Enterasys Matrix N1 Configuration Manual page 8

Configuring NetFlow on the Enterasys Matrix DFE
system must be determined, since the default settings of a 20‐packet refresh rate and a 30‐minute
timeout may not be optimal for your environment. See Configuring NetFlow Export Version
Refresh.
NetFlow Version 9 records generated by DFE modules use true MIB‐2 ifIndex values since the
template mechanism permits transmission of 4‐byte ifIndexes. Version 9 also uses 8‐byte packet
and byte counters, so they are less likely to roll over. Check with your collector provider to
determine if they provide the necessary support.
The current Version 9 implementation:
• Does not support aggregation caches.
• Provides four predefined templates. The appropriate template is selected for each flow
depending on whether the flow is routed or switched, and whether it is a TCP/UDP packet or
not. See Table
9 supported templates.
Use the set netflow export‐version {5|9} command to set the NetFlow export version.
Use the clear netflow export‐version command to reset the export version to the default value.
Configuring NetFlow Export Version Refresh
Version 9 template records have a limited lifetime and must be periodically refreshed. Templates
are retransmitted when either
• the packet refresh rate is reached, or
• the template timeout is reached.
Template refresh based on the timeout period is performed on every module. Since each DFE
module handles its own packet transmissions, template refresh based on number of export
packets sent is managed by each module independently.
The refresh rate defines the maximum delay a new or restarted NetFlow collector would
experience, before it learns the format of the data records being forwarded (from the template
referenced by the data records). Refresh rates affect NetFlow collectors during their start up.
Collectors must ignore incoming data flow reports until the required template is received.
The default behavior is for the template to be sent after 20 export data packets are sent. Since data
record packets are sent out per flow, a long FTP flow may cause the template timeout timer to
expire before the maximum number of packets are sent. In any case a refresh of the template is
sent at timeout expiration as well.
Setting the appropriate refresh rate for your Enterasys Matrix system must be determined,
because the default settings of a 20‐packet refresh rate and a 30‐minute timeout may not be
optimal for your environment. For example, a switch processing an extremely slow flow rate of,
say, 20‐packets per half hour, would refresh the templates only every half hour using the default
settings, while a switch sending 300 flow report packets per second would refresh the templates
15 times per second.
Enterasys recommends that you configure your Enterasys Matrix system so it does not refresh
templates more often than once per second.
Use the set netflow template {[refresh‐rate #ofPackets] [timeout minutes]} to set the NetFlow
export template refresh rate and timeout for this system.
Use the clear netflow template {[refresh‐rate] [timeout]} to reset the NetFlow export template
refresh rate and timeout to the default values.
February 26, 2008
5 on page 15 for a complete listing of the fields for each of the NetFlow Version
Page 8 of 19