ENA can collect flow data from devices that use either 16-bit or 32-bit interface indexing.
ENA can also collect flow data from devices running the following supported flow versions:
- NetFlow v5.
- Sampled NetFlow v5.
- NetFlow v6.
- NetFlow v7.
- NetFlow v9, support for the most commonly used templates.
- Sampled NetFlow v9.
- IPFIX, comparable support to that delivered for NetFlow v9.
- Netstream v5.
- Netstream v9.
- sFlow v4.
- sFlow v5.
- JFlow, for Juniper.
- VMware NSX based flows containing VXLAN information.
ENA supports bidirectional flows for NetFlow v9 and NetFlow v10 (IPFIX). The bidirectional NetFlow template contains two fields describing the data transfer:
Each data record describes transfer in two directions from source to destination and from destination to source. The first field is the transfer from source > destination and the second is destination > source. The unidirectional template contained one field:
ENA also supports Flexible NetFlow configurations. ENA requires the exporting router to be configured with the IP address of the target Entuity server and a port number. ENA can receive JFlow, NetFlow and IPFIX on any port(s). By default, it listens on ports 2055 and 9996, because these are the default ports for those protocols. You can add new ports or change existing ports, so long as they don't conflict with other ports taken by other processes/applications. You can also delete some ports if you do not want the port to be used.
ENA can receive sFlow on port 6343 only. By default, it listens on this port. You can remove the receiver on this port number to disable sFlow receiving.
You can set ENA to accept flow data on any port, excluding ports 2055 and 6343, through the following:
- Flow Port in configure.
ENA can simultaneously handle IPFIX, sFlow and other flow technology packets. However, you must ensure that the routers are forwarding flow packets to the appropriate port for that technology.
ENA supports NetFlow monitoring on Cisco ASA devices, dependent on the particular Cisco ASA version:
|Cisco ASA Version||ENA support|
ENA supports VMware NSX SDN flow monitoring (i.e. VXLAN overlays). You can break down VXLAN flow information in the Flow dashlet with general flow attributes, and the following specific attributes:
- Top Conversations (inside VXLAN)
- Top Applications (inside VXLAN)
- Top Ports (inside VXLAN)
- Top Hosts (inside VXLAN)
- Top Listeners (inside VXLAN)
- Top Talkers (inside VXLAN)
- Top Protocols (inside VXLAN)
Data obtained by directly monitoring the NSX infrastructure (including VMware VDS) is combined with VXLAN flow records. This allows traffic flows received from non-NSX aware devices within a network core (e.g. Cisco routers) to be presented and optionally decomposed into their constituent flows. Users can view exactly which VM-VM flows used a given VXLAN tunnel at any instrumented point in the core and at any point in time. This allows easy highlighting of, for example, fragmentation, packet loss, utilization, at key points in the virtual and physical infrastructure.