All Collections
IT Environments
Network
Network Flow Monitoring
Network Flow Monitoring

Learn how to capture network flows in cloud and datacenter environments using the OneIQ Pulse connector

Alpha Team avatar
Written by Alpha Team
Updated over a week ago

Overview

Network flows provide valuable insights into dependencies among application workloads and the underlying Hybrid IT infrastructure. Understanding these dependencies is important for:

  • Identifying risks and threats across the network.

  • Application migration planning, cost and performance optimization.

  • Enhancing security by ensuring that network flows are only allowed among predefined application, service and infrastructure components.

OneIQ Pulse supports the following network flow protocols in cloud and datacenter environments:

  • IPFIX

  • JFlow 5-7, 9

  • NetFlow 5-7, 9

Datacenter

To capture network flows in the datacenter, they should be sent to the host running the OneIQ Pulse for Datacenter connector to the port specified in the Network Flow Collector Settings.

Once OneIQ Pulse starts receiving network flows:

  • Status will be Collecting

  • Total Sources will be positive

By default, OneIQ Pulse is configured to receive network flows on port 9995.

Best Practices

  • Verify that the Total Sources in Network Flow Collector Settings is incremented after each new network flow source is added.

  • Before increasing the sampling rate on network flow sources,

    • Check that the CPU and memory utilization of the host running OneIQ Pulse is below 60%.

    • Double the sampling rate (4096, 2048...256,128)

    • Ensure that sampling rates from all network flow sources are consistent.

Enabling NetFlow on a VMware vSphere Distributed Switch

To capture flows passing through a VMware vSphere Distributed Switch:

  1. Click Networking and navigate to the distributed switch.

  2. From Actions menu, select Settings > Edit NetFlow.

  3. Collector Type the IP of the host running OneIQ Pulse and specify port in the OneIQ Pulse Network Flow Collector Settings.

  4. By default, the Sampling rate should be set to 4096.

  5. Save settings.

Related Articles

For additional information on configuring NetFlow settings on a VMware vSphere Distributed Switch, please see the following VMware articles:

Cloud

Enabling network flows in AWS

OneIQ Pulse for AWS captures flow logs for Amazon Virtual Private Cloud (VPC), VPC subnets, or Elastic Network Interfaces (ENIs). To enable them, please follow the VPC Flow Logs โ€“ Log and View Network Traffic Flows article from AWS.

Enabling network flows in Azure

OneIQ Pulse for Azure uses Traffic Analytics feature in Azure Network Watcher to capture flow logs for Virtual Networks (VNets), subnets and network interfaces (NICs). Here are the steps to enable them:

  1. Navigate to the Azure Management Console.

  2. Azure Network Watcher should be enabled by default. If it is disabled, enable it.

  3. Create flow logs for network security groups (NSGs) of interest.

  4. Enable Traffic Analytics for VNets, subnets and NICs.

Did this answer your question?