vflow ignore sampling interval on IPFIX and Netflowv9

[Slepwin]

Hi,
I have a question how vflow handle IPFIX/Netflow v9 sampling rate, does it get from Option Data Sets and multiply by the number of bytes and packets automatically?

[Slepwin]

Seems like vflow completely ignores sampling interval field in IPFIX and Netflow packets and can't provide accurate information about traffic volume.

[Slepwin]

Maybe it have some configuration knob to set sampling rate manually?

[Slepwin]

@mehrdadrad could you please clarify.

[mehrdadrad]

@Slepwin samplingInterval IANA element id #34 deprecated please check samplingPacketInterval
https://www.iana.org/assignments/ipfix/ipfix.xhtml

[Slepwin]

@mehrdadrad i have a ipfix.elements file with samplingPacketInterval element in /etc/vflow directory but i can confirm vflow doesn't take into account this info and doesn't multiple bytes to sampling rate provided from routers (tested on Juniper MX).

[mehrdadrad]

vFlow doesn't multiply, if router sends the samplingPacketInterval then you should get it at dataset (json)
did you try tcpdump/wireshark to make sure it comes from Juniper MX router?

[Slepwin]

vFlow doesn't multiply, if router sends the samplingPacketInterval then you should get it at dataset (json)
did you try tcpdump/wireshark to make sure it comes from Juniper MX router?

Yes, i can confirm MX router send samplingPacketInterval for IPFIX and another collector do it (multiply) automatically. I also can't see samplingPacketInterval on vflow with debug mode.

[mehrdadrad]

can you send me a pcap?