Security/Monitoring vFlow Table Profiles


There are features and functions used in Arista NetVisor UNUM and Insight Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.


NetVisor OS allows you to apply multiple policies in parallel or in series to a particular traffic flow by providing the vFlow construct with two main attributes to control the sequential order of execution relative to other vFlows hardware table and precedence.


The following command keywords enable this functionality:


table-name − hardware vFlow table name

precedence − processing priority value


Hardware Table


NetVisor OS provides multiple filter tables along the internal flow hardware data path. However, by default, the vFlow is installed in the ingress filter table but allows you to optionally implement the vFlow in any other available table, although flow filtering, manipulation, and redirection capabilities may become limited. The figure below describes the available hardware tables with the corresponding vFlow table names and how the tables are concatenated, allowing both cascading and parallel execution policies.


Security / Monitoring vFlow Hardware Table


Hardware Filter Tables

Description

System-VCAP

Where the system VCAP policies are defined at the pre-ingress stage.

System-L1-L4

Where the system ingress traffic filtering policies are defined for L2, L3, and L4 packet parameters at the ingress or ICAP table. All system rules are defined in ICAP.

Egress Table

Where the system egress policies are defined at the egress or ECAP table. Supports drop and forward actions.

Application Table

Where the user application level policies are defined.

QoS Table

Where the ACL policies are defined.

PBR Table

Where the policy based routing policies are defined. For details, see the Configuring  Policy-Based Routing section.

IPv6 Table

Where IPv6 policies are defined.

IPv6 VCAP Table

Where IPv6 VCAP policies are defined.

Security / Monitoring vFlow Hardware Filter Table



Note: The capacity and availability of the hardware tables vary between switch models.


vFlow Table Profiles


Selecting Manager → Security/Monitoring → vFlow Table Profiles displays the vFlow Table Profiles dashboard. 


Select the applicable Fabric from the left-hand navigation bar and the dashboard updates showing all Profiles from all switches within the Fabric


Note: If no entries exist a "No Data Exists" message is displayed. You must first configure an entry on a switch. Prerequisite settings and configuration may be required.


The dashboard displays a list of existing vFlows by Switch. Additional parameters include: Profile, Enable, Comments, Flow Capacity, Flow Slices Needed, HW Flow Slices Used, HW Tbl and Configurable.


Manager Manage Security / Monitoring vFlow Table Profiles Fabric Dashboard


Selecting an individual Switch from the fabric updates the dashboard with only the vFlow information for that switch. 


The dashboard displays a list of existing vFlow Table Profiles by Profile. Additional parameters include: Enable, Comments, Flow Capacity, Flow Slices Needed, Hw Flow Slices Needed, HW Tbl and Configurable.


Manager Manage Security / Monitoring vFlow Table Profiles Switch Dashboard


Edit a vFlow Table Profile


To modify a vFlow Table Profile use Edit by selecting the Cog icon to make changes: Enter the updated parameters for:


Enable – (checkbox) – enable or disable the vFlow profile table.

Hw Tbl – (drop-down) - select the hardware table from the list.


Manager Manage Security / Monitoring vFlow Table Profiles Modify


Click Save to continue or Cancel to return to the previous screen without making any changes.


The dashboard updates with the new settings.



north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south