VFLOW - vFlow Table Profiles
Security/Monitoring vFlow Table Profiles
There are features and functions used in Arista NetVisor UNUM and Insight Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.
NetVisor OS allows you to apply multiple policies in parallel or in series to a particular traffic flow by providing the vFlow construct with two main attributes to control the sequential order of execution relative to other vFlows hardware table and precedence.
The following command keywords enable this functionality:
•table-name − hardware vFlow table name
•precedence − processing priority value
Hardware Table
NetVisor OS provides multiple filter tables along the internal flow hardware data path. However, by default, the vFlow is installed in the ingress filter table but allows you to optionally implement the vFlow in any other available table, although flow filtering, manipulation, and redirection capabilities may become limited. The figure below describes the available hardware tables with the corresponding vFlow table names and how the tables are concatenated, allowing both cascading and parallel execution policies.
Security / Monitoring vFlow Hardware Table
Hardware Filter Tables |
Description |
System-VCAP |
Where the system VCAP policies are defined at the pre-ingress stage. |
System-L1-L4 |
Where the system ingress traffic filtering policies are defined for L2, L3, and L4 packet parameters at the ingress or ICAP table. All system rules are defined in ICAP. |
Egress Table |
Where the system egress policies are defined at the egress or ECAP table. Supports drop and forward actions. |
Application Table |
Where the user application level policies are defined. |
QoS Table |
Where the ACL policies are defined. |
PBR Table |
Where the policy based routing policies are defined. For details, see the Configuring Policy-Based Routing section. |
IPv6 Table |
Where IPv6 policies are defined. |
IPv6 VCAP Table |
Where IPv6 VCAP policies are defined. |
Security / Monitoring vFlow Hardware Filter Table
Note: The capacity and availability of the hardware tables vary between switch models.
vFlow Table Profiles
Selecting Manager → Security/Monitoring → vFlow Table Profiles displays the vFlow Table Profiles dashboard.
Select the applicable Fabric from the left-hand navigation bar and the dashboard updates showing all Profiles from all switches within the Fabric.
Note: If no entries exist a "No Data Exists" message is displayed. You must first configure an entry on a switch. Prerequisite settings and configuration may be required.
The dashboard displays a list of existing vFlows by Switch. Additional parameters include: Profile, Enable, Comments, Flow Capacity, Flow Slices Needed, HW Flow Slices Used, HW Tbl and Configurable.
Manager Manage Security / Monitoring vFlow Table Profiles Fabric Dashboard
Selecting an individual Switch from the fabric updates the dashboard with only the vFlow information for that switch.
The dashboard displays a list of existing vFlow Table Profiles by Profile. Additional parameters include: Enable, Comments, Flow Capacity, Flow Slices Needed, Hw Flow Slices Needed, HW Tbl and Configurable.
Manager Manage Security / Monitoring vFlow Table Profiles Switch Dashboard
Edit a vFlow Table Profile
To modify a vFlow Table Profile use Edit by selecting the Cog icon to make changes: Enter the updated parameters for:
•Enable – (checkbox) – enable or disable the vFlow profile table.
•Hw Tbl – (drop-down) - select the hardware table from the list.
Manager Manage Security / Monitoring vFlow Table Profiles Modify
Click Save to continue or Cancel to return to the previous screen without making any changes.
The dashboard updates with the new settings.