Top VM Traffic Monitor (10167 / 20167)
Description
This Module identifies VMs with the most traffic. It consolidates NetFlow records over a period of time (Data Collection Interval) which all have the same combination of the following fields:
- Source IP address
- Destination IP address
- Source port number
- Destination port number
- Layer 3 protocol
- Input interface
- Output interface
- VxLAN ID
- Source VM IPv4 address
- Destination VM IPv4 address
- Source VM port number
- Destination VM port number
- VM protocol
- VM ingress interface SNMP index
- VM egress interface SNMP index
This information is provided per NetFlow exporter.
Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| Data Collection Interval, sec | Module logic execution interval | min = 5 sec, max = 600 sec, default = 30 sec |
| N – number of reported hosts | The number of top hosts reported per NetFlow exporter | min = 0, max = 100000, default = 50 (0 indicates all hosts are reported) |
Input
VMware IPv4 VXLAN Template.
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|---|---|
| nfc_id | Message type identifier | “nfc_id=200167” |
| exp_ip | NetFlow exporter IP address | <IPv4_address> |
| vxlanId | VxLAN ID | <number> |
| sourceIPv4Address | Source host IPv4 address | <IPv4_address> |
| destinationIPv4Address | Destination host IPv4 address | <IPv4_address> |
| octetDeltaCount | Total number of Layer 3 bytes in the packets of the flow received by the input interface | <number> |
| packetDeltaCount | Packets in the flow received by the input interface | <number> |
| sourceTransportPort | Source host port number | <number> |
| destinationTransportPort | Destination host port number | <number> |
| ingressInterface | Exporter ingress interface SNMP index | <number> |
| egressInterface | Exporter egress interface SNMP index | <number> |
| protocolIdentifier | Transport Protocol (TCP = 6, UDP = 17) | <number> |
| tcpFlags | Cumulative OR of TCP flags | <string>, e.g. “SYN,ACK,FIN” |
| IPv4TOS | IP type of service (ToS) | <number> |
| tenantSourceIPv4 | Source VM IPv4 address | <IPv4_address> |
| tenantDestIPv4 | Destination VM IPv4 address | <IPv4_address> |
| tenantSourcePort | Source VM port number | <number> |
| tenantDestPort | Destination VM port number | <number> |
| tenantProtocol | VM protocol | <number> |
| vm_adjacency | VM adjacency indicator. If equal “Y”, VMs are residing on the same host. | <string> “Y” or “N” |
| flow_count | Number of Flows | <number> |
| percent_of_total | Percent of Total (bytes) VXLAN traffic | <decimal> |
| t_int | Observation time interval, msec | <number> |