Hello,
I am using netflow and trying to inform the flow collectors about the sampling rate I am using.
I added the following commands:
Router(config)#flow exporter xFlow
Router(config-flow-exporter)#template data
Router(config-flow-exporter)#option sampler-table
So the config now looks like:
Router#sh flow exporter xFlow
Flow Exporter xFlow:
Description: Exports flows to flow collector
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: xxxx
Source IP address: yyyy
Source Interface: Loopback0
Transport Protocol: UDP
Destination Port: 2055
Source Port: 64759
DSCP: 0x0
TTL: 255
Output Features: Not Used
Options Configuration:
exporter-stats (timeout 600 seconds)
sampler-table (timeout 600 seconds)
And what I have managed until now is the following:
sh flow exporter templates
Flow Exporter xFlow:
Client: Flow Monitor nflow
Exporter Format: NetFlow Version 9
Template ID : 268
Source ID : 3
Record Size : 47
Template layout
_____________________________________________________________________
| Field | Type | Offset | Size |
---------------------------------------------------------------------
| ipv4 source address | 8 | 0 | 4 |
| ipv4 destination address | 12 | 4 | 4 |
| interface input snmp | 10 | 8 | 4 |
| transport source-port | 7 | 12 | 2 |
| transport destination-port | 11 | 14 | 2 |
| ip tos | 5 | 16 | 1 |
| ip protocol | 4 | 17 | 1 |
| transport tcp flags | 6 | 18 | 1 |
| timestamp sys-uptime first | 22 | 19 | 4 |
| timestamp sys-uptime last | 21 | 23 | 4 |
| interface output snmp | 14 | 27 | 4 |
| counter bytes long | 1 | 31 | 8 |
| counter packets long | 2 | 39 | 8 |
---------------------------------------------------------------------
Client: Flow Monitor nflow
Exporter Format: NetFlow Version 9
Template ID : 269
Source ID : 3
Record Size : 47
Template layout
_____________________________________________________________________
| Field | Type | Offset | Size |
---------------------------------------------------------------------
| ipv4 source address | 8 | 0 | 4 |
| ipv4 destination address | 12 | 4 | 4 |
| interface input snmp | 10 | 8 | 4 |
| transport source-port | 7 | 12 | 2 |
| transport destination-port | 11 | 14 | 2 |
| ip tos | 5 | 16 | 1 |
| ip protocol | 4 | 17 | 1 |
| transport tcp flags | 6 | 18 | 1 |
| timestamp sys-uptime first | 22 | 19 | 4 |
| timestamp sys-uptime last | 21 | 23 | 4 |
| interface output snmp | 14 | 27 | 4 |
| counter bytes long | 1 | 31 | 8 |
| counter packets long | 2 | 39 | 8 |
---------------------------------------------------------------------
Client: Option options sampler-table
Exporter Format: NetFlow Version 9
Template ID : 270
Source ID : 3
Record Size : 51
Template layout
_____________________________________________________________________
| Field | Type | Offset | Size |
---------------------------------------------------------------------
| v9-scope system | 1 | 0 | 4 |
| flow sampler | 48 | 4 | 4 |
| flow sampler name | 84 | 8 | 40 |
| flow sampler algorithm export | 49 | 48 | 1 |
| flow sampler interval | 50 | 49 | 2 |
---------------------------------------------------------------------
Client: Option options exporter-statistics
Exporter Format: NetFlow Version 9
Template ID : 271
Source ID : 3
Record Size : 32
Template layout
_____________________________________________________________________
| Field | Type | Offset | Size |
---------------------------------------------------------------------
| v9-scope system | 1 | 0 | 4 |
| flow exporter | 144 | 4 | 4 |
| counter bytes exported | 40 | 8 | 8 |
| counter packets exported | 41 | 16 | 8 |
| counter flows exported | 42 | 24 | 8 |
---------------------------------------------------------------------
As you can see it reports the field "flow sampler interval" but I don't get the information of sampling rate on the collected flows. I tried with tcpdump also and get only the following:
Please any help.
As you can see at the first post I am using the following commands:
show flow exporter
show flow exporter templatesI would like to send the flows with the information of the sampling rate I am using. I would like something similar with this post.
But when I do tcpdump on the packets there is no reference of the sampling rate:
