Support vCenter IPFIX info elements

[vvavad]

I am trying to add support for vCenter IPFIX to go-ipfix out of the box, similar to IANA and antrea info elements.

I tried to collect UDP IPFIX flow from a real vCenter server.

I found out that the registry is missing the vCenter info elements and enhanced the registry to init vCenter info elements based on a CSV file.
After loading the vCenter info elements in the reigistry, when I tried to collect the vCenter IPFIX data, now I am seeing issues with the template, and here is the error in the log

I0927 11:24:44.331725 92771 udp.go:109] Receiving 1388 bytes from 10.240.180.109:12055 I0927 11:24:44.331891 92771 udp.go:109] Receiving 92 bytes from 10.240.180.109:12055 E0927 11:24:44.331956 92771 udp.go:140] error in decoding message: template 264 with obsDomainID 0 does not exist

I could see from the code flow that, it expects the template records as part of the IPFIX flow. However I am unable to find how to do the same. Is there anything missing in the go-ipfix configuration I am doing or something needs to be configured at the vCenter side.

[srikartati]

Hi @vvavad, Good to see go-ipfix code is being used for other types of registries.

Not sure what your IPFIX exporter is here. Seems like vCenter server is the collector. Please follow this test function to see how to send a sample template with two info elements: https://github.com/vmware/go-ipfix/blob/main/pkg/exporter/process_test.go#L78 For complete exporter and collector tests, you could refer this test: https://github.com/vmware/go-ipfix/blob/main/pkg/test/exporter_collector_test.go

[vvavad]

Thanks for the response @srikartati

vCenter/vSphere server is the source of IPFIX flows or exporter. I have configured the distributed virtual switch and distributed virtual port group to emit/export IPFIX packets. Reference: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-55FCEC92-74B9-4E5F-ACC0-4EA1C36F397A.html

I have added a new registry to go-ipfix for vCenter info elements. go-ipfix now has 3 registries: IANA, antrea and vCenter. This link has list of vCenter specific elements/fields: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-40805D0E-8A97-4011-B85C-CBF37812DBB5.html

I am using go-ipfix collector to collect the same using this command: go run collector.go --ipfix.addr 1.2.3.4 --ipfix.port 9001 --ipfix.transport udp which is resulting in the error related to template.

I0927 11:24:44.331725 92771 udp.go:109] Receiving 1388 bytes from 10.240.180.109:12055
I0927 11:24:44.331891 92771 udp.go:109] Receiving 92 bytes from 10.240.180.109:12055
E0927 11:24:44.331956 92771 udp.go:140] error in decoding message: template 264 with obsDomainID 0 does not exist

While using the go-ipfix collector, is it mandatory to provide a templet as seen in the collector unit tests: https://github.com/vmware/go-ipfix/blob/6f96d84b01b740f3ed6d5d3e63a0b79d5dff1a98/pkg/collector/process_test.go#L151

[srikartati]

Yes, @vvavad template is a must for the collector to decode the flow records. IPFIX protocol is built on that premise.

You can take a look at the IPFIX templates in the documentation you provided: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-72D4257C-B669-4DC6-8A2A-404833082296.html

Depending on the flow records you are expecting, you need to send all templates from vCenter to your collector.

You are welcome to add the new registry for vCenter elements to the go-ipfix repo presuming it has its own enterprise ID.

[sameermahajan]

@srikartati how do we ensure that all templates (e.g. the one with ID 264 in our case) are sent from vCenter to the collector? As far as we can see, it is outside of our user control. Or is there any vCenter configuration that we might be missing?

Once we get the flow collection from vCenter working, we can definitely contribute the complete set of changes to the repo.

[srikartati]

I am not sure if vCenter has any feature which can export or forward the received records to an external collector. At least from the documentation, it doesn't look like so. You may want confirm through official channels of vCenter product, where appropriate folks could comment instead of taking my word.

Since you guys are trying to export on some custom port to a go-ipfix collector, I thought you plumbed it through a customized way.

[srikartati]

Closing this as there is no related action item. Once you were able to have an application that uses vCenter IPFIX elements, please feel free to create another issue to add the registry.