I am trying to understand netflow v9 & I have few doubts on netflow v9
1) how and why will templates change on a netflow router ? I undertsnad netflow v9 was created so that many different templates can be specified . But why would a person configure multiple different templates ie why not just a single template with all the required fields .
2) If there are 2 templets which have common fileds , when a user session expires will data be generated for both the templates ? isnt this data duplication and is it need of the collection engine to make sure it combines
NetFlow v9 and IPFIX (v10) both use a template-based approach to exporting flow data. Older flow versions carried data in a fixed packet format, meaning each datagram contained exactly the same fields. This meant that additional useful information could not be carried, or worse: each time a new datafield was added, the NetFlow version would need to change.
The introduction of v9 brought templates, which allows the exporting device (like your router or switch) to decide which fields to send to the collector/analyzer software. This allows a much richer set of fields to be forwarded (for instance see RFC5102: https://www.rfc-editor.org/rfc/rfc5102 on the crazy number of different fields available). It also makes the flow data more compact, because you don't actually use any bits on the wire for fields that the exporter cannot fill in.
So exporters will usually publish templates for IPv4 traffic, and different ones for IPv6 traffic, and sometimes again different ones for different interface cards. All depending on what is known about the flow. Typically a flow is only reported on once by each exporter, and the best template is picked.
Additionally, flows are usually reported on multiple times in their lifecycle, depending on how long they run. A this means that your collector may receive updates to a flow (for instance a user session with a webserver) as time goes by, and more packets were seen.
Here is some additional background on the different flow formats: http://www.flowtraq.com/corporate/resources/whitepapers/the-netflowsflowcflowjflow-flow-dilemma/