{"id":112,"date":"2020-09-30T08:05:37","date_gmt":"2020-09-30T08:05:37","guid":{"rendered":"https:\/\/www.sdwan2.com\/?p=112"},"modified":"2020-09-30T08:48:44","modified_gmt":"2020-09-30T08:48:44","slug":"elastiflow-velocloud","status":"publish","type":"post","link":"https:\/\/www.sdwan2.com\/index.php\/2020\/09\/30\/elastiflow-velocloud\/","title":{"rendered":"Elastiflow and VMware SD-WAN by Velocloud \u2013 Part 1"},"content":{"rendered":"\n

Objective of Elastiflow with VMware SD-WAN by Velocloud – Part 1<\/h3>\n\n\n\n

VMware SD-WAN (Velocloud) supports exports flow information in Netflow IPFIX format to one or more Netflow collectors, this is documented in \u201cConfigured Netflow Settings<\/a>\u201d.<\/p>\n\n\n\n

A Netflow collector supporting IPFIX in theory is able to display flows from Velocloud Edge. However, the Velocloud Edge flow has specific information such as \u201cvcFlowPath\u201d to describe the flow is going direct, going via Gateway, going via Hub Edge, etc. That means how much specific information to Velocloud is able to display in the Netflow collector is another story.<\/p>\n\n\n\n

As of the time of written this post, I am aware of two commercial products, which are VMware vRealize Network Insight<\/a> and Plixer Scrutinizer<\/a> both officially claims to support VMware SD-WAN by Velocloud.<\/p>\n\n\n\n

Elastiflow<\/a> (https:\/\/github.com\/robcowart\/elastiflow<\/a>) caught my attention as it has added support of Velocloud since version 4.0.0 (https:\/\/github.com\/robcowart\/elastiflow\/releases<\/a>). More importantly, Elastiflow is free to use as per my understanding. As a result, I would love to have the Elastiflow up and running as a collector\/analyzer for Velocloud in my lab. Then I can see the capabilities of Elastiflow when working with Velocloud.<\/p>\n\n\n\n

In this \u201cPart 1\u201d, the target is to document the steps for installation of the Elastiflow to a stage that flows from Velocloud Edge are visible in Elastiflow. The capabilities, limitations, hints of integrating Elastiflow with Velocloud are targeted at \u201cPart 2\u201d (hopefully can get time to do that).<\/p>\n\n\n\n

Elastiflow with Velocloud Topology<\/h3>\n\n\n\n

The following is the topology (Figure 1) for this post:<\/p>\n\n\n\n

\"\"
Figure 1<\/figcaption><\/figure>\n\n\n\n

The setup is a dark site (closed environment) which everything is simulated. The are two Velocloud Edges (VCE) and the focus is on the VCE with name Left-3-t which will be the one sending IPFIX to the ElastiFlow virtual machine (elastic02).<\/p>\n\n\n\n

Version Information<\/h3>\n\n\n\n

VMware SD-WAN, Velocloud:
The VCE is this test is running version 3.4.3<\/p>\n\n\n\n

Elastiflow:
The VM responsible for Elastiflow is an Ubuntu 20.04 server with 4 x vCPU, 32G RAM, 250G storage. Elastiflow version is 4.0.1.<\/p>\n\n\n\n

Elastiflow Installation and Configuration<\/h3>\n\n\n\n

The official procedure can be found here: https:\/\/github.com\/robcowart\/elastiflow\/blob\/master\/INSTALL.md<\/a><\/p>\n\n\n\n

Let\u2019s break down to the way how I get the installation done:<\/p>\n\n\n\n

Note<\/strong>: In this post, root user is being used for running the commands in the Ubuntu Linux. This is a bad habit, do not treat that as a usual practice, using non-root user with sudo is recommended.<\/pre>\n\n\n\n
Some preparations on the Linux<\/h4>\n\n\n\n
The Ubuntu Linux is named as elastic02, with static IP address 24.17.0.9<\/p>\n\n\n\n
Installing net-tool and unzip<\/h5>\n\n\n\n
This will make \u201cifconfig\u201d and \u201cunzip\u201d commands available for later use.<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# apt install net-tools unzip<\/span><\/code><\/pre>\n\n\n\n
Adjust net.core.rmem_default and net.core.rmem_max<\/h5>\n\n\n\n
Since the IPFIX, Netflow are UDP packets, Elastiflow needs to increase the receive buffer size. Add the following two lines to \/etc\/sysctl.conf<\/em><\/p>\n\n\n\n
net.core.rmem_default = 33554432<\/span><\/code>
net.core.rmem_max = 33554432<\/span><\/code><\/pre>\n\n\n\n
The following figure shows the grep command output after the changes of \/etc\/sysctl.conf<\/em><\/p>\n\n\n\n
\"\"
Figure 2<\/figcaption><\/figure>\n\n\n\n
To make the change effective immediately, issue the following commands:<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# sysctl -w net.core.rmem_default=33554432
net.core.rmem_default = 33554432
root@elastic02:\/home\/leejoe# sysctl -w net.core.rmem_max=33554432
net.core.rmem_max = 33554432
root@elastic02:\/home\/leejoe#<\/span><\/code><\/pre>\n\n\n\n
Installing Java<\/h5>\n\n\n\n
Java is required by Logstash. Issue the follow command to install Java<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# apt install default-jre<\/span><\/code><\/pre>\n\n\n\n
After the installation of Java is completed, verify the installation by “java -version”<\/em><\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# java -version\nopenjdk version \"11.0.8\" 2020-07-14\nOpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)\nOpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)\nroot@elastic02:\/home\/leejoe#<\/span><\/code><\/pre>\n\n\n\n
Disable the firewall<\/h5>\n\n\n\n
Since the purpose is to have a test environment to test the Elastiflow, disabling the firewall to avoid the firewall is blocking the ports needed for Netflow.<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# ufw disable\nFirewall stopped and disabled on system startup\nroot@elastic02:\/home\/leejoe#<\/span><\/code><\/pre>\n\n\n\n
Elastic Stack Installation<\/h3>\n\n\n\n
Installation of Elasticsearch<\/h4>\n\n\n\n
Firstly, import the Elasticsearch PGP Key by:<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add -\nOK\nroot@elastic02:\/home\/leejoe#<\/span><\/code><\/pre>\n\n\n\n
Next, install the apt-transport-https<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# apt install apt-transport-https<\/span><\/code><\/pre>\n\n\n\n
The 3rd<\/sup> step is to save the elastic-7.x repository definition<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# echo \"deb https:\/\/artifacts.elastic.co\/packages\/7.x\/apt stable main\" | sudo tee \/etc\/apt\/sources.list.d\/elastic-7.x.list\ndeb https:\/\/artifacts.elastic.co\/packages\/7.x\/apt stable main\nroot@elastic02:\/home\/leejoe#<\/span><\/code><\/pre>\n\n\n\n
Before the installation of Elastisearch, it is necessary to perform \u201capt update\u201d:<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# apt update<\/span><\/code><\/pre>\n\n\n\n
Lastly, install Elasticsearch<\/p>\n\n\n\n
root@elastic02:\/home\/leejoe# apt install elasticsearch<\/span><\/code><\/pre>\n\n\n\n
Configuration of Elasticsearch<\/h4>\n\n\n\n
The configuration file of Elasticsearch is \/etc\/elasticsearch.yml<\/em><\/p>\n\n\n\n
The following are the changes I have made:<\/p>\n\n\n\n
  1. Change the \u201cnetwork.host<\/em>\u201d line from
    #network.host: 192.168.0.1<\/span><\/code>
    To
    network.host: 0.0.0.0<\/span><\/code><\/li>
  2. Change \u201ccluster.initial_master_nodes<\/em>\u201d line from
    #cluster.initial_master_nodes: [\"node-1\", \"node-2\"]<\/span><\/code>
    To
    cluster.initial_master_nodes: [\"24.17.0.9\"]<\/span><\/code><\/li>
  3. Adding the following two lines to \/etc\/elasticsearch.yml<\/em>
    indices.query.bool.max_clause_count: 8192
    search.max_buckets: 250000<\/span><\/code><\/li><\/ol>\n\n\n\n
    The first change of network.host<\/em> will make Elasticsearch listen on all IP addresses of the host. This change is not a must (probably not a good practice for production), I make this change which will let me check the Elasticsearch status over the network.
    The second change of the cluster.initial_mask_nodes<\/em> is to let the Elasticsearch aware there is only a single member in this configuration. You need to change the IP address to the corresponding IP address of your virtual machine.
    The third changes of configuring the values of indices.query.bool.max_clause_count<\/em> and search.max_buckets<\/em> are the requirement of Elastiflow.<\/p>\n\n\n\n
    The following screen capture shows the output of the corresponding parameters in elasticsearch.yml<\/em> after the above changes:<\/p>\n\n\n\n
    \"\"
    Figure 3<\/figcaption><\/figure>\n\n\n\n
    Starting Elasticsearch and verification<\/h4>\n\n\n\n
    Start Elasticsearch service by “service elasticsearch start”<\/em><\/p>\n\n\n\n
    root@elastic02:\/etc\/elasticsearch# service elasticsearch start<\/span><\/code><\/pre>\n\n\n\n
    Check the Elasticsearch service is running or not by “service elasticsearch status<\/em>“<\/p>\n\n\n\n
    \"\"
    Figure 4<\/figcaption><\/figure>\n\n\n\n
    While confirmed the elasticsearch service is running, can point the browser to localhost:9200 to further check:<\/p>\n\n\n\n
    root@elastic02:\/etc\/elasticsearch# curl http:\/\/localhost:9200
    {
    \"name\" : \"elastic02\",
    \"cluster_name\" : \"elasticsearch\",
    \"cluster_uuid\" : \"IDMLMAzwQZWUZhJIO5aMxg\",
    \"version\" : {
    \"number\" : \"7.9.2\",
    \"build_flavor\" : \"default\",
    \"build_type\" : \"deb\",
    \"build_hash\" : \"d34da0ea4a966c4e49417f2da2f244e3e97b4e6e\",
    \"build_date\" : \"2020-09-23T00:45:33.626720Z\",
    \"build_snapshot\" : false,
    \"lucene_version\" : \"8.6.2\",
    \"minimum_wire_compatibility_version\" : \"6.8.0\",
    \"minimum_index_compatibility_version\" : \"6.0.0-beta1\"
    },
    \"tagline\" : \"You Know, for Search\"
    }
    root@elastic02:\/etc\/elasticsearch#<\/span><\/code><\/pre>\n\n\n\n
    Getting an output similar to above means the elasticsearch service is running properly.<\/p>\n\n\n\n
    Installation of Kibana<\/h4>\n\n\n\n
    Since I am going to have a single Ubuntu hosting all three Elasticsearch, Kibana and Logstash, and Elasticsearch is already installed, at this stage, can go ahead to use apt to install Kibana:<\/p>\n\n\n\n
    root@elastic02:\/home\/leejoe# apt install kibana<\/span><\/code><\/pre>\n\n\n\n
    Configuration of Kibana<\/h4>\n\n\n\n
    The configuration file of Kibana is \/etc\/kibana\/kibana.yml<\/em>
    Two changes will be make in kibana.yml<\/p>\n\n\n\n
    1. Uncomment the line server.port: 5601<\/em><\/li>
    2. Change the \u201cserver.host<\/em>\u201d line from
      #server.host: \"localhost\"<\/span><\/code>
      To
      server.host: \"0.0.0.0\"<\/span><\/code><\/li><\/ol>\n\n\n\n
      The first change let Kibana to listen on the default port number 5601. The second change makes Kibana listening on all the IP addresses of the Ubuntu instead of just localhost, this allows visit the Kibana page over network.
      The following screen capture shows the output of the corresponding parameters in kibana.yml<\/em> after the above changes:<\/p>\n\n\n\n
      \"\"
      Figure 5<\/figcaption><\/figure>\n\n\n\n
      Check the Kibana service status by “service kibana status<\/em>“:<\/p>\n\n\n\n
      \"\"
      Figure 6<\/figcaption><\/figure>\n\n\n\n
      Further verify by pointing the Chrome Browser to the Ubuntu IP address with port 5601, if the Kibana is running properly, should be able to see a page similar to this:<\/p>\n\n\n\n
      \"\"
      Figure 7<\/figcaption><\/figure>\n\n\n\n
      Installation of Logstash<\/h4>\n\n\n\n
      Since I am going to have a single Ubuntu hosting all three Elasticsearch, Kibana and Logstash, and Elasticsearch is already installed, at this stage, can go ahead to use apt to install Logstash:<\/p>\n\n\n\n
      root@elastic02:\/home\/leejoe# apt install logstash<\/span><\/code><\/pre>\n\n\n\n
      Configuring Logstash for Elastiflow<\/h4>\n\n\n\n
      It is time to download the Elastiflow from github. In this example, download the Elastiflow to \/var\/tmp<\/em><\/p>\n\n\n\n
      root@elastic02:\/var\/tmp# wget https:\/\/github.com\/robcowart\/elastiflow\/archive\/master.zip<\/span><\/code><\/pre>\n\n\n\n
      Rename the master.zip to elastiflow.zip and then unzip the elastiflow.zip:<\/p>\n\n\n\n
      root@elastic02:\/var\/tmp# mv master.zip elastiflow.zip\nroot@elastic02:\/var\/tmp# unzip elastiflow.zip<\/span><\/code><\/pre>\n\n\n\n
      The following steps are from the procedure \u201cSetting up Logstash\u201d in INSTALL.md<\/p>\n\n\n\n
      1. Tune Linux for improved UDP Throughput. Copy 87-elastiflow.conf<\/em> into \/etc\/sysctl.d<\/em><\/li><\/ol>\n\n\n\n
        root@elastic02:\/var\/tmp# cp \/var\/tmp\/elastiflow-master\/sysctl.d\/87-elastiflow.conf \/etc\/sysctl.d\/<\/span><\/code><\/pre>\n\n\n\n
        2. Increase Logstash Priority
        Edit \/etc\/systemd\/system\/logstash.service<\/em> by change the line \u201cNice=19<\/em>\u201d to \u201cNice=0<\/em>\u201d. The screen capture below shows the grep output after the change<\/p>\n\n\n\n
        \"\"
        Figure 8<\/figcaption><\/figure>\n\n\n\n
        1. Set JVM heap size
          In this example, I am using the value of 4GB for JVM heap. Edit the \/etc\/logstash\/jvm.options<\/em> such that the two lines “-Xms1g<\/em>” and “-Xmx1g<\/em>” becomes “-Xms4g<\/em>” and “-Xmx4g<\/em>“. The screen capture below shows the grep output after the change:<\/li><\/ol>\n\n\n\n
          \"\"
          Figure 9<\/figcaption><\/figure>\n\n\n\n
          4. Add and Update required Logstash plugins, such as sFlow
          Issue the following commands:<\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin install logstash-codec-sflow\nroot@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin update logstash-codec-netflow\nroot@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin update logstash-input-udp\nroot@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin update logstash-input-tcp\nroot@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin update logstash-filter-dns\nroot@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin update logstash-filter-geoip\nroot@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/logstash-plugin update logstash-filter-translate<\/span><\/code><\/pre>\n\n\n\n
          5. Copy the pipeline files to the Logstash configuration path
          Issue the follow command to copy the elastiflow folder to \/etc\/logstash<\/em><\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# cp -R \/var\/tmp\/elastiflow-master\/logstash\/elastiflow\/ \/etc\/logstash\/<\/span><\/code><\/pre>\n\n\n\n
          6. Setup environment variable helper files
          The goal is to copy the logstash.service.d\/elastiflow.conf<\/em> to \/etc\/systemd\/system\/logstash.service.d\/<\/em> folder
          <\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# mkdir \/etc\/systemd\/system\/logstash.service.d\nroot@elastic02:\/etc\/logstash# cp \/var\/tmp\/elastiflow-master\/logstash.service.d\/elastiflow.conf \/etc\/systemd\/system\/logstash.service.d\nroot@elastic02:\/etc\/logstash#<\/span><\/code>\n<\/pre>\n\n\n\n
          It is required to edit \/etc\/systemd\/system\/logstash.service.d\/elastiflow.conf<\/em> to let Logstash knows is there an array of Elasticsearch or a single Elasticsearch. In this post, there is only a single Elasticsearch, thus, comment out the following 3 lines:
          <\/p>\n\n\n\n
          Environment=\"ELASTIFLOW_ES_HOST_1=127.0.0.1:9200\"\nEnvironment=\"ELASTIFLOW_ES_HOST_2=127.0.0.2:9200\"\nEnvironment=\"ELASTIFLOW_ES_HOST_3=127.0.0.3:9200\"<\/span><\/code><\/pre>\n\n\n\n
          After commented out the Elasticsearch array configuration, the output will be as the screen capture below with this grep command:<\/p>\n\n\n\n
          \"\"
          Figure 10<\/figcaption><\/figure>\n\n\n\n
               In order to have the changes to take, issue \u201csudo systemctl daemon-reload<\/em>\u201d:<\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# systemctl daemon-reload\nroot@elastic02:\/etc\/logstash#<\/span><\/code><\/pre>\n\n\n\n
          7. Configure the Logstash pipelines
          The pipelines configuration for Logstash is located at \/etc\/logstash\/pipelines.yml<\/em>. Since the Elastiflow is the only pipelines will be used in this Elastic Stack, what we need to do is comment out the default main pipeline and add the following two lines to pipelines.yml<\/p>\n\n\n\n
          - pipeline.id: elastiflow\npath.config: \"\/etc\/logstash\/elastiflow\/conf.d\/*.conf\"<\/span><\/code><\/pre>\n\n\n\n
          The following screen capture shows how pipelines.yml<\/em> looks like after the change:<\/p>\n\n\n\n
          \"\"
          Figure 11<\/figcaption><\/figure>\n\n\n\n
          8. Inputs for Logstash
          There are situation you might need to adjust the inputs for Elastiflow, which the configuration files are located at “\/etc\/logstash\/elastiflow\/conf.d<\/em>“. In this demonstration, the default looks good, so there is no changes being made.<\/p>\n\n\n\n
          9. DNS name resolution
          By default, the Elastiflow does not resolve the IP address to DNS name for flow exporter (Velocloud Edge in this case) and endpoints. In this demonstration, DNS name resolution will not be enabled, thus, no configuration change is required.
          If you are interested in enabling the DNS name resolution, check \u201cEnable DNS name resolution (optional)” in the Elastiflow INSTALL.md (https:\/\/github.com\/robcowart\/elastiflow\/blob\/master\/INSTALL.md<\/a>)<\/p>\n\n\n\n
          10. Install the Logstash init files
          Install the Logstash init files by command “\/usr\/share\/logstash\/bin\/system-install<\/em>“<\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# \/usr\/share\/logstash\/bin\/system-install\nOpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.\n\/usr\/share\/logstash\/vendor\/bundle\/jruby\/2.5.0\/gems\/pleaserun-0.0.31\/lib\/pleaserun\/platform\/base.rb:112: warning: constant ::Fixnum is deprecated\nSuccessfully created system startup script for Logstash\nroot@elastic02:\/etc\/logstash#<\/span><\/code><\/pre>\n\n\n\n
          Starting Logstash service<\/h4>\n\n\n\n
          Before starting the Logstash, it can be a good idea to run \u201csystemctl daemon-reload<\/em>\u201d one more time, which will ensure any changes of the environment variables are getting effective. <\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# systemctl daemon-reload <\/span><\/code>
          root@elastic02:\/etc\/logstash#<\/span><\/code><\/pre>\n\n\n\n
          To start the Logstash service, run \u201csystemctl start logstash<\/em>\u201d:<\/p>\n\n\n\n
          root@elastic02:\/etc\/logstash# systemctl start logstash\nroot@elastic02:\/etc\/logstash#<\/span><\/code><\/pre>\n\n\n\n
          The Logstash takes some time to get started (in my environment it takes about 1 minute), it is recommended to check the \/var\/log\/logstash\/logstash-plain.log<\/em> to see the progress and also check any error messages.
          The following is a screen capture showing the last few lines of “tail -F \/var\/log\/logstash\/logstash-plain.log<\/em>“<\/p>\n\n\n\n
          \"\"
          Figure 12<\/figcaption><\/figure>\n\n\n\n
          The installation and configuration of Logstash are done at this point.<\/p>\n\n\n\n
          Setting up Kibana<\/h3>\n\n\n\n
          To load the Elastiflow dashboard to Kibana, import \/kibana\/elastiflow.kibana.7.8.x.ndjson<\/em> (https:\/\/github.com\/robcowart\/elastiflow\/blob\/master\/kibana\/elastiflow.kibana.7.8.x.ndjson<\/a>) in the Kibana UI. To do this, go to Management –> Stack Management –> Kibana Saved Objects and select Import.
          Follow the following 5 screen captures (Figure 13 – Figure 17) for the exact steps:<\/p>\n\n\n\n
          \"\"
          Figure 13<\/figcaption><\/figure>\n\n\n\n
          \"\"
          Figure 14<\/figcaption><\/figure>\n\n\n\n
          \"\"
          Figure 15<\/figcaption><\/figure>\n\n\n\n
          \"\"
          Figure 16<\/figcaption><\/figure>\n\n\n\n
          \"\"
          Figure 17<\/figcaption><\/figure>\n\n\n\n
          Apply the \u201cRecommended Kibana Advanced Settings\u201d<\/p>\n\n\n\n
          The INSTALL.md<\/a> documented very well on how and why some Kibana Advanced Settings need to be changed. Here will not repeat those, instead, the follow screen captures (Figure 18 – Figure 21) show how the settings look like after applied the recommended settings:<\/p>\n\n\n\n
          doc_table:highlight<\/p>\n\n\n\n
          \"\"
          Figure 18<\/figcaption><\/figure>\n\n\n\n
          filters:pinnedByDefault<\/p>\n\n\n\n
          \"\"
          Figure 19<\/figcaption><\/figure>\n\n\n\n
          state:storeInSessionStorage<\/p>\n\n\n\n
          \"\"
          Figure 20<\/figcaption><\/figure>\n\n\n\n
          timepicker:quickRanges<\/p>\n\n\n\n
          \"\"
          Figure 21<\/figcaption><\/figure>\n\n\n\n
          The Elasticflow setup and configuration are completed at this point.<\/p>\n\n\n\n
          VMware SD-WAN Edge (Velocloud Edge) configuration<\/h3>\n\n\n\n
          To instruct the Velocloud Edge (VCE) sending the IPFIX netflow to the Elastiflow virtual machine, follow the steps below<\/p>\n\n\n\n
          1. Add the Elastiflow IP address 24.17.0.9 with port number 2055 as Netflow Collector by: Configure –> Network Services –> Netflow Settings:<\/li><\/ol>\n\n\n\n
            \"\"
            Figure 22<\/figcaption><\/figure>\n\n\n\n
            1. In the VCE (Edge-3-t in this example), enable the Netflow with this elastic02 collector under \u201cConfigure –> Edges –> Netflow Settings\u201d<\/li><\/ol>\n\n\n\n
              \"\"
              Figure 23<\/figcaption><\/figure>\n\n\n\n
              1. (Optional) In this lab test, I would like the VCE sending out the Netflow IPFIX packets directly on the Internet interface, that is local breakout instead of going via the SD-WAN Gateway. That\u2019s why I have added a business policy called Elastic02-Direct for this purpose, this business policy makes the VCE sending traffic destinated to 24.17.0.9 (that is the Elastiflow) sending out direct.<\/li><\/ol>\n\n\n\n
                \"\"
                Figure 24<\/figcaption><\/figure>\n\n\n\n
                The above 3 steps concludes the Netflow configuration in the Velocloud side.<\/p>\n\n\n\n
                Checking the Elastiflow Dashboard<\/h3>\n\n\n\n
                If the Netflow setting was just configured in the Velocloud side, I suggest wait for 15 minutes to visit the Elastiflow Dashboard.
                To visit the Elastiflow Dashboard, in the Kibana Home, click on Dashboard:<\/p>\n\n\n\n
                \"\"
                Figure 25<\/figcaption><\/figure>\n\n\n\n
                Click on the \u201cElastiFlow: Overview\u201d, which is the landing page for ElastiFlow:<\/p>\n\n\n\n
                \"\"
                Figure 26<\/figcaption><\/figure>\n\n\n\n
                The “Figure 27” below is the sample screen capture of \u201cElastiflow Overview\u201d from this test lab environment:<\/p>\n\n\n\n
                \"\"
                Figure 27<\/figcaption><\/figure>\n\n\n\n
                Adding one more sample screen capture of \u201cElastiFlow Top-N\u201d:<\/p>\n\n\n\n
                \"\"
                Figure 28<\/figcaption><\/figure>\n\n\n\n
                By browsing different ElastiFlow dashboard, can confirm this Ubuntu VM running ElastiFlow is able to receive Netflow from the VCE and report the flows in different dashboards. 
                This meets the objective of this post.<\/p>\n\n\n\n
                Elastiflow and VMware SD-WAN by Velocloud – Part 1 is completed here.<\/p>\n","protected":false},"excerpt":{"rendered":"
                Objective of Elastiflow with VMware SD-WAN by Velocloud – Part 1 VMware SD-WAN (Velocloud) supports exports flow information in Netflow IPFIX format to one or more Netflow collectors, this is documented in \u201cConfigured Netflow Settings\u201d. A Netflow collector supporting IPFIX in theory is able to display flows from Velocloud Edge. However, the Velocloud Edge flow […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"templates\/template-fullwidth.php","format":"standard","meta":{"zakra_sidebar_layout":"customizer","zakra_remove_content_margin":false,"zakra_sidebar":"customizer","zakra_transparent_header":"customizer","zakra_logo":0,"zakra_main_header_style":"default","zakra_menu_item_color":"","zakra_menu_item_hover_color":"","zakra_menu_item_active_color":"","zakra_menu_active_style":"","zakra_page_header":true,"footnotes":""},"categories":[7,5],"tags":[],"class_list":["post-112","post","type-post","status-publish","format-standard","hentry","category-netflow","category-velocloud"],"_links":{"self":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts\/112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/comments?post=112"}],"version-history":[{"count":24,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts\/112\/revisions"}],"predecessor-version":[{"id":166,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts\/112\/revisions\/166"}],"wp:attachment":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/media?parent=112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/categories?post=112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/tags?post=112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}