On 11/1/2011 6:39 AM, Phil Mayers wrote:
On the MX series routers, the only netflow you can do with DPCs is
heavily sampled, exported by the RE, and limited to Netflow v5?
Without an ms-dpc, that is correct.
If you have DPCs, you can buy an MS-DPC to do "real" netflow. Based on
the software license part numbers, it seems this card can go up to at
least 40 million (!) flows?
MS-DPC does 5.2 million flows per NPU, and it has 2x NPU on the DPC. so
just over 10mil. It handles IPv4, MPLS, MPLS-IPv4, IPv6. Max throughput
is around 7-8Gbps (2NPU).
If you have an MS-DPC, how is the flow capture performed? Do packets
get routed through the MS-DPC and then back into the fabric, or does
the packet (or some portion of it) get replicated? Does this affect
forwarding throughput or latency?
My understanding is that it's mirrored to the MS-DPC.
If you have MPCs, the Trio chipset supports netflow "inline"? But I
see no indication of what the flow capacity of the Trio PFEs is. I see
some part numbers for "10 Gbps of J-flow (requires MPC)" such as
S-ACCT-JFloW-IN- 10g. But does that number refer to input (customer)
packets or output (jflow) packets?
IPv4 IPFIX is all that was enabled on trio the last I checked. they are
still adding the rest of the features to it. Trio does 4 million flows,
40Mpps, and 20Gbit (presumably per trio).
I'm assuming these licenses cost a lot of money; can any give
indications of what cost? Or what fraction of the MPC cost?
No idea.
How do the two (MS-DPC or MPC with built-in netflow) compare
feature-wise with "equivalent" Cisco platforms (ASR, for example). Do
they support IPv6, full "unsampled" (1:1) netflow, full src/dst
ip/port & interface "masks" etc.?
MS-DPC does jflow v9. if you're traffic is lower than it's caps, it can
do 1:1.
The trio is only v4, but uses the new IPFix. v6 and mpls support are on
the roadmap for it.
The upshot of the question is, what combination of Juniper hardware do
you need to do unsampled netflow "the same as an equivalent Cisco",
and roughly how much would it cost? I'm assuming "too much" is the
answer, but would like to be sure.
As the code completes, trio support is the most likely to actually pull
1:1, but even it has it's limitations. I current just use the RE with
file logging if I need to check for something. I still haven't found a
flow collection layout I'm happy with. Once I do and trio has IPv6, I'll
pop the licenses for that, but then I'm fully MPC.
Jack
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
