Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

171

172

173

174

175

176

177

178

179

180

Terms and Definitions

May 18, 2011 Page 14 of 21

Terms and Definitions

Table 3liststermsanddefinitionsusedinthisNetFlowconfigurationdiscussion.

NetFlow Version 5 Record Format

Table 4providesalistinganddescriptionfortheNetFlowVersion5headerfields.Table 5

providesalistinganddescriptionforNetFlowVersion5data recordfields.Thecontentsofthese

datafieldsareusedbythecollectorsoftwareapplicationforflowan alysis.Datafield sare

identifiedinthedatarecordpacket

sentbythenetworkswitchtothecollector.Thedatarecords

containthevaluesspecifiedbytheformat.

Table 3 NetFlow Configuration Terms and Definitions

Term Definition

Active Flow Timer A timer which specifies the maximum amount of time a flow may stay active. The

ongoing flow continues to be tracked as a separate flow. It is the management

application’s responsibility to join these flows for analysis/reporting purposes.

Flow A stream of IP packets that has not yet met an expiration criteria, in which the value

of a set of key fields is the same for each packet in the stream.

Flow Record A capture of information pertaining to a single flow within the NetFlow Cache based

upon data type values supported by the NetFlow version format/template.

Inactive Flow Timer A timer that determines how long a flow for which no packets are being received

remains active.

NetFlow Cache Contains the flow records for all currently active flows.

NetFlow Collector A location where a condensed and detailed history of flow information that entered

each NetFlow-enabled switch or router is archived for use by the NetFlow

management application.

NetFlow Export A transport mechanism that periodically (based upon a timer or the number of flows

accumulated in the cache) sends NetFlow data from the cache to a NetFlow collector

for data analysis.

NetFlow Export

Packet

A packet of flow records or version 9 templates (or both) that is periodically sent to

the NetFlow collector based upon an export criteria.

NetFlow

Management

Application

Enterasys SIEM, NetSight Release 4.1 and higher, or third-party software

application(s) installed on the NetFlow collector, with client or browser access from a

PC, capable of data reduction, monitoring, analysis, and/or troubleshooting specific

to the purpose you are using NetFlow.

NetFlow Version Primarily determines the data types supported and whether the format is fixed or in

an extensible template.

Table 4 NetFlow Version 5 Template Header and Data Field Support

NetFlow Version 5 Header

Data Field Field Contains

count Number of flows exported in this packet (1-30).

sys_uptime Current time in milliseconds since the export device booted.

unix_secs Current count of seconds since 0000 UTC 1970.