SD-WAN flow data ingestion

Scrutinizer is capable of acting as a collector for NetFlow- or IPFIX-exporting devices/appliances from the following SD-WAN providers:

  • HPE Aruba Networking EdgeConnect (formerly Silver Peak Unity EdgeConnect)

  • Barracuda Secure SD-WAN

  • Cisco IOS-XE/Catalyst SD-WAN (formerly Viptela)

  • Citrix NetScaler SD-WAN (formerly CloudBridge)

  • F5 SD-WAN

  • GFI Software Exinda SD-WAN

  • HPE Juniper SD-WAN with Session Smart Routing (formerly 128 Technology Session Smart SD-WAN)

  • Nuage Networks from Nokia (formerly Alcatel-Lucent SD-WAN)

  • Prisma SD-WAN / Palo Alto Networks SD-WAN (formerly CloudGenix)

  • Riverbed SteelConnect with SteelHead

  • SonicWall

  • Stormshield

  • VeloCloud / Arista Networks SD-WAN (formerly VMware SD-WAN)

Both standard and vendor-specific information elements are supported, with additional report types (search by provider) also available based on provider.

Configuration

In most cases, setting up Scrutinizer as a collector in an SD-WAN environment will involve three main steps (via the environment orchestrator interface):

  1. Enable exporting of NetFlow or IPFIX flow data.

  2. Add Scrutinizer as a collector using the following details:

    • IP address: IP Address of the Scrutinizer server/collector flow data will be sent to

    • UDP port: UDP listening port to use on the Scrutinizer collector

    • Export interval (or active flow timeout): 1 minute

  3. Define the types and sources of flow data for the Scrutinizer collector:

    • Assign the collector to interfaces and/or devices

    • Apply custom traffic data filters

Once set up, verify that Scrutinizer is receiving flow data by checking the Admin > Resources > Exporters page for the SD-WAN exporters. A vendor-specific report type can also be created/run (may take several minutes to become available) to confirm that flow data is being received correctly.

Configuration example

The example below outlines the steps for adding and assigning Scrutinizer as a collector in a VeloCloud environment:

Adding Scrutinizer as a NetFlow collector:

  1. Navigate to Configure > Network Services > NetFlow Settings.

  2. Under Collectors, click New, and then enter the following details:

    • Collector name: Name to identify the Scrutinizer collector by

    • Collector IP: IP address of the Scrutinizer collector to export flows to

    • UDP port: UDP port to use on the Scrutinizer collector (default: 2055)

  3. [Optional] Under Filters, click New, and then create one or more traffic filters:

    • Define criteria (source/destination IP, application ID, etc.) as needed.

    • Select to Allow or Deny matching data.

Assigning the collector(s) to Profiles (up to 8), Segments (up to 2), and/or Edges (up to 8):

  • Profiles: Navigate to Configure > Profiles, and then assign the collector(s) and filters under Network Settings

  • Edges: Navigate to Configure > Edges, enable Edge Override for the Edge device, and then configure the following:

    • Source interface(s) (e.g., LAN or WAN)

    • Collector(s) to assign

    • Optional filters

    • Export interval (e.g., every 60 seconds)

Configuring global Netflow export settings:

  • Select the source interface(s) for flow exports (will be shown as the sender IP)

  • Set the export interval to define flow export frequency (recommended: every 5 minutes)

  • Verify that all Edge devices exporting flows are able to reach (firewall rules, routing, etc.) the Scrutinizer collector(s)

Viptela

Viptela flow data collection is done via API and is enabled in the Scrutinizer web interface as follows:

  1. Navigate to Admin > Integrations > Viptela Settings.

  2. Tick the checkbox to enable the Viptela integration and enter the following details in the fields provided:

    • Viptela vManage NMS (or Cisco Catalyst SD-WAN Manager) IP address or hostname

    • Maximum number of Viptela API requests that can be processed concurrently (default: 10)

    • Maximum number of records that should be returned by each Viptela API request (default: 1000)

    • Password for the login account to use for API requests

    • Port to use for API requests (default: 8443)

    • Protocol to use for API requests (default: HTTPS)

    • Username for the login account to use for API requests (must have full read access)

  3. Click the Test button to verify that Scrutinizer is able to access the Viptela SD-WAN API with the account credentials provided.

  4. Click Save.

Once Viptela flow data collection has been enabled and configured, additional report types will be available to run.

Note

If there are issues using the configured settings, verify that all details were entered correctly and check the collector log for errors. For further assistance, contact Plixer Technical Support.