Skip to main content
Version: 2.9.1

Top VM Traffic Monitor (10167 / 20167)

Description​

This Module identifies VMs with the most traffic. It consolidates NetFlow records over a period of time (Data Collection Interval) which all have the same combination of the following fields:

  • Source IP address
  • Destination IP address
  • Source port number
  • Destination port number
  • Layer 3 protocol
  • Input interface
  • Output interface
  • VxLAN ID
  • Source VM IPv4 address
  • Destination VM IPv4 address
  • Source VM port number
  • Destination VM port number
  • VM protocol
  • VM ingress interface SNMP index
  • VM egress interface SNMP index

This information is provided per NetFlow exporter.

Parameters​

Parameter NameDescriptionComments
Data Collection Interval, secModule logic execution intervalmin = 5 sec, max = 600 sec, default = 30 sec
N – number of reported hostsThe number of top hosts reported per NetFlow exportermin = 0, max = 100000, default = 50 (0 indicates all hosts are reported)

Input​

VMware IPv4 VXLAN Template.

Syslog/JSON Message Fields​

KeyField DescriptionComments
nfc_idMessage type identifierβ€œnfc_id=200167”
exp_ipNetFlow exporter IP address<IPv4_address>
vxlanIdVxLAN ID<number>
sourceIPv4AddressSource host IPv4 address<IPv4_address>
destinationIPv4AddressDestination host IPv4 address<IPv4_address>
octetDeltaCountTotal number of Layer 3 bytes in the packets of the flow received by the input interface<number>
packetDeltaCountPackets in the flow received by the input interface<number>
sourceTransportPortSource host port number<number>
destinationTransportPortDestination host port number<number>
ingressInterfaceExporter ingress interface SNMP index<number>
egressInterfaceExporter egress interface SNMP index<number>
protocolIdentifierTransport Protocol (TCP = 6, UDP = 17)<number>
tcpFlagsCumulative OR of TCP flags<string>, e.g. β€œSYN,ACK,FIN”
IPv4TOSIP type of service (ToS)<number>
tenantSourceIPv4Source VM IPv4 address<IPv4_address>
tenantDestIPv4Destination VM IPv4 address<IPv4_address>
tenantSourcePortSource VM port number<number>
tenantDestPortDestination VM port number<number>
tenantProtocolVM protocol<number>
vm_adjacencyVM adjacency indicator. If equal β€œY”, VMs are residing on the same host.<string> β€œY” or β€œN”
flow_countNumber of Flows<number>
percent_of_totalPercent of Total (bytes) VXLAN traffic<decimal>
t_intObservation time interval, msec<number>