NetFlow and IPFIX, a newer iteration of the NetFlow protocol, are protocols used for monitoring network traffic. These protocols are used by network analyzer tools that use a random selection of packets to build statistical data about traffic patterns rather than for security or application diagnostic purposes.

vSphere and ESXi support the use of the NetFlow and IPFIX protocols. When NetFlow or IPFIX is configured, copies of packets are sent to the remote server, much like a syslog client would.

To enable NetFlow or IPFIX on a virtual distributed switch (vDS), follow the instructions in the TechDocs article Configure the NetFlow Settings of a vSphere Distributed Switch

Traffic collection and forwarding begins once the collector IP address and port are configured.

As of vSphere 8.0 and VCF 9.0, vSphere Distributed Switch supports IPFIX (NetFlow version 10).

NetFlow has a performance impact on CPU and network utilization that directly scales with the sampling rate. Configure a sampling rate that is appropriate for your environment.

For reference, VMware NSX has a default sampling rate of 0.1% or 1:1000 for IPFIX/NetFlow.