Required Flow template fields in NTA

Overview

This article discusses the required Flow template fields in NTA. Flow packets will be ignored if the required fields are not included in the Flow template.

Environment

All NTA versions

Detail

Notes:

• The NetFlow v9 specification indicates that templates may be configurable on a device-by-device basis. However, most devices have a set of static templates to which exported flows conform. When SolarWinds states that a device is supported by Orion NTA, SolarWinds has determined that at least one of the templates the device is capable of exporting will satisfy the Orion NTA requirements. For more information, see the Cisco white paper, NetFlow Version 9 Flow-Record Format.
• Only one interface index is absolutely required, but both interface indexes (INPUT_SNMP and OUTPUT_SNMP) should be provided to view accurate statistics for both ingress and egress flows.
• The SRC_TOS field corresponding to the service type of ingress traffic on an interface (field type number 5) is required to view Type of Service information for your traffic through a Flow source. The templates used by Cisco 4500 series switches and Adaptive Security Appliances (ASA) do not provide information in this field.
• Cisco 4500 series switches do not provide information for the TCP_FLAGS field (field type number 6) corresponding to a count of all TCP flags seen in the related Flow.
• Cisco Adaptive Security Appliances (ASA) are capable of providing Flow data using a limited template based on the NetFlow v9 template.