VIBs removed: VMware_bootbank_elxnet_10.0.100.0v - 1vmw.550.0.0.1331820
VIBs ignored:ISCSI driver update
/ tmp # software esxcli vib install v - /tmp/scsi-be2iscsi-4.6.261.0-1OEM.550.0.0.1198611.x86_64.vib
Result of the installation
Message: The update completed successfully, but the system must be restarted for the changes to be effective.
Restart required: true
VIBs installed: Emulex_bootbank_scsi - be2iscsi_4.6.261.0 - 1OEM.550.0.0.1198611
VIBs deleted:
VIBs ignored:
/ tmp # software esxcli vib install v - /tmp/ima-be2iscsi-4.6.261.0-1OEM.550.0.0.1198611.i386.vib
Result of the installation
Message: The update completed successfully, but the system must be restarted for the changes to be effective.
Restart required: true
VIBs installed: Emulex_bootbank_ima - be2iscsi_4.6.261.0 - 1OEM.550.0.0.1198611
VIBs deleted:
VIBs ignored:esxcli system set to true EI maintenanceMode
esxcli system shutdown reboot - r = driverupdate d = 10After that, I created iSCSI vmkernel ports with the grouping. Ping has started working and now I can connect to the storage
-
How to leave the virtual switch as a physical switch law in esxi 5?
Hello.
I have Esxi5 installed on a server with 3 physical network card (they are supported and found in Esxi) on that Esxi I installed a virtual-SIN (NexentaStor) machine. The first network adapter is connected to the router, the second network adapter is connected to a PC. DHCP is enabled on the router. Normally on a real switch all connected pc should automatically get an IP address from the server (router), or must be able to communicate when they have a fixed IP address. This does not work on the virtual switch. One of my virtual pc Gets an IP address in a range of false, and I can't connect a real PC at this switch
2 questions:
- Should what settings I use in esxi5 to get virtual pc the good IP address?
- Is it possible to connect a real pc directly to the second NIC in my esxi server and use the virtual switch as a true switch? In this way, I can use the Gigabit Nic for a fast and direct connection to the virtual NAS and can connect to the internet via the switch?
Any help would be appreciated
Pieter
ESXi does not NAT unlike VMware Server or Workstation/Fusion.
- Should what settings I use in esxi5 to get virtual pc the good IP address?
-
VMware Player uses a virtual switch or hub?
I develop custom computer technical training and must be able to capture the packets network between multiple virtual machines.
Microsoft's Hyper-V product implements a true virtual switch, so I don't see not all packets that are not addressed to the virtual machine that is running the sniffer of packets on. Enabling promiscuous mode does not benefit me anything.
If I switch to VMware Player, I would be able to see all the packets through the virtual network?
Thanks in advance,
Jesse
Product documentation VMware generally uses the term virtual spend however they are not the real switches and should really be called a virtual hub.
-
How can I assign some VLAN in Virtual switch?
I have ESX 4.0 installed on two IBM Blade hosts that are in a HA cluster to enable vMotion. I have a virtual switch created on each host. Virtual machine connect to the same switch. I added a new virtual machine to on one VLAN separated. I have a few "How to"... questions:
1. How can I put the new virtual machine in an assignment of VLAN different from other virtual machines? (I think it's through groups of ports but I always read)
2. can I put several VLANS on the whole virtual switch? (If Yes, what is the snytax? "43; 40 "or"43, 40' or "43-40")
3. What is the best practice for this kind of Setup?
Thank you
Stuart
Hello and welcome to the forums.
1. How can I put the new virtual machine in an assignment of VLAN different from other virtual machines? (I think it's through groups of ports but I always read)
Port groups - you're right. Create a port group, and then assign the virtual machine this connection.
2. can I put several VLANS on the whole virtual switch? (If Yes, what is the snytax? "43; 40 "or"43, 40' or "43-40")
Yes, you want to create a new port group for each VIRTUAL LAN required in the vSwitch.
3. What is the best practice for this kind of Setup?
There is a lot of information around this in the Guide de Configuration ESX.
Good luck!
-
NSX 6.1.5 - distribute Firewall rules are not applied to the empty virtual switches
Hi all
We have a big problem since we have improved the NSX to version 6.1.3 to 6.1.5.
I get a bug following this procedure:
. In vSphere Client--> NSX, create a new virtual switch
. Distribuer distribute the firewall, create a rule to deny traffic between two survey periods. Example: source: all, destination: all, service: all, Action: reject, applies: the new virtual switch
. Connect two VMS to the virtual switch and you can test the other (this is false due to the firewall rule)
. Publish ANY changes on the firewall distribute (could not be related to our rule. Example to change its name to another rule), and the rule starts to operate.
Additional steps:
. Remove the firewall rule
. Identify the virtual machines in the virtual switch
. Re-create the firewall with applies rule: the virtual switch (still empty)
. Connect the virtual machines and ping between them. Yet once, the rule does not work.
. Publish ANY changes on distributed firewalls and the rule starts to operate.
NSX version 6.1.3 and 6.2.0 both work correctly. But I can't downgrade to 6.1.3 or upgrade to 6.2.0. 6.2.1 upgrade involves the upgrade of several other components.
I use the following versions:
. NSX 6.1.5
. vCenter Version 5.5.0 Build 2414847
. ESXi, 5.5.0, 2718055
Please, any ideas?
Thank you very much
D.
She seems to be a bug in 6.1.5 NSX and there is no solution for this yet. There are workarounds, but none of them apply to my "fully automated" environment
We need to wait for a fix or upgrade to NSX 6.2.1 requiring an upgrade of several components as well.
D.
-
Virtual switch distributed on ESXi integrated Client Host
Any plans to support vDS on the embedded host customer?
If the distributed virtual switches are supported, I can't find how to set up their own good that I was able to configure virtual Standard switches.
I haven't used client embedded myself yet, but in order to create or configure the vDS, you need to vCenter server you manage using vSphere Client/vSphere Web Client. vSS are by the host-based virtual switches that can be created and managed at the host level, so you can create those who use client Embedded or stand-alone vSphere client.
-
Mix the virtual switch different type in a Cluster and a data center.
Can I mix standard virtual switch and a virtual switch distributed in different hosts to a Cluster/DataCenter? Can I vMotion virtual machine to a host of switch distributed to a host of standard switch and vice versa? Let's assume that the hosts have the same port group name (but have virtual swaitch different type), in the same data center, and have the same subnet IP vMotion.
You can mix standard switches and distributed, that's what we call hybrid architecture... but to be able to migrate virtual machines between virtual switches, you must the vSphere 6 and again there are some limitations, like not be able to migrate from VDS vs.
Have a look here for more details on the cross switch vMotion: http://www.vladan.fr/vmotion-enhancements-vsphere-6-0/
-
I have a simple confirmation request.
I have a standard virtual switch created from 4 physical nic, each with 10 GB uplink.
This virtual switch throughput will be still only 10 GB or 40 GB?
If it is 40 GB so how traffic is load-balanced through each physical network adapter, it is divided evenly?
Is there a way I can find what virtual machines on this virutal turnout traffice going through physical nic at a time given time?
The virtual network adapter (which in this case is probably a vmxnet3 adapter) is connected internally to the virtual switch, not to the link bottom-up itself. In fact, it is the same as in a physical world. Think of an Internet router. If this router has internal port 100MBit/s, that's what you'll see on your PC, but you will be very probably do not have a 100 Mbps Internet connection!
André
-
How to change the security policy of a group of distributed in a distributed virtual switch ports?
Hello
I am trying to write a Perl script that can modify the security policy of a group of distributed in a distributed virtual switch ports. I can access the values of security policy by using the following:
$port_group_view-> config - > defaultPortConfig-> securityPolicy - > allowPromiscuous-> value
$port_group_view-> config - > defaultPortConfig-> securityPolicy - > forgedTransmits-> value
$port_group_view-> config - > defaultPortConfig-> securityPolicy - > macChanges-> value
I try to use the method ReconfigureDVPortgroup_Task() of the managed object DistributedVirtualPortGroup. While creating a new instance of DVPortgroupConfigSpec, within the data spec config defaultPortConfig property object there is property of security policy and I couldn't find any other property pointing me to that I can update the security policy. I discovered that it is accessible via defaultPortConfig, stretching from VMwareDVSPortSetting where securityPolicy is a property of VMwareDVSPortSetting.
What is the way to update? I am bit confused about terminology Extends and extended by and how it relates to the other.
Concerning
Akmal
It is in DVPortgroupConfigSpec, but you will need to use the extended VMwareDVSPortSetting object.
My $dvpg_spec = new DVPortgroupConfigSpec();
$dvpg_spec-> {defaultPortConfig} = new VMwareDVSPortSetting();
$dvpg_spec-> {defaultPortConfig} {securityPolicy} = new DVSSecurityPolicy();
$dvpg_spec-> {defaultPortConfig} {securityPolicy} {allowPromiscuous} = new BoolPolicy (value-online 1, inherited-0 online);
$dvpg_spec-> {defaultPortConfig} {securityPolicy} {forgedTransmits} = new BoolPolicy (value-online 1, inherited-0 online);
$dvpg_spec-> {defaultPortConfig} {securityPolicy} {macChanges} = new BoolPolicy (value-online 1, inherited-0 online);
You could probably simplify this by getting the config spec VGA and change it before using it in the ReconfigureDVPorgroup_Task() method.
-
A Question about VM traffic through a virtual switch
I have a question please. I though I read somewhere that if you have 2 virtual machines on the same host ESXi and they are on the same VLAN, when these virtual machines want to talk to each other that they don't let the ESXi host through physical network cards.
Now, I read in the documentation which is only correct if the virtual network, they are on doesn't have an attached physical network adapter. In other words, you create a group of uplink / Port without an attached physical network adapter.
So, since I'm using a distributed switch and say I have a Port named Phoung(VLAN 2) group that has an attached physical network adapter. Now I have 2 virtual machines on the same host ESXi on this VLAN and when they talk to each other the traffic will remain in the ESXi host, or will still be out of the physical network to the network card and come back.
Read various documents on this subject has me a little confused. Thank you very much.
Where did you read that the traffic will leave the virtual switch?
If I have something miss me the traffic leaves the host if either the virtual machine is on different subnets (i.e. need to delivery), or if they are on different virtual switches.
André
-
DNS will work within a private network that includes only a virtual switch?
I have a private network defined in free ESXi 5.5 using only one virtual switch.
Virtual machines on this virtual switch can ssh them using their IP addresses.
I have configured the DNS on one of the virtual machines in this private network, but it will not
resolve hostnames to IP addresses.
Simple question, DNS can run on a private network that is composed
only a switch virtual ESXi?
Yes it will work, but you first need to register all the names of virtual machines and the IP address on the DNS server and point the entry of DNS server on the virtual machines to IP address of the DNS server that you deployed.
-
Virtual switch with virtual bases DMZ
Hi all
trying to wrap my hands around it. Sure you can have an ESXi installation without creating a virtual switch OK? I have a scenario where they have 3 all current hosts to run ESXi 5.x. It have a physical NIC card which is plugged in the demilitarized zone on the firewall and another NETWORK card inside network. They want to get up some virtual machines in the DMZ. I was under the impression that if dididn can't you have a virtual switch with a virtual DMZ then it would be a security risk. Is the separate physical NIC enough?
Thanks in advance!
It doesn't matter what you need a virtual switch in order to have something to connect to the VM too. If you like inside the network and a DMZ network then you can set up a separate virtual switch for each NETWORK card, that way you have separation virtual switch and physical NIC. This way VM is placed only on the demilitarized zone would only speak and other DMZ VM inside VM is placed on the virtual switch inside would only speak to those. Because of the way virtualization works it should be not to mention and the operating system is not between the two. Now if that's enough, it's your security staff. Some COMPUTER security requires a complete physical separation of workloads DMZ, some require only virtual separation.
-
Distributed Virtual Switch supporting guests with different numbers of natachasery
Our environment has had the same ESXi host model for some time. Each has interfaces from 2 to 10 GB for the traffic of the virtual machine. We use a virtual switch distributed with 2 uplinks. Now, we stand at a new environment where there are 2 types of hosts. (1) a small workload ESXi host with interfaces of 2 to 10 GB and (2) a large load of work sESXI host with 4 to 10 GB interfaces. They are seperasted in 2 groups (large and small workload workload).
I had planned to share a Distributed Switch between the 2 groups, so I could move freely between them according to the needs. The only distinction of level of ESXi host is the power of horse and the I/O bandwidth (storage and networks VM will be used will be the same). It dawned on me that the distributed switch is configured with a particular number of uplinks. I'm trying to picture how this will work in this situation? I thought that I create a vSwitch distributed with 4 uplinks and finish by only using 2 of these uplinks when adding a small amount of work ESXi host to it. This is a valid configuration. Should I disable or do something special with the uplinks unused? I have not met this configuration so I wanted some tips on the correct configuration.
I have validated this configuration as described previously. A dVS with 4 uplinks can take care of the guests with "up to" 4 interfaces. Hosts with only 2 interfaces will have 2 of the 4 links rising dVS associated with natachasery while the other 2 will remain unused. In my case, I decided to use the uplink 1 and 2. Uplinks 3 and 4 are not used with these hosts.
-
Unable to add host to the distributed virtual switch
Hello
I'm trying to add a host to a virtual switch distributed through API (ReconfigureDvs_Task).
I'll put the following text:
VMWareDVSConfigSpec - configVersion, host
DistributedVirtualSwitchHostMemberConfigSpec - operation, host, support
DistributedVirtualSwitchHostMemberPnicBacking - pnicSpec
DistributedVirtualSwitchHostMemberPnicSpec - pnicDevice
Reconfigre_DvsTask fails with the following error in vcenter:
An error occurred during the configuration of the host. the exception (vim.fault.PlatformConfigFault)
VCenter newspapers also have the following information about this error:
[error 04244 "utilshostMethod"] [HostMethodDispatcher::ProcessTaskResult] The appeal [createDistributedVirtualSwitch] host [host-*] failed with the exception [vim.fault.PlatformConfigFault]
[error 03856 opID 'operationhostOp' = a0963b99] [MoDVSwitch::SendHostMemberChangeToHostsInParallel] failed calling host dvs Manager (op = add): got [exception vim.fault.PlatformConfigFault:]
-> (vim.fault.PlatformConfigFault) {}
-> dynamicType = < unset >
-> faultCause = (vmodl. NULL in MethodFault),
-> faultMessage = (vmodl. [LocalizableMessage)
-> (vmodl. LocalizableMessage) {}
-> dynamicType = < unset >
-> key = "com.vmware.esx.hostctl.default"
-> arg = (vmodl. [KeyAnyValue)
-> (vmodl. KeyAnyValue) {}
-> dynamicType = < unset >
-> key = "reason."
-> value = "error Sysinfo on operation returned status: busy.» See the VMkernel detailed error information log. "
--> }
--> ],
-> message = ' operation failed, the diagnostic report: error Sysinfo on operation returned status: busy.» See the VMkernel detailed error information log. "
--> }
--> ],
-> text = ""
-> msg = "an error occurred during the configuration of the host."
->}]
Any help will be greatly appreciated.
Thank you!
try to add the host by using some unused network cards...
Maybe you are looking for
-
Hewlett-Packard 786d 1: bios upd (pls help)
That's what I have, I found where to download the bios upd but the problem is that it is not available for wind 7 home. so can you help pls. http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ir_73174_2 & swEnvOid = 1093 # -this is where I f
-
Im trying to buy in game app addons, and I already did before several times for the same game. Now its telling me to contact support and used to cross. I used several types of cards that all the work so I know what isn't. Help?
-
Under the system of Windows Explorer, once I opened the menu "Organize Favorites" I could put in evidence of any entry, right click on it and then physically move the entry to the top or to the low w / I the menu. According to the regimen of FF, once
-
creating recovery OS disc will erase the other data on external hard drive?
-seagate external hard drive to create the operating system recovery disc. n ' has no partition, thought it would appear on disc ext with the rest of the files and data (like the time machine) -cannot access now, is no longer in the finder or on the
-
Hello world! My router WRT110 2 months shuts off and will not turn on. I pressed and held the reset button. I tried different sources of energy. I let stand without power days then tried again. Nothing. Any advice? Is he dead?