Refreshing vFlow Level Statistics for Long-lived Connections

Prior to Netvisor ONE 5.1.1 release, the connection analytics displayed the connection statistics ( incoming bytes, outgoing bytes, total bytes, and the age of the connection) only after the connection is completed, which  worked well for short-timed connections. However,  for long-lived  TCP connections, the connection statistics was unreliable. This was due to the fact that the parameters involved were calculated with reference to the TCP sequence numbers, which, for a long-lived connection, always wrapped around.

To eliminate inaccuracies in  long-lived TCP connection statistics, the TCP data packets with sequence numbers that are about to wrap around are sent to the CPU. This is implemented by defining a new vflow rule (policy). Netvisor ONE provides an option to enable this functionality through the vflow-settings-modify command. When the feature is active, the  connection-stats-show and connection-show commands show accurate outputs for long-lived TCP connections.


    • To enable long-lived TCP connection statistics, you must first enable the user-defined-flow knob.
    • Disable vxlan-analytics before enabling the long-lived TCP connection statistics knob.
    • You cannot enable  long-lived TCP connection statistics knob if the inflight-vxlan-analytics is enabled or vice-versa.

Note: You must restart nvOSd when you enable or disable the long-lived TCP connection statistics knob.

Use the vflow-settings-modify command to enable long-lived TCP connection statistics:

CLI (network-admin@switch) > vflow-settings-modify


Use this command to update a user vflow setting.

Specify one or more of the following options:


Specify to enable or disable the user defined flows.

Note: You must enable the user-defined-flow before enabling the longlived tcp connection statistics.


Specify to enable or disable VXLAN analytics.

Note: You must disable VXLAN analytics  before enabling the longlived tcp connection


Specify to enable or disable the  inflight VXLAN analytics.

Note: You must disable  inflight VXLAN analytics  before enabling the longlived tcp connection.


Specify to enable or disable the long-lived TCP connection statistics.

For example, to enable the long-lived TCP connection statistics, use the commands below:

CLI (network-admin@Leaf1) > vflow-settings-modify enable-user-defined-flow 

CLI (network-admin@Leaf1) > vflow-settings-modify no-vxlan-analytics no-inflight-vxlan-analytics 

CLI (network-admin@Leaf1) > vflow-settings-modify longlived-tcp-conn-stats

To view the user vflow settings, use the command vflow-settings-show. For example, after enabling long-lived TCP connection statistics, the typical output would be:

CLI (network-admin@Leaf1) > vflow-settings-show

enable-user-defined-flow: on

vxlan-analytics:          off

inflight-vxlan-analytics: off

longlived-tcp-conn-stats: on

To view the connection statistics, use the show commands:

CLI (network-admin@Leaf1) > connection-stats-show

vlan     ip       port iconns    oconns ibytes obytes total-bytes 

---- ------------ ---- --------- ------ ------ ------ ----------- 

100 32   402617119        813G   809G    1.58T

100 32   402439803        822G   818G    1.60T

100 32   402379008        828G   822G    1.61T

100 32   402531295        828G   824G    1.61T

100 32   402620992        833G   829G    1.62T

100 32   402466573        840G   836G    1.64T

CLI (network-admin@Leaf1) > connection-show

vlan   src-ip     dst-ip     dst-port cur-state latency obytes ibytes total-bytes age

---- ---------- ------------ -------- --------- ------- ------ ------ ----------- ---

100 http     fin       67.9us  198    188    386         1s

100 http     fin       62.3us  198    188    386         1s

100 http     fin       511us   198    188    386         1s

100 http     fin       66.4us  198    188    386         1s

100 http     fin       305us   198    188    386         1s