Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
1
Helpful
2
Replies

Netflow ACI & VMM VMware

Stefan Engel
Level 1
Level 1

‎05-12-2025 02:41 AM

Hi, 

We want to send Netflow data per VMware port-group. On the VMware side, Netflow can be set per port-group, but as the port-groups (EPG's) are pushed from ACI (VMM), ACI will revert any manual changes done on the VMware side. 

Unsupported remote operation detected on EPG: uni/tn-US/ap-test/epg-test detected in Controller: us-vmwvc01 with name us-vmwvc01 in datacenter US in domain ACI_DVS , error: [Portgroup NetflowPref has been changed on external VMM controller]

On the other hand, seems we dont have the option to configure Netflow per EPG on ACI.

I'm trying to find out if there's a way to have Netflow configured per port-group without removing the EPG from VMM?

And if not, what would be the best approach to send Netflow, like cfg NF per bridge-domain? 

Thanks,

Stefan

Labels:
0 Helpful
2 Replies 2

AshSe
VIP
VIP

‎05-13-2025 12:10 AM - edited ‎05-13-2025 12:11 AM

Hello @Stefan Engel 

This is a tricky problem, but with careful planning and investigation, you should be able to find a solution that meets your needs.

Let's understand the complexities in this requirement first:

  1. ACI Control: ACI is designed to be the source of truth for network policy, including port-group configurations when using VMM integration. Any manual changes made on the vCenter side to port-groups managed by ACI are reverted by ACI to maintain consistency.
  2. Netflow Granularity: You want Netflow data per VMware port-group (which corresponds to an ACI EPG when integrated). ACI doesn't directly offer Netflow configuration at the EPG level.

I'm trying to find out if there's a way to have Netflow configured per port-group without removing the EPG from VMM?

And if not, what would be the best approach to send Netflow, like cfg NF per bridge-domain? 

 

Let's look at the possible solutions to achieve:

  1. Investigate ACI Programmability (NX-API or REST API)
  2. Netflow at the Bridge Domain Level (with Careful Design)
  3. Leverage vCenter Distributed Switch (vDS) Netflow and External Correlation
  4. Remove EPG from VMM (Not Recommended in Most Cases, Least Desirable)

You may choose the most feasible of the above options and we can take a deeper dive into the selected option.

 

HTH & Stay Curious!

AshSe

 

Community Etiquette: 

  1. Insert photos/images inline - don't attach.
  1. Always mark helpful and correct answers, it helps others find what they need.
  1. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.

Stefan Engel
Level 1
Level 1

‎05-14-2025 02:25 AM

Hi AshSe,

Thanks for the details! On 

  1. Investigate ACI Programmability (NX-API or REST API) --> you think with API we might have options, like enable NF per EGP which are not available through GUI. Or? 

Thanks,

Stefan

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License