I'm working on an issue with a few of our customers that I thought was interesting to mention here. We're attempting to collect NetFlow data from some Enterasys N7 switchs. We've been able to successfuly manage the switches with Orion NPM and we've configured the switches to export NetFlow data and that was all very straight forward. However, once we started looking at the NetFlow data we ran into an issue.

Within a NetFlow packet there are typically several NetFlow PDUs - or individual records of conversations. Typicall each PDU will have information like the source and destination IP address of the traffic, source and destination port number, protocol, AS information, and the ingress and egress interfaces of the router/switch where the conversation traversed. The interface information will should be represented by the ifIndex (from within the MIB-II ifTable) of the interface the traffic went through.

On these particular switches, we're seeing some indexes that don't appear anywhere within the ifTable so I can't tell where to associate the traffic. It looks like maybe these indexes are from the bridge table, but it's hard to tell for sure.

I'm working with the customers and Enterasys on this and hope to have a resolution soon but I thought I'd throw it out there to see if anyone else is seeing this.

If you want to stay up to date with this issue, I'll be tweeting about it as the situation progresses...


Flame on...
Josh