DX Unified Infrastructure Management

  • 1.  Viptela Cflowd

    Posted Oct 05, 2018 01:04 PM

    Has anyone exported Viptela Cflowd/Ipfix records to NFA and getting useful reports?



  • 2.  Re: Viptela Cflowd

    Broadcom Employee
    Posted Oct 09, 2018 03:10 PM

    Massoud,

     

    We have seen some weird things. Customers have been reporting that NFA may show inaccurate data. What we found is that some Viptella device are sending inaccurate data as the application they provide matches NFA.

     

    If you could, upload a PCAP to a case, we can test it for you for your particular use case. 

     

    - Justin Signa 



  • 3.  Re: Viptela Cflowd

    Posted Oct 17, 2018 02:45 PM

    Managed to enable it and compare the reports to a known entity. The source destination IP's appear to be accurate, but the volumes appear much higher than expected (inaccurate data as referenced above). Variables used on Viptela are:

    flow-active-timeout 60
    flow-inactive-timeout 60
    template-refresh 90
    flow-sampling-interval 1


  • 4.  Re: Viptela Cflowd
    Best Answer

    Broadcom Employee
    Posted Feb 11, 2019 10:31 AM

    There is some ongoing work to certify Cflowd data from Viptela devices in NFA by our development team. 

     

    We currently do process the data, but there are still some questions about how Viptela represents their data in flow data, which results in the rate of data being slightly different then SNMP data at this time.  There are some fixes available for 9.3.8 and 9.5 to address some initial issues we found with Viptela devices which does make the date present more accurately.  However there does still seem to be some additional issues with the way Viptela sends data that makes NFA display slightly less data then expected with these fixes in place. 



  • 5.  Re: Viptela Cflowd

    Posted Feb 12, 2019 11:48 AM

    Is anything similar happening to certify Versa IPFIX data for NFA?



  • 6.  Re: Viptela Cflowd

    Broadcom Employee
    Posted Feb 12, 2019 12:09 PM

    Hello Bob, there is a feature request F71189 open for Versa flow support in NFA, however I am not sure of the progress on this request. 



  • 7.  RE: Re: Viptela Cflowd

    Posted Apr 03, 2020 02:33 AM
    Hello @Christopher Walsh, @Justin Signa​​,

    one of out Customers reported a similar behavior for CA NFA with Viptela devices (NFA looks to present less traffic than expected). Recently they moved from 9.3.3 to 10.0.3. I reviewed releases for 10.0 but I could not see anything related to Viptela except for 10.0.1:

    DE381174
    01108921
    The charts in CA NFA show data at a higher rate for Viptela devices.
    The data for Viptela devices is shown correctly
    Is this Defect part of the Feature Request you mentioned above (F71189 ) or there is still planned?

    Thanks in advance!

    F.


    ------------------------------
    Sr. Services Consultant
    HCL Technologies Czech Republic s.r.o.
    ------------------------------



  • 8.  RE: Re: Viptela Cflowd

    Broadcom Employee
    Posted Apr 03, 2020 09:23 AM
    Francisco,

    According to Cisco, Viptela's do not send all of the data that passes through them. We are currently still working with Cisco and our client but it seems that NFA 10.0.3 does report whatever data is sent in the flow packets properly.

    I would ask that you check the customers Harvester-Wrapper log to make sure their buffer is not at 100%.

    If it is at 99 to 100%, the harvester is dropping Viptela flows.

    Let us know.

    Thanks,

    Justin Signa