IP LAYER MONITORING IN VMWARE VSPHERE – 2

2 posts earlier, I talked about NetFlow in VMware 5.x and how to enable it in vSphere dvSwitch. I have also shown how you can send IP traffic flow information to a NetFlow collector. Nowadays, there are lots of commercial NetFlow collectors available; however, in this post I will introduce a simple, open-source NetFlow collector which you can use in your VMware environment to analyze IP traffic. This pretty piece of software is: ‘nfdump

As it’s shown, Nfdump has 2 major elements: ‘nfcapd‘ which is a daemon to gather and store relevant packets and ‘nfdump‘ which collects packets from all the daemons and interprets them. Apparently, nfcapd and nfdump could run on different machines and there could be multiple daemons but in case of VMware vSphere, it depends solely on the number of dvSwitches. If there is only one distributed switch, all the IP traffic flow information from all portgroups in that dvSwitch will be forwarded to one nfcapd. For test purposes, I also deployed both nfdump and nfcapd on a single linux machine but in cases that traffic is high, it maybe a good idea to deploy them on two different machines. Of course nfdump should have access to the storage in that case.

After installation, first you need to run daemon and specify a port and directory to store ip traffic information. Apparently, nfcapd will store information in binary. The command is simple, something like this:

  • nfcapd -w -D -l /var/netflow/dvswitch -p 23456

Then, daemon will run and listen to the specified port: 23456. If you have configured dvSwitch correctly (by specifying ip address of linux machine and 23456 as port) and activated monitoring on some portgroups in vCenter, this daemon will generate a couple of files in that directory.
Now, whenever you want to view the captured ip traffic flows, you should run nfdump. Since there are lots of files in that directory, you can interpret the whole directory using -R option with this command:

  • nfdump -R /var/netflow/dvswitch/

Filtering in nfdump is also possible, pretty much the same as tcpdump and you can view traffics of interest. You can find more information on nfdump website.

To view NetFlow captured traffic visually, you can mix nfsen with nfdump. It uses information that is dumped by daemon and utilizing rrdtool, it visualizes traffic flow. Installation is not difficult and you can see more information on their website. I’m really satisfied by this beautiful combination of nfdump and nfsen and if you intend to use NetFlow for monitoring, I recommend trying them. Good Luck!

Advertisements

Software Defined Networking

Last week I attended a seminar about SDN (Software Defined Networking) and SDDC (Software Defined Data Center) and I met some high profile people from high profile companies. It seems this topic will be hot in coming years and many manufacturers and providers are coming in to this road. The good news is that there are some standards like OpenFlow managed and maintained by Open Networking Foundation (ONF) and OpenStack that will help in orchestration and inter-operatability to the benefit of customers.
Although, there are some different ideas about the approaches to SDN; for example VMware likes to implement SDN in an all-software solution (NSX) , while Cisco (and other device manufacturers) apparently prefers hardware implemented devices which support SDN. For this latter one, imagine that you have a SDN-enabled switch with some API’s that you can program it to perform in your desired way. That’s cool! Maybe, somethings like load balancing or geofencing can be implemented on the fly by using these APIs in a networking appliance!
For someone with hardware background like myself, this hardware approach seems more attractive and I’m thrilled how it goes. As a matter of fact, a while ago I was thinking: if we can have a tiny device doing a lot of things that can be programmed by developers (I meant Smartphone), why we don’t do the same with more advanced equipments like networking devices?  And now it’s coming to the reality! Smart switch or router! combining them with Virtualization and Cloud and on-demand services, customers can implement interesting functionalities which are more cost effective and agile. HP networking was talking about HP SDN App Store! You see! I’m not an advocate of HP but as a result of this, maybe we see a revolution in networking area!

Related articles

To get started …

Well, there should be a beginning for everything and yes, it’s the beginning for this blog! So, let’s go over this cliche quick.

It’s going to be a technical blog about networking, as its name implies: some tweets about networking! I’m prone to cloud topics, though it won’t be limited to cloud stuff. You may ask do we need just another blog about networking or cloud computing? Ummm, I would say the number of ways to approach a problem equals the number of people who think about it. Networking and cloud is not a different story and this variety in techniques is beautiful!

My name is Mehdi Kianpour, now living in Canada. It’s like 15 years I’m working in this field and I think I can add something to online resources that may help other people fix their issues or understand a concept quicker. Recently, I’m engaged in some projects that are dependant on cloud technologies. Of course, we all know that cloud is the new (almost new) trend, while comparing to other networking stuff, there is less independent information over Internet. I will try to talk about some less experienced tasks and address some yet unknown issues and I hope this blog to be useful in this field.

And last but not least, I’m looking forward to hear from everybody (in specific other specialists) in my blog about the topics I cover or any other comment. So, see you soon!