We have deployed a handful of ASR 920 routers and are collecting Netflow from them with NFsen. It seems to work okay apart from the timestamps in the Netflow records. The are all just epoch start.
Looking at a packet capture and having Wireshark decode it with the "CFLOW" dissector shows that the export timestamps in the packet header are correct but the "StartTime" and "EndTime" in each flow record is just all zeros. The routers are running IOS XE 16.7.3 and the Netflow configuration is like this: flow record IPV4-FULL match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match routing vrf input collect transport tcp flags collect interface input collect counter bytes long collect counter packets long collect timestamp absolute first collect timestamp absolute last ! flow exporter NDE- bernoulli.net.rm.dk destination 192.0.2.10 source Loopback0 trans port udp 30020 ! flow monitor STANDARD-INGRESS-IPV4 exporter NDE- bernoulli.net.rm.dk record IPV4-FULL ! interface BDI10 vrf forwarding RM03104 ip flow monitor STANDARD-INGRESS-IPV4 input ip address 198.51.100.1 255.255.255.0 ... ! I tried substituting "timestamp sys-uptime" for "timestamp absolute" but saw no difference. The routers are using the "video" SDM template and have the "Advanced Metro IP Access" license. Are other people seeing the same with regards to Netflow from an ASR 920? Any way to have it send the correct timestamps in the flow records? Thanks in advance. -- Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/