Nutanix NetFlow configuration

NetFlow Analyzer

Nenad Spasic

Wednesday, 11 August 2021

158 Hits

Nutanix is a cloud OS for Hyperconverged Infrastructure (HCI). It allows you to control from one place your entire IT infrastructure, with a simple interface and/or on smartphones. Nutanix is usually used as a private cloud infrastructure, where the whole stack - processing, data, virtualization, and network resources - is integrated into Nutanix.

Since you are putting all your eggs in one basket, you would definitely want to monitor traffic arriving in and from Nutanix. Unfortunately, Nutanix does not support NetFlow/sFlow out-of-the-box at the moment, so the configuration procedure described in this blog post is developed after excessive research and testing. So let's have a look on how it is done.

When you log onto Nutanix via terminal, you will be addressed with a warning:

Alteration of the hypervisor appliance (unless advised by Nutanix Technical Support) is unsupported and may result in the hypervisor or VMs functioning incorrectly.

Unsupported alterations include (but are not limited to):

Configuration changes
Installation of third-party software not approved by Nutanix

Installation or upgrade of software packages from non-Nutanix sources (using yum, rpm, or similar).

However, we will ignore this warning and proceed with the installation of the host-sflow package:

wget https://github.com/sflow/host-sflow/releases/download/v2.0.25-3/hsflowd-centos7-2.0.25-3.x86_64.rpm

rpm -ivh hsflowd-centos7-2.0.25-3.x86_64.rpm

systemctl enable hsflowd

Now, we need to configure collector and options inside /etc/hsflowd.conf, so it should something look similar to the following:

sflow {
...
# collectors:
collector { ip=172.16.4.226 udpport=6343 }
...
# Open vSwitch sFlow configuration:
ovs { }
# KVM (libvirt) hypervisor and VM monitoring:
kvm { }
...
}

Meaning, you only need to edit these three lines, and then start the hsflowd service:

systemctl start hsflowd

Afterward, the traffic should start flowing into NetVizura Netflow Analyzer.

To check what to configure for sFlow export, you should look at the /etc/hsflowd.auto file:

rev_start=1
hostname=Nutanix-NetVizura
sampling=400
header=128
datagram=1400
polling=30
agentIP=172.16.16.249
agent=br0
ds_index=1
collector=172.16.16.226 6343
rev_end=1

The sampling is set at 400 by default, and if you need finer granulation you can set it to, for example, 50. However, beware it will cost you in CPU cycles.

Since we are not dealing with a NetFlow network device, device discovery will not work as the default. We need to install SNMP package:

yum install net-snmp -y

Next, we need to edit the file /etc/snmp/snmpd.conf in this manner, for example:

rocommunity NetVizura1

agentAddressudp:161

Lastly, we need to allow access to port 161 to reach NetVizura:

        iptables -A INPUT -i br0 -p udp --dport 161 -j ACCEPT 

Keep in mind that SNMP and iptables configuration is just an example, and that you should always provide better security control to SNMP and port 161.

Tags:

About the author

Nenad Spasic

In corporate IT for 10 years. Oracle Linux Sertified and Cisco Certified Network Associate (CCNA) certified. Always interested in new technologies and optimizing older ones, until they shine. Loves community and this is his way of sharing with everyone.

Author's recent posts

Contact

Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210
sales@netvizura.com | support@netvizura.com

CONNECT WITH US: