Slepwin
commented
3 years ago Seems like vflow completely ignores sampling interval field in IPFIX and Netflow packets and can't provide accurate information about traffic volume.
Open Slepwin opened 3 years ago
Slepwin
commented
3 years ago Seems like vflow completely ignores sampling interval field in IPFIX and Netflow packets and can't provide accurate information about traffic volume.
Slepwin
commented
3 years ago Maybe it have some configuration knob to set sampling rate manually?
Slepwin
commented
3 years ago @mehrdadrad could you please clarify.
mehrdadrad
commented
3 years ago @Slepwin samplingInterval IANA element id #34 deprecated please check samplingPacketInterval https://www.iana.org/assignments/ipfix/ipfix.xhtml
Slepwin
commented
3 years ago @mehrdadrad i have a ipfix.elements file with samplingPacketInterval element in /etc/vflow directory but i can confirm vflow doesn't take into account this info and doesn't multiple bytes to sampling rate provided from routers (tested on Juniper MX).
mehrdadrad
commented
3 years ago vFlow doesn't multiply, if router sends the samplingPacketInterval then you should get it at dataset (json) did you try tcpdump/wireshark to make sure it comes from Juniper MX router?
Slepwin
commented
3 years ago vFlow doesn't multiply, if router sends the samplingPacketInterval then you should get it at dataset (json) did you try tcpdump/wireshark to make sure it comes from Juniper MX router?
Yes, i can confirm MX router send samplingPacketInterval for IPFIX and another collector do it (multiply) automatically. I also can't see samplingPacketInterval on vflow with debug mode.
mehrdadrad
commented
3 years ago can you send me a pcap?
Hi, I have a question how vflow handle IPFIX/Netflow v9 sampling rate, does it get from Option Data Sets and multiply by the number of bytes and packets automatically?