Configuring the Administrative Scope and State



The administrative state of a vFlow object determines if you enable or disable the corresponding flow policy in the switch hardware, as defined by mutually exclusive keywords enable and no-enable. By default, Netvisor ONE enables newly created vFlow objects.


The administrative scope defines the set of switches in the fabric where you create the vFlow object, which is controlled by the keyword scope, and can be either fabric or local scope. The administrative parameters for a vflow-create command are:


CLI (network-admin@switch-1) > vflow-create name <vflow-name> scope [fabric|local] [enable|no-enable]


name

The vFlow object's unique identifier

scope [fabric|local]

Defines the scope of the vFlow object. Once a Vflow object is created using either the local or the fabric scope, you cannot modify the scope of the vFlow object later. To modify, you must delete the vFlow object and create a new one.

enable|no-enable

Enables or disables the flow policy in hardware. By default, Netvisor enables the vFlow objects. You can disable the vflow policy using the no-enable parameter.

{parameters}

Specify one or more of the parameters

  • Table name
  • Filtering parameters
  • Action parameters
  • Flow class


For details, see the Filtering of Traffic Flows, Forwarding Action in vFlow Filters, and Commands and Parameters Applicable to vFlow Traffic sections. Also, see the Command Reference Guides


Note: You can specify the hardware table name while creating a vFlow object, however, if not specified, Netvisor ONE uses the default table,  System-L1-L4-Tun-1-0.

Fabric Scope


A fabric-scoped vFlow is a single managed object distributed across all switches that are part of the Adaptive Cloud Fabric in Netvisor ONE. To create a fabric scoped vFlow object, for example, use the command:


CLI (network-admin@switch-1) > vflow-create name example_fabric_scope scope fabric enable {parameters}




Figure 10-1: Fabric Scoped vFlow Object Example


Figure 10-1 illustrates a fabric scoped vFlow object topology, where a single vFlow object is created on all four switches: Leaf-1, Leaf-2, Leaf-3, and Leaf-4 that are part of the Adaptive Cloud Fabric.  The switches in the adaptive cloud fabric are also connected to multiple servers and other third party switches. In this scenario, the fabric-scoped vFlow can be modified concurrently on all switches of the fabric with a single CLI or API command, by referencing the unique name.  For example, the below command disables the previously created vFlow object,  example_fabric_scope for the entire fabric, where Netvisor ONE does not delete the object, but uninstalls the object from the hardware tables.


For example:


CLI (network-admin@switch-1) > vflow-modify name example_fabric_scope scope fabric no-enable


Local Scope


A local-scoped vFlow is an object defined and instantiated on one single switch. To create a locally scoped vFlow, for example, use the following command:


CLI (network-admin@switch-1) > vflow-create name example_local_scope scope local enable {parameters}


Netvisor ONE allows you to apply or modify the same vFlow policy on multiple switches concurrently using a single CLI or API command by including the switch  keyword followed by the list of individual switches or switch groups. Below is an example on creating a vFlow object on four switches, leaf-1, leaf-2, leaf-3, and leaf-4:


CLI (network-admin@leaf-1) > switch leaf-1,leaf-2 \ vflow-create name example_local_scope scope local


CLI (network-admin@leaf-1) > switch leaf-3,leaf-4 \ vflow-create name example_local_scope scope local


The above commands create the same vFlow object, example_local_scope on the four switches, leaf-1, leaf-2, leaf-3, and leaf-4 (see Figure 10-2).



Figure 10-2: Local Scoped vFlow Object Example


You can now modify or delete the vFlow objects on individual switches as explained in the  example below:


To disable the vFlow object, example_local_scope on the switch, leaf-1, use the command:


CLI (network-admin@leaf-1) > switch leaf-1 vflow-modify name example_local_scope no-enable


To delete the vFlow object, example_local_scope on the switch, leaf-2, use the command:


CLI (network-admin@leaf-1) > switch leaf-2 vflow-delete name example_local_scope