Hello David
I think the best explanation can be found at this Cisco Documentation which states:
Flow samplers are created as separate components in a router’s configuration. Flow samplers are used to reduce the load on the device that is running Flexible NetFlow by limiting the number of packets that are selected for analysis.
Samplers use random sampling techniques (modes); that is, a randomly selected sampling position is used each time a sample is taken.
Flow sampling exchanges monitoring accuracy for router performance. When you apply a sampler to a flow monitor, the overhead load on the router of running the flow monitor is reduced because the number of packets that the flow monitor must analyze is reduced. The reduction in the number of packets that are analyzed by the flow monitor causes a corresponding reduction in the accuracy of the information stored in the flow monitor’s cache.
Samplers are combined with flow monitors when they are applied to an interface with the ip flow monitor command.
Flow sampling can be configured to sample packets in a flow based on the configured mode. Specifically, under the sampler configuration, the command is:
mode {deterministic | random} 1 out-of window-size
You choose one packet out of how many packets (which is essentially the window size) are sampled. You can also choose deterministic or random for the way that packet is chosen within the window.
- So, if you choose deterministic and 1 packet out of every 10, then strictly, every tenth packet will be sampled.
- If you choose random and 1 packet out of every 20, then for every 20 packets that arrive, one of those packets will be chosen randomly.
More information about the configuration and the behavior of a sampler can be found in the link I shared above.
I hope this has been helpful!
Laz