Filter
Top Products
Logging And Network Management Command Set
Configuring NetFlow
Matrix NSA Series Configuration Guide 11-153
Version Support
The Matrix DFE firmware supports NetFlow Version 5 and Version 9. For more information about
Version 9 data export format, refer to RFC 3954, “Cisco Systems NetFlow Services Export Version
9.”
When transmitting NetFlow Version 5 reports, the DFE blade uses “netflow interface” indexes.
Normally these would be actual MIB-2 ifIndex values, but the Version 5 record format limits the
values to 2 bytes, which is not sufficient to hold 4 byte ifIndexes. NetFlow collector applications
that use the in/out interface indexes to gather SNMP data about the interface (such as ifName) must
translate the interface indexes using the Enterasys MIB etsysNetflowMIB
(1.3.1.6.1.4.1.5624.1.2.61).
NetFlow Version 9 records generated by DFE blades use true MIB-2 ifIndex values since the
template mechanism permits transmission of 4 byte ifIndexes. Version 9 also uses 8 byte packet and
byte counters, so they are less likely to roll over. Check with your collector provider to determine
if they provide the necessary support.
The current Version 9 implementation:
• Does not support aggregation caches
• Provides 4 predefined templates. The appropriate template is selected for each flow depending
on whether the flow is routed or switched, and whether it is a TCP/UDP packet or not.
Version 9 templates are re-transmitted when:
• The timeout is reached. The default is 30 minutes but is user configurable using the set netflow
template timeout command (Section 11.2.8.12).
Templates are sent as a result of a timeout only by the master DFE blade — templates are not
sent from every blade when the timeout is reached, in order to prevent multiple copies being sent
to the collector.
• The packet refresh rate is reached. The default is every 20 packets, but is user configurable using
the set netflow template refresh-rate command (Section 11.2.8.12).
Templates are sent as a result of the refresh rate by each blade, since each blade handles it's own
packet transmission. For flow generation and processing efficiency reasons, Enterasys
recommends that customers configure their Matrix systems so that templates are not generated
NOTE: A flow is a unidirectional sequence of packets having a set of common
properties, travelling between between a source and a destination endpoint. A flow is
created on the Matrix device when the MAC destination address of a packet is learned
on a port and torn down when either it ages out or it is explicitly torn down by the
firmware.