Version Support; Commands - Enterasys Matrix DFE-Gold Series Configuration Manual

Configuring NetFlow
• It has accumulated the maximum number of NetFlow records per packet, which is 30, or
• It has accumulated fewer than 30 NetFlow records and the active flow timer has expired, or
• The flow expires (ages out or is invalidated).

Version Support

The Enterasys Matrix DFE firmware supports NetFlow Version 5 and Version 9. For more
information about Version 9 data export format, refer to RFC 3954, "Cisco Systems NetFlow
Services Export Version 9."
When transmitting NetFlow Version 5 reports, the DFE blade uses "netflow interface" indexes.
Normally these would be actual MIB‐2 ifIndex values, but the Version 5 record format limits the
values to 2 bytes, which is not sufficient to hold 4 byte ifIndexes. NetFlow collector applications
that use the in/out interface indexes to gather SNMP data about the interface (such as ifName)
must translate the interface indexes using the Enterasys MIB etsysNetflowMIB
(1.3.1.6.1.4.1.5624.1.2.61).
NetFlow Version 9 records generated by DFE blades use true MIB‐2 ifIndex values since the
template mechanism permits transmission of 4 byte ifIndexes. Version 9 also uses 8 byte packet
and byte counters, so they are less likely to roll over. Check with your collector provider to
determine if they provide the necessary support.
The current Version 9 implementation:
• Does not support aggregation caches
• Provides 4 predefined templates. The appropriate template is selected for each flow
depending on whether the flow is routed or switched, and whether it is a TCP/UDP packet or
not.
Version 9 templates are re‐transmitted when:
• The timeout is reached. The default is 30 minutes but is user configurable using the set
netflow template timeout command ("set netflow template" on page 15‐9).
Templates are sent from every blade when the timeout is reached.
• The packet refresh rate is reached. The default is every 20 packets, but is user configurable
using the set netflow template refresh‐rate command ("set netflow template" on page 15‐9).
Templates are sent as a result of the refresh rate by each blade, since each blade handles itʹs own
packet transmission. For flow generation and processing efficiency reasons, Enterasys
recommends that customers configure their Enterasys Matrix systems so that templates are not
generated more often than once per second, as a minimum. For more information about setting
the refresh rate, see the Usage discussion in "set netflow template" on page 15‐9.

Commands

For information about...
show netflow
set netflow cache
15-2 NetFlow Configuration
Note: A flow is a unidirectional sequence of packets having a set of common properties, travelling
between between a source and a destination endpoint. A flow is created on the Enterasys Matrix
device when the MAC destination address of a packet is learned on a port and torn down when
either it ages out or it is explicitly torn down by the firmware.
Refer to page...
15-3
15-4