Woops, forgot something. Input also changed and should be now:
sampling { input { rate 100; } (no longer using family...) Am Freitag, den 19.08.2011, 00:51 +0200 schrieb Jonas Frey (Probe Networks): > Matt, > > yes the config changed in JunOS 10.x. > > See below: > > --- OLD --- > sampling { > input { > family inet { > rate 100; > } > } > output { > flow-server A.B.C.D { > port 2055; > version 5; > } > } > > --- NEW --- > > sampling { > input { > family inet { > rate 100; > } > } > family inet { > output { > flow-server A.B.C.D { > port 2055; > version 5; > } > } > } > > > They changed the family thing, you now have to define the type of > address family you want to sample (this way you can also separate v4/v6 > sampling). > > > > Best regards, > Jonas > > > Am Donnerstag, den 18.08.2011, 15:33 -0700 schrieb Matt Hite: > > Thanks to Jeff Richmond and Jonas Frey who were kind enough to provide > > guidance both on and off-list. > > > > This is what I ended up with: > > > > [edit interfaces xe-0/0/0 unit 0 family inet filter] > > + input-list [ sample-cflow accept-da accept-bgp accept-icmp > > discard-all ]; > > [edit forwarding-options] > > + sampling { > > + input { > > + family inet { > > + rate 500; > > + run-length 0; > > + max-packets-per-second 65535; > > + } > > + } > > + output { > > + flow-server 172.20.1.80 { > > + port 5000; > > + version 5; > > + } > > + } > > + } > > [edit firewall] > > + family inet { > > + filter sample-cflow { > > + term 1 { > > + then sample; > > + } > > + } > > + } > > > > What is interesting is that the config parser tells me the "output" > > stanza is depreciated. > > > > input { > > family inet { > > rate 500; > > run-length 0; > > max-packets-per-second 65535; > > } > > } > > output { ## Warning: 'output' is deprecated > > flow-server 172.20.1.80 { > > port 5000; > > version 5; > > } > > } > > > > Anyone know the new, non-deprecated way? > > > > -M > > > > On Thu, Aug 18, 2011 at 12:43 PM, Matt Hite <li...@beatmixed.com> wrote: > > > Hello -- > > > > > > I've recently deployed some MX960 (Treo) and now need to get their > > > flow data in Arbor Peakflow SP. Unfortunately the instructions in the > > > Arbor manual appear to be very long in the tooth and a bit confusing. > > > Specifically, the integration directions are for a "JunOS version > > > 5.5B1.3 on a Juniper M5 Router." Now I'm sure there is carry over that > > > is relevant still, I just want to make sure I'm going down the right > > > path. Apologies for the rudimentary questions here. My previous > > > experience was sflow only... > > > > > > They mention using "set forwarding- options family inet filter input > > > filter <name>" as "the easiest way to apply a filter to all packets > > > received by the system." > > > > > > They then suggest a filter like this: > > > > > > admin@m5# set firewall filter cflowd term sampled_packets from > > > source-address 0.0.0.0/0 > > > admin@m5# set firewall filter cflowd term sampled_packets then accept > > > admin@m5# set firewall filter cflowd term other then accept > > > > > > To make things a bit confusing, they also say to enable it on an > > > interface: > > > > > > set interfaces e3/4/1 unit 0 family inet filter input cflowd > > > > > > I'm guessing you would do it on the interface or do it globally with > > > the "set forwarding- options family inet filter input filter <name>" > > > command? Confused a bit by this... > > > > > > Also, since I have other filters on the input side of my interfaces, I > > > presume I'd remove that last term "other" from their example. Although > > > I'm a bit concerned that dropping that on the input filter for the > > > interface will act as a terminating action in the evaluation of > > > packets flowing through the interface, and it won't continue on with > > > my other terms. > > > > > > I also see some mention in the Juniper CLI manual about how to do it > > > if you have a Monitoring Services PIC: > > > > > > http://jnpr.net/techpubs/software/junos/junos90/swconfig-policy/configuring-flow-monitoring.html > > > > > > Also, Arbor provides some instructions on configuring version 9 cflow, > > > too, although I don't think that's actually what I need to do. > > > > > > Does anyone have a similar setup who might be willing to help me out > > > with an annotated example? It would be very much appreciated. > > > > > > Thanks, > > > > > > -M > > > > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp
signature.asc
Description: This is a digitally signed message part
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp