How to set "Flow Monitoring" with NSX-V
Networking is all about communication. The communication between two end points where on one end, one user asks "Hey, how are you?" and another user responds "Hi, I am good, thanks" and this kind of conversation requires a lot of efforts in networking terms. I always wonder how the network flows and how to check what is flowing.
The flow of network traffic is series of transactions between endpoints which are confined to opening and closing of the session. There is huge amount of data flow and to analyze what sort of data is flowing, we need a tool called "Network flow monitoring". This tool has been proving the best way to solve complex networking problems and ensure class and quality of service and is capable of network traffic analysis, bandwidth utilization monitoring and infrastructure management.
In this article, I would like to discuss about the network flow in NSX.
For virtualized environments, flow monitoring is the analysis that shows the traffic flow from one VM to another. It captures the information on the vNIC level and identifies different services that exchange data.
This data includes the number of sessions and packets transmitted per session. Session details include sources, destinations, applications, and ports being used. Session details can be used to create firewall allow or block rules.
Note : Flow Monitoring can only be turned on for NSX deployments where the firewall is enabled
Let's see how do we achieve this.
Login to the "vCenter" and click on Menu > Network and Security
Now, to enable flow monitoring, lets add firewall rule first.
On the left pane
>Network and Security > Security > Firewall > Add Section
When you select "Create New Section", it will prompt for the Section name and properties. I used the name "Test"
Once the section is added, add rule to that section. To add firewall rule,
Click on "Add Rule" and give name. I named it "Test Rule"
Add a source and destination VM
Click on "Pencil" button on source , edit it and then do the same for destination
Select Object Type : Virtual Machine
Select a Virtual machine from Available objects and add it to selected objects and hit Save
Repeat the same step for destination tab as well. Select the virtual machine at destination.
Now, when the source and destination VMs are checked and set services as "Any", the action will decide whether the traffic is allowed or blocked or rejected. I selected "Block" here. Once done, click on "Save" and then "Publish" on right top which will give you "ID" through which the flow will be tracked.
Since the rule has been created and let me show you how to set "Flow Monitoring"
You need to go to >Menu > Network and Security > Tools > Flow Monitoring on the left pane.
To start Flow Monitoring , select vNic of a VM
Once this procedure is done, Hit start button and you will be seeing flow with direction and ports being used.
The green ones are "new active flows" and the red ones are "Terminated Flows"
Thanks for Reading !