S/N/K-Series Flow Creation at Layers 2, 3, and 4

Article ID: 14165

Matrix N-Series DFE

The DFE product family is a flow-based system.

The system is capable of creating flows at:
  • Layer 2 (Source MAC Address with Destination MAC Address, aka "SA/DA")
  • Layer 3 (SA/DA; Source IP Address with Destination IP Address, aka "SIP/DIP")
  • Layer 4 (SA/DA; SIP/DIP; Destination L4 Port)
Here are the general behavioral expectations:
  • On the N running firmware 6.x and lower; switched traffic defaults to L2 flows while routed traffic defaults to L3 flows.
  • On the S/N/K running firmware 7.x and higher; the system defaults to L3 flows if IP information is available (even for switched traffic, as L3 data is used to hash switched traffic across LAGs (12248)).
  • For all of the above-stated products and firmware versions; L4 flows are used instead when LSNAT, NAT, TWCB (7110), L4 ACLs, L4 Policy, or Netflow are configured.
One can see that the volume of flow resources used to forward a given set of network traffic can change - sometimes dramatically - due to the granularity difference between, for example, multi-protocol traffic handled using one L2 flow vs L4 flow generation each time the L4 destination port changes. If an end station TFTPs data to a server across an SSA, this typically yields a single L3 flow. Then if the station also FTPs data across the SSA, the initial flow continues to be used for this data. But, if any of the above-stated L4 flow conditions apply, one or more L4 flows are created instead. If this end station now PINGs the server, another L4 flow is created. If HTTP, yet another L4 flow is created. At this level of inspection flow resources may be exhausted faster, since more flows are needed for traffic utilizing a variety of L4 entries.

It is up to the network administrator to balance network design requirements with available network resources.

See also: 5115 and 6816.

