The Netflow Agent

The V9 and V10 UDR formats are template based, where the template provides a description of the fields that will be present in the UDRs.  For detailed information on the V9 UDR format, see the section NetFlow Version 9 Flow-Record Format on Cisco's website and for the V10 UDR format, see RFC 7011 ( https://tools.ietf.org/html/rfc7011).
 

The Netflow Agent does not detect templates, map incoming data to the corresponding template, or create UDRs of the incoming data. This functionality must be implemented in APL, as described in the section below, Workflow Design for V9UDR and V10UDR. The agent will forward the Netflow data using the rawData field to the workflow.

Workflow Design for V9UDR and V10UDR

When using Netflow with the V9UDR or V10UDR format, the workflow design must handle certain functions.

Dynamic format

Since the V9UDR V10UDR formats are dynamic, the workflow may not have access to the template when the first UDRs arrive, or the template may have changed and not yet been sent to the workflow.

For this reason, it is recommended to let the real-time workflow with the Netflow collection agent(s) forward the UDRs via Inter Workflow, or Workflow Bridge agents, to a batch workflow that stores them on disk.

A third workflow may then collect, decode and aggregate the UDRs.

Decoding and Aggregation  

In order to decode the UDRs, you first have to decode the template, and this has to be done by defining an Ultra format for the template.  For further information on decoding the V10UDR format, see RFC 7011 (https://tools.ietf.org/html/rfc7011). The template should then be sent to an Aggregation agent to start a session, which will correlate all the UDRs that use the template. An Ultra defining the aggregation session handling will also have to be created. 

Since the aggregation has to be based on a template-specificfield, the templates have to be routed one at a time to the Aggregation agent.

The APL code in the Aggregation agent will then have to handle the decoding of the actual UDRs.