Do any network wizards out there know anything about netflow V9 templates?
I am writing a netflow collector in .net, which has lots of interesting challenges including reading the RFC!
However, I need a specific piece of information
Here is a link to a copy of the RFC:
https://www.ietf.org/rfc/r
From this I read this excerpt:
I cannot find any default expiry timeframe for a netflow Flowset Template.
It says it must be configurable at the exporter and the collector. When I set up a PRTG to collect netflow packets, there was not an option to specify the template expiry. I can't see any record in the RFC that the exported can use to tell the collector when to expire templates. PRTG works though.
Therefore there must be a reasonable default value for how long to keep an un-refreshed template before expiring it.
My question is, what is the default timeframe to expire a template - OR - how else can the collector learn this from the exporter? (someone manually configuring it is not the answer I want)
There must be some way in which netflow collectors work out of the box without the user specifying the template expiry. I need to do this.
However, I need a specific piece of information
Here is a link to a copy of the RFC:
https://www.ietf.org/rfc/r
From this I read this excerpt:
The life of a template at the Collector is limited to a fixed refresh
timeout. Templates not refreshed from the Exporter within the
timeout are expired at the Collector. The Collector MUST NOT attempt
to decode the Flow or Options Data Records with an expired Template.
I cannot find any default expiry timeframe for a netflow Flowset Template.
It says it must be configurable at the exporter and the collector. When I set up a PRTG to collect netflow packets, there was not an option to specify the template expiry. I can't see any record in the RFC that the exported can use to tell the collector when to expire templates. PRTG works though.
Therefore there must be a reasonable default value for how long to keep an un-refreshed template before expiring it.
My question is, what is the default timeframe to expire a template - OR - how else can the collector learn this from the exporter? (someone manually configuring it is not the answer I want)
There must be some way in which netflow collectors work out of the box without the user specifying the template expiry. I need to do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is no concrete answer. After a lot of research, I had to resign myself to the 'bodge' suggested by the IPFIX author I quoted.
<Political Rant>The RFC is flawed in such a way that only manufacturers or large software outfits with the capital to collaborate with the manufacturers can create a valid solution based upon anything other than guesswork, effectively shutting the little people out of the market! </Political Rant>
<Political Rant>The RFC is flawed in such a way that only manufacturers or large software outfits with the capital to collaborate with the manufacturers can create a valid solution based upon anything other than guesswork, effectively shutting the little people out of the market! </Political Rant>
I hope it's not to late for you..
There isn't really a default timeout universally but you should set one that works for you.
According to cisco:
I think in most cases it defaults to 1 minute.
Hope it helps..
Panagiotis.