two samplers in nfcapd 1.6.1[78]

[ytti]

I can see

[ytti@netflow2]~% /data2/local/bin/nfdump -E /data2/nfsen/data/profiles-data/live/ruuter1/2019/09/21/nfcapd.201909211905
Exporters:
SysID: 1, IP:    10.250.0.149, version: 10, ID:  0, Sequence failures: 38, packets: 24367, flows: 341706
    Sampler for Exporter SysID: 1,  Generic Sampler: mode: 2, interval: 0
    Sampler for Exporter SysID: 1,  Generic Sampler: mode: 0, interval: 10922
[ytti@netflow2]~% /data2/local/bin/nfdump -E /data2/nfsen/data/profiles-data/live/ruuter2/2019/09/21/nfcapd.201909211905
Exporters:
SysID: 1, IP:     10.250.0.62, version: 10, ID:  0, Sequence failures: 105, packets: 54541, flows: 768018
    Sampler for Exporter SysID: 1,  Generic Sampler: mode: 0, interval: 10922
    Sampler for Exporter SysID: 1,  Generic Sampler: mode: 2, interval: 0

This seems bit random which is first, if mode2, interval0 is observed first, we report 0bytes/0packets, I assume because we multiply with 0. If mode0 is seen first, we report correct bytes/packets.

PCAPs from devices are identical, only interval reported is 10922 with random algorithm.

Devices are PTX1k exporting IPFIX.

Perhaps selectorId 0 is parsed as sampler?

[ytti]

Either restart itself or upgrade to 1.6.18 fixed this.

[ytti]

The likely problem here is that between versions samplingInterval moves from template 258 to 257 and what used to be samplingInterval is now selectorID (0), which somehow messes up nfcapd and causes it to create another sampler, instead of updating existing one to 0 (and later when it sees template back to reasonable number).

1.6.18 does not fix, but restart fixes.