Conclusion of Flow Visibility
From the tests conducted above, here is the conclusion:
- The “Flow Visibility row (let’s call them “Flows”)” consolidate the flows with a 5-minutes interval. That means the start time and end time of the “Flows” is not the flow creation and removal time, it is the particular interval the SD-WAN Edge consolidate the flow data.
- The “Flows” are consolidate into a single row when:
- The flows are having the same source IP address, destination IP address, destination port and utilizing the same WAN link interface. And these flows are happening within the same 5-minutes interval.
- Source port is not considered, different source ports can consolidate to the same “Flow Visibility row” as long as the above 4 parameters are the same.
- The “Flows” does not indicate it is initiated locally or it is initiated by the peer.
- When the “Flows” are initiated by the peer, the destination port is confusing because the destination port is actually from the peer’s point of view. For example, in the above test, in the hub site (Left-Hub-1) where the iperf3 server located, the “Flows” shows the destination port is 5201. This is because the destination port is extracted from the peer’s point of view (that is extracted from the spoke site (Left-Spoke-1)). Further to this, personally, we need enhancement from VMware to cater this problem.
Final note: I do not mean the Flow Visibility is bad, the Flow Visibility is a good improvement and can help in a lot of troubleshooting situations. Just it is needs to further polish.
End of post
Flow Visibility (VMware SD-WAN)