Configuring the Administrative Scope and State
The administrative state of a vFlow object determines if you enable or disable the corresponding flow policy in the switch hardware, as defined by mutually exclusive keywords enable and no-enable. By default, Netvisor ONE enables newly created vFlow objects.
The administrative scope defines the set of switches in the fabric where you create the vFlow object, which is controlled by the keyword scope, and can be either fabric or local scope. The administrative parameters for a vflow-create command are:
CLI (network-admin@switch-1) > vflow-create name <vflow-name> scope [fabric|local] [enable|no-enable]
name |
The vFlow object's unique identifier |
scope [fabric|local] |
Defines the scope of the vFlow object. Once a Vflow object is created using either the local or the fabric scope, you cannot modify the scope of the vFlow object later. To modify, you must delete the vFlow object and create a new one. |
enable|no-enable |
Enables or disables the flow policy in hardware. By default, Netvisor enables the vFlow objects. You can disable the vflow policy using the no-enable parameter. |
{parameters} |
Specify one or more of the parameters
For details, see the Filtering of Traffic Flows, Forwarding Action in vFlow Filters, and Commands and Parameters Applicable to vFlow Traffic sections. Also, see the Command Reference Guides |
Note: You can specify the hardware table name while creating a vFlow object, however, if not specified, Netvisor ONE uses the default table, System-L1-L4-Tun-1-0.
Fabric Scope
A fabric-scoped vFlow is a single managed object distributed across all switches that are part of the Unified Cloud Fabric in Netvisor ONE. To create a fabric scoped vFlow object, for example, use the command:
CLI (network-admin@switch-1) > vflow-create name example_fabric_scope scope fabric enable {parameters}
Figure 12-1: Fabric Scoped vFlow Object Example
Figure 12-1 illustrates a fabric scoped vFlow object topology, where a single vFlow object is created on all four switches: Leaf-1, Leaf-2, Leaf-3, and Leaf-4 that are part of the Unified Cloud Fabric. The switches in the Unified Cloud Fabric are also connected to multiple servers and other third party switches. In this scenario, the fabric-scoped vFlow can be modified concurrently on all switches of the fabric with a single CLI or API command, by referencing the unique name. For example, the below command disables the previously created vFlow object, example_fabric_scope for the entire fabric, where Netvisor ONE does not delete the object, but uninstalls the object from the hardware tables.
For example:
CLI (network-admin@switch-1) > vflow-modify name example_fabric_scope scope fabric no-enable
Local Scope
A local-scoped vFlow is an object defined and instantiated on one single switch. To create a locally scoped vFlow, for example, use the following command:
CLI (network-admin@switch-1) > vflow-create name example_local_scope scope local enable {parameters}
Netvisor ONE allows you to apply or modify the same vFlow policy on multiple switches concurrently using a single CLI or API command by including the switch keyword followed by the list of individual switches or switch groups. Below is an example on creating a vFlow object on four switches, leaf-1, leaf-2, leaf-3, and leaf-4:
CLI (network-admin@leaf-1) > switch leaf-1,leaf-2 \ vflow-create name example_local_scope scope local
CLI (network-admin@leaf-1) > switch leaf-3,leaf-4 \ vflow-create name example_local_scope scope local
The above commands create the same vFlow object, example_local_scope on the four switches, leaf-1, leaf-2, leaf-3, and leaf-4 (see Figure 12-2).
Figure 12-2: Local Scoped vFlow Object Example
You can now modify or delete the vFlow objects on individual switches as explained in the example below:
To disable the vFlow object, example_local_scope on the switch, leaf-1, use the command:
CLI (network-admin@leaf-1) > switch leaf-1 vflow-modify name example_local_scope no-enable
To delete the vFlow object, example_local_scope on the switch, leaf-2, use the command:
CLI (network-admin@leaf-1) > switch leaf-2 vflow-delete name example_local_scope