Thanks - do you have sample config or docs on this? Sorry, still a bit lost - converting from Cisco world which appears to be a lot different ;)
From: Chris Evans [mailto:chrisccnpsp...@gmail.com] Sent: September-17-10 12:31 PM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Netflow Export - MX running 10.x My opinion. Don't waste time on firewall filters. Use the sampling command under family inet instead. > Hi there.. > > > > I'm working with an MX480 running 10.0R3.10 trying to get Netflow 5 > exporting up and running.... been reading some of the docs from Juniper and > must be reading the wrong info because what they talk about I don't see ;) > > > > First, firewall filter: > > > > filter cflowd { > > term sampled_packets { > > from { > > source-address { > > 0.0.0.0/0; > > } > > } > > then accept; > > } > > term other { > > then accept; > > } > > } > > > > > > Then forwarding options: > > > > sampling { > > input { > > rate 1; > > run-length 0; > > max-packets-per-second 7000; > > } > > family inet { > > output { > > flow-server xx.xxx.xx.2 { > > port 5000; > > source-address xx.xx.xxx.59; > > version 5; > > } > > } > > } > > } > > > > > > When I apply this as input on an interface I see nothing hitting the netflow > system.... the docs talk about "sampling output" instead of "sampling family > inet" but I have no option for "sampling output" > > > > Confused I am ;) Doesn't take much ... (oh, and yes I want 1:1 sampling at > this point simply because the traffic levels will allow it in the short > term) > > > > Paul > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp