flowStartMilliseconds/flowEndMilliseconds for NetFlow v9
Description
Each NetFlow v9 packet includes the template for the data records. Never seen that before. Furthermore it looks like flowStartMilliseconds (152) and flowEndMilliseconds (153) is used for indicating the start / end of the flow. I'm pretty sure we use FIRST_SWITCHED (22) and LAST_SWITCHED (21) for this. Also each flow seems to have a duration of zero which is also strange.
Configuration of the Cisco Router...
low exporter OpenNMS destination 10.63.138.140 source TenGigabitEthernet1/0/6 transport udp 9999
flow monitor Netflow-Monitor-In exporter Netflow-to-Orion exporter OpenNMS cache timeout inactive 10 cache timeout active 60 record Netflow-In ! ! flow monitor Netflow-Monitor-Out exporter Netflow-to-Orion exporter OpenNMS cache timeout inactive 10 cache timeout active 60 record Netflow-Out
Each NetFlow v9 packet includes the template for the data records. Never seen that before. Furthermore it looks like flowStartMilliseconds (152) and flowEndMilliseconds (153) is used for indicating the start / end of the flow. I'm pretty sure we use FIRST_SWITCHED (22) and LAST_SWITCHED (21) for this. Also each flow seems to have a duration of zero which is also strange.
Configuration of the Cisco Router...
low exporter OpenNMS
destination 10.63.138.140
source TenGigabitEthernet1/0/6
transport udp 9999
flow monitor Netflow-Monitor-In
exporter Netflow-to-Orion
exporter OpenNMS
cache timeout inactive 10
cache timeout active 60
record Netflow-In
!
!
flow monitor Netflow-Monitor-Out
exporter Netflow-to-Orion
exporter OpenNMS
cache timeout inactive 10
cache timeout active 60
record Netflow-Out
for router..
Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.6.6, RELEASE SOFTWARE (fc1)..Technical Support: http://www.cisco.com/techsupport..Copyright (c) 1986-2019 by Cisco Systems, Inc...Compiled Thu 11-Apr-19 02:24