Right now we are discarding flows when the associated template is not present (yet), while RFC3954 states that:
If the Template Records have not been
received at the time Flow Data Records (or Options Data Records) are
received, the Collector SHOULD store the Flow Data Records (or
Options Data Records) and decode them after the Template Records are
received. A Collector device MUST NOT assume that the Data FlowSet
and the associated Template FlowSet (or Options Template FlowSet) are
exported in the same Export Packet.
Temporary buffering of flows where the template is not present (yet) should be implemented and once the template was received, associated flows should be processed.
Right now we are discarding flows when the associated template is not present (yet), while RFC3954 states that:
Temporary buffering of flows where the template is not present (yet) should be implemented and once the template was received, associated flows should be processed.