Nutanix is a cloud OS for Hyperconverged Infrastructure (HCI). It allows you to control from one place your entire IT infrastructure, with a simple interface and/or on smartphones. Nutanix is usually used as a private cloud infrastructure, where the whole stack - processing, data, virtualization, and network resources - is integrated into Nutanix. Since you are putting all your eggs in one basket, you would definitely want to monitor traffic arriving in and from Nutanix. Unfortunately, Nutanix does not support NetFlow/sFlow out-of-the-box at the moment, so the configuration procedure described in this blog post is developed after excessive research and testing. So let's have a look on how it is done.
When you log onto Nutanix via terminal, you will be addressed with a warning:
Alteration of the hypervisor appliance (unless advised by Nutanix Technical Support) is unsupported and may result in the hypervisor or VMs functioning incorrectly.
Unsupported alterations include (but are not limited to):
- Configuration changes
- Installation of third-party software not approved by Nutanix
- Installation or upgrade of software packages from non-Nutanix sources (using yum, rpm, or similar).
However, we will ignore this warning and proceed with the installation of the host-sflow package:
rpm -ivh hsflowd-centos7-2.0.25-3.x86_64.rpm
systemctl enable hsflowd
Now, we need to configure collector and options inside /etc/hsflowd.conf, so it should something look similar to the following:
...
# collectors:
collector { ip=172.16.4.226 udpport=6343 }
...
# Open vSwitch sFlow configuration:
ovs { }
# KVM (libvirt) hypervisor and VM monitoring:
kvm { }
...
}
Meaning, you only need to edit these three lines, and then start the hsflowd service:
systemctl start hsflowd
Afterward, the traffic should start flowing into NetVizura Netflow Analyzer.
To check what to configure for sFlow export, you should look at the /etc/hsflowd.auto file:
rev_start=1
hostname=Nutanix-NetVizura
sampling=400
header=128
datagram=1400
polling=30
agentIP=172.16.16.249
agent=br0
ds_index=1
collector=172.16.16.226 6343
rev_end=1
The sampling is set at 400 by default, and if you need finer granulation you can set it to, for example, 50. However, beware it will cost you in CPU cycles.
Since we are not dealing with a NetFlow network device, device discovery will not work as the default. We need to install SNMP package:
yum install net-snmp -y
Next, we need to edit the file /etc/snmp/snmpd.conf in this manner, for example:
rocommunity NetVizura1
agentAddressudp:161
Lastly, we need to allow access to port 161 to reach NetVizura:
iptables -A INPUT -i br0 -p udp --dport 161 -j ACCEPT
Keep in mind that SNMP and iptables configuration is just an example, and that you should always provide better security control to SNMP and port 161.
