Servet wrote: > > Hi Guys > > i have a problem with juniper netflow traffic values, i think there is no > problem about the config and flow-analyser. If i use a cisco device, the > results of snmp polls and results of the flow-analyser are similar > But in juniper; i get 180 mbit/s traffic value with SNMP requests from my > juniper MX-960 router, but netflow says me it is 120mbit. Also my sampling > rate is 1. > You can see config below, do you have any idea? why i can't get similar > results from snmp and netflow > Kind regards > > > > sampling { > input { > family inet { > rate 1; > run-length 1; > max-packets-per-second 65535; > } > } > output { > cflowd x.x.x.x { > port 9996; > version 5; > autonomous-system-type origin; > } > flow-inactive-timeout 600; > flow-active-timeout 60; > interface sp-4/1/0 { > source-address y.y.y.y; > } > } > } > _______________________________________________
We recently had an interesting issue which sounds similar to yours after upgrading a M20 to a MX960. Our sampling configuration remained the same across the upgrade but with the new device we started seeing discrepancies between netflow & snmp counters. Long story short, running a snoop on the collector showed all traffic was being received but flow-capture was still complaining about missing flows. Are you running flow-tools? if so, have you checked the log for errors? We were seeing errors like this: flow-capture[8266]: [ID 895957 local6.info] ftpdu_seq_check(): src_ip=w.x.y.z dst_ip=a.b.c.d d_version=5 expecting=23389991 received=23390021 lost=30 We found that the netflow traffic coming out of the router was quite bursty and the top of the burst corresponded with lost flows in the logs. Our current workaround is to use a dedicated interface for the netflow traffic and apply a shaping rate to said interface. We found that approx 3m was enough to get all the traffic through and we still aren't losing flows at 10m. Obviously not a permanent solution but it should work long enough to let us figure out what's going wrong with the collector. Hope this helps, Col _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp