This section describes a summary of SteelCentral and includes the following sections:

The primary integration point of the SteelHead and SteelCentral is the SteelFlow Net export from the SteelHead. The SteelHead sends the NetExpress or Flow Gateway an enhanced version of NetFlow called SteelFlow Net. SteelFlow Net includes:

For more information about flow collection, see SteelHead Flow Integration.

NetFlow provides detailed records of conversations in the network. A basic NetFlow record includes the IP addresses of the endpoints (workstations, servers, printers, and so on), the port or protocol used, traffic volume in bits and packets, TCP flags ingress and egress interface, and so on. These records are sent to a flow collector such as the Flow Gateway. When the records are intelligently combined and stored, you can read them to understand traffic throughout the network for reporting, troubleshooting, and automatic detection of network and application issues.

The SteelHead supports the export of flow data in a variety of different formats. Among these formats are standard NetFlow v5 and v9. Use only these standard versions when exporting flow to non-SteelCentral flow collectors or to an earlier version of the NetProfiler, NetExpress, or Flow Gateway. SteelFlow Net was created by Riverbed. It extends NetFlow v9 with multiple custom extensions that provide additional details specific to flows passing through the SteelHead.

The following table shows NetProfiler feature compatibility in RiOS 6.0 and later.

When you use SteelFlow Net, the SteelHead sends four flow records for each optimized TCP session to the NetFlow collector: ingress and egress for the inner channel connection, and ingress and egress for the outer channel. A pass-through connection still sends four flow records even though there are no separate inner and outer channel connections. In either case, the NetProfiler, NetExpress, and Flow Gateway merges these flow records together with flow data collected for the same flow from other devices.

One of the more common NetProfiler and NetExpress reporting issues happens when interface names and index number associations change across reboots of the SteelHead. This is a direct result of nonpersistent SNMP interface index names, an issue that was the default configuration in RiOS versions prior to 7.0. While you do not need to manually enable ifindex persistence (beginning with new systems running RiOS 7.0 or later; you might need to enable ifindex persistence in upgraded systems), if issues occur with index names and numbers changing on NetProfiler and NetExpress, check to see if ifindex persistence is enabled.

SNMP uses index values to reference interface names. Only index values are included in the flow record when the SteelHead sends flow data to the NetExpress or Flow Gateway. An SNMP poll from the NetExpress and Flow Gateway to the SteelHead is used to map the index number to an interface name. The SNMP interface index value-to-name mapping can potentially change across reboot and upgrades, causing the NetProfiler to incorrectly map the SteelHead interfaces. Use the ifindex-persistence command on the SteelHead to permanently pin SNMP interface names to SNMP index values.

For additional details about ifindex values, see SNMP Integration for Flow Sources.