We've recently enabled Netflow on one of our ESX dvSwitches, and I've run into a couple of questions:
As ESX uses a "virtual" IP address as source for Netflow packets, we have added that address as External node to Orion. This results in the problem previously described in https://thwack.solarwinds.com/docs/DOC-174721 - all the virtual ports on the dvSwitch have to be added as interface to that External node by clicking though "Add this interface" on the corresponding NTA message. The "receiving flow from unmanaged interface" message does appear in NTA even when "Allow monitoring of flows from unmanaged interfaces." has been selected in the settings. I don't think the workaround from DOC-174721 will be useful for us (too many VMs). Has there been another solution to the unmanaged interfaces - problem by now that I just haven't found?
dvSwitch can optionally use sampled Netflow. We have selected a sampling rate of 10. Nevertheless, in Netflow Settings -> Manage NetFlow Sources and CBQoS Polling, Orion still shows "Auto-detect: No sampling" for the External node that represents our VMware netflow source. Manual edits to the rate will be overwritten by the auto-detection. Do I have to configure 1:1 sampling in VMware to be interoperable with Orion NTA?
In Traffic Analyzer Events, we sometimes see messages like this in regard to the VMware netflow source:
NetFlow Receiver Service [ORION] received an invalid IPFIX template with ID 263 from device 10.32.40.11. NetFlow Receiver Service [ORION] received an invalid IPFIX template with ID 262 from device 10.32.40.11. NetFlow Receiver Service [ORION] received an invalid IPFIX template with ID 260 from device 10.32.40.11. NetFlow Receiver Service [ORION] received an invalid IPFIX template with ID 258 from device 10.32.40.11.