Templates

The following section shows examples of the type of Netflow template tables that are exported.

To perform a Diagnostic Report of your own Netflow configuration;
1
Navigate to the System > Diagnostics page.
2
Click the Download Report button in the Tech Support Report section.
Topics:
NetFlow Version 5
NetFlow Version 9
IPFIX (NetFlow Version 10)
IPFIX with Extensions
NetFlow Version 5

The NetFlow version 5 datagram consists of a header and one or more flow records, using UDP to send export datagram:
The first field of the header contains the version number of the export datagram.
The second field in the header contains the number of records in the datagram, which can be used to search through the records.

Because NetFlow version 5 is a fixed datagram, no templates are available, but the datagram follows the format listed below:
NetFlow Version 5 Header Format
NetFlow Version 5 Flow Record Format
NetFlow Version 5 Header Format
 

NetFlow Version 5 Header Format

Bytes

Contents

Description

0-1

version

NetFlow export format version number

2-3

count

Number of flows exported in this packet (1-30)

4-7

SysUptime

Current time in milliseconds since the export device booted

8-11

unix_secs

Current count of seconds since 0000 UTC 1970

12-15

unix_nsecs

Residual nanoseconds since 0000 UTC 1970

16-19

flow_sequence

Sequence counter of total flows seen

20

engine_type

Type of flow-switching engine

20

engine_id

Slot number of the flow-switching engine

22-23

sampling_interval

First two bits hold the sampling mode; remaining 14 bits hold value of sampling interval
NetFlow Version 5 Flow Record Format
 

NetFlow Version 5 Flow Record Format

Bytes

Contents

Description

0-3

srcaddr

Source IP address

4-7

dstaddr

Destination IP address

8-11

nexthop

IP address of the next hop router

12-13

input

SNMP index of input interface

14-15

output

SNMP index of output interface

10-19

dPkts

Packets in the flow

20-23

dOctets

Total number of Layer 3 bytes in the packets of the flow

24-27

First

SysUptime at start of flow

28-31

Last

SysUptime at the time the last packet of the flow was received

32-33

srcport

TCP/UDP source port number or equivalent

34-35

dstport

TCP/UDP destination port number or equivalent

36

pad1

Unused (zero) bytes

37

tcp_flags

Cumulative OR of TCP flags

38

prot

IP protocol type (for example, TCP=6; UDP=17)

39

tos

IP type of service (ToS)

40-41

src_as

Autonomous system number of the source, either origin or peer

42-43

dst_as

Autonomous system number of the destination, either origin or peer

44

src_mask

Source address prefix mask bits

45

dst_mask

Destination address prefix mask bits

46-47

pad2

Unused (zero) bytes
NetFlow Version 9
Example of a NetFlow version 9 Template

NetFlow version 9 Template FlowSet Field Descriptions
 

NetFlow Version 9 Template FlowSet Field Descriptions

Field Name

Description

Template ID

The SonicWall appliance generates templates with a unique ID based on FlowSet templates matching the type of NetFlow data being exported.

Name

The name of the NetFlow template.

Number of Elements

The amount of fields listed in the NetFlow template.

Total Length

The total length in bytes of all reported fields in the NetFlow template.

Field Type

The field type is a numeric value that represents the type of field. Note that values of the field type may be vendor specific.

Field bytes

The length of the specific Field Type, in bytes.

IPFIX (NetFlow Version 10)
Example of an IPFIX (NetFlow version 10) Template

IPFIX Template FlowSet Field Descriptions
 

IPFIX Template FlowSet Field Descriptions

Field Name

Description

Template ID

The SonicWall appliance generates templates with a unique ID based on FlowSet templates matching the type of NetFlow data being exported.

Name

The name of the NetFlow template.

Number of Elements

The amount of fields listed in the NetFlow template.

Total Length

The total length in bytes of all reported fields in the NetFlow template.

Field Type

The field type is a numeric value that represents the type of field. Note that values of the field type may be vendor specific.

Field bytes

The length of the specific Field Type, in bytes.

IPFIX with Extensions

IPFIX with extensions exports templates that are a combination of NetFlow fields from the aforementioned versions and SonicWall IDs. These flows contain several extensions, such as Enterprise-defined field types and Enterprise IDs.

* 
NOTE: The SonicWall Specific Enterprise ID (EntID) is defined as 8741.
Name Template (Standard IPFIX with Extensions)

The following Name Template is a standard for the IPFIX with extensions templates. The values specified are static and correlate to the Table Name of all the NetFlow exportable templates.

Example of an IPFIX with Extensions Template