Hit me up with questions, glad to help.. I've run through a few challenges
with jFlow on the platforms and have come up with some knowledge about
caveats and such.
Simplistic configuration using v9 netflow, can you use filters if you want
to. I don’t like filters as there is a chance to break real firewall filters
by combining services. This does not include using ‘sampling instances’ You
can do that, but you need to define the instance under the FPC. This is set
under ‘chassis fpc #’ and then define the corresponding instance under the
‘forwarding-options’ configuration.
To do v9 netflow/jflow it requires that you have a MS-DPC module. If you
want to do v5, remove the services Config and version9 and code version 5.
Please also make sure that your timers are set properly. I do not know what
export timers you are looking for. You can do sampled netflow on juniper
devices if doing version 5 or lower and a higher rate of sampling. There is
a max packets/sec limit however.
*Interfaces to sample:*
ntfu...@mx480-lab-re1# show interfaces
xe-4/0/0 {
unit 0 {
family inet {
sampling {
input; *ß Ingress netflow*
output; *ß Egress netflow (caveat, this doesn’t work using
multicast traffic)*
}
*Services interface that will do the sampling:*
ntfu...@mx480-lab-re1# show interfaces
sp-3/0/0 {
unit 0 {
family inet;
}
}
*Forwarding options to configure sampling rate and export destination. *
ntfu...@mx480-lab-re1# show forwarding-options
sampling {
input {
rate 1; *ß 1 equals 1:1 sampling, adjust higher if doing sampled
netflow/jflow.*
run-length 0;
}
family inet {
output {
flow-server 204.151.176.36 {
port 9995;
version9 {
template {
FLOWv9;
}
}
}
interface sp-3/0/0 {
source-address *<Source IP of jflow traffic to collector>;*
}
}
}
}
*jFlow v9 template*
ntfu...@mx480-lab-re1# show services *ß This is needed to do v9 jFlow*
flow-monitoring {
version9 {
template FLOWv9 {
ipv4-template;
On Fri, Sep 17, 2010 at 1:03 PM, Chris Evans <chrisccnpsp...@gmail.com>wrote:
> No problem. I live a primary Cisco world too. Once I get back to the
> office I will post the config.
> > Thanks - do you have sample config or docs on this? Sorry, still a bit
> lost
> > - converting from Cisco world which appears to be a lot different ;)
> >
> >
> >
> > From: Chris Evans [mailto:chrisccnpsp...@gmail.com]
> > Sent: September-17-10 12:31 PM
> > To: Paul Stewart
> > Cc: juniper-nsp@puck.nether.net
> > Subject: Re: [j-nsp] Netflow Export - MX running 10.x
> >
> >
> >
> > My opinion. Don't waste time on firewall filters. Use the sampling
> command
> > under family inet instead.
> >
> >> Hi there..
> >>
> >>
> >>
> >> I'm working with an MX480 running 10.0R3.10 trying to get Netflow 5
> >> exporting up and running.... been reading some of the docs from Juniper
> > and
> >> must be reading the wrong info because what they talk about I don't see
> ;)
> >>
> >>
> >>
> >> First, firewall filter:
> >>
> >>
> >>
> >> filter cflowd {
> >>
> >> term sampled_packets {
> >>
> >> from {
> >>
> >> source-address {
> >>
> >> 0.0.0.0/0;
> >>
> >> }
> >>
> >> }
> >>
> >> then accept;
> >>
> >> }
> >>
> >> term other {
> >>
> >> then accept;
> >>
> >> }
> >>
> >> }
> >>
> >>
> >>
> >>
> >>
> >> Then forwarding options:
> >>
> >>
> >>
> >> sampling {
> >>
> >> input {
> >>
> >> rate 1;
> >>
> >> run-length 0;
> >>
> >> max-packets-per-second 7000;
> >>
> >> }
> >>
> >> family inet {
> >>
> >> output {
> >>
> >> flow-server xx.xxx.xx.2 {
> >>
> >> port 5000;
> >>
> >> source-address xx.xx.xxx.59;
> >>
> >> version 5;
> >>
> >> }
> >>
> >> }
> >>
> >> }
> >>
> >> }
> >>
> >>
> >>
> >>
> >>
> >> When I apply this as input on an interface I see nothing hitting the
> > netflow
> >> system.... the docs talk about "sampling output" instead of "sampling
> > family
> >> inet" but I have no option for "sampling output"
> >>
> >>
> >>
> >> Confused I am ;) Doesn't take much ... (oh, and yes I want 1:1 sampling
> at
> >> this point simply because the traffic levels will allow it in the short
> >> term)
> >>
> >>
> >>
> >> Paul
> >>
> >>
> >>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
