The flow configuration is working as posted- i was testing this in a legacy setup and forgot there was another firewall in the path between my mx80s and my flow collector.
thanks all for the help! -andy On Thu, Jan 15, 2015 at 9:44 AM, Andy Litzinger < andy.litzinger.li...@gmail.com> wrote: > Hi Scott and all, > can you give an example of what i might have to open? I have a > reject-all and log statement at the end of my lo0.0 filter and I don't see > any matches toward my flow-server ip. I'm also don't understand why an > input filter on the loopback would impact outbound traffic to my > flow-server? > > I forgot to mentions, but I'm running 13.3R4.6 > > I am running a tcpdump on my flow-server and no packets have arrived. It > seems to me that flows are being captured and exported, even with the > default template settings: > > # run show services accounting flow inline-jflow > Flow information > TFEB Slot: 0 > Flow Packets: 5805, Flow Bytes: 3941343 > Active Flows: 4, Total Flows: 3907 > Flows Exported: 3457, Flow Packets Exported: 3453 > Flows Inactive Timed Out: 3204, Flows Active Timed Out: 699 > > <let a few seconds pass> > > # run show services accounting flow inline-jflow > Flow information > TFEB Slot: 0 > Flow Packets: 5806, Flow Bytes: 3942763 > Active Flows: 2, Total Flows: 3907 > Flows Exported: 3458, Flow Packets Exported: 3454 > Flows Inactive Timed Out: 3206, Flows Active Timed Out: 699 > > regards, > -andy > > > > On Thu, Jan 15, 2015 at 6:51 AM, Scott Granados <sc...@granados-llc.net> > wrote: > >> You will definitely have to poke a hole in your firewall on your >> loopback. Also, make sure the loopback is part of the main routing >> instance not in another grouting instance, your source until very recent >> releases has to be in the global table. Use TCPDump to make sure that flow >> packets are reaching your collector as well for testing. >> >> >> On Jan 15, 2015, at 12:18 AM, Andy Litzinger < >> andy.litzin...@theplatform.com> wrote: >> >> > Yes I do. Sounds like I need to pole a hole? >> > >> > >> > >> >> On Jan 14, 2015, at 6:14 PM, Eduardo Schoedler <lis...@esds.com.br> >> wrote: >> >> >> >> Do you have a firewall in your loopback? >> >> >> >> -- >> >> Eduardo >> >> >> >> Em quarta-feira, 14 de janeiro de 2015, Andy Litzinger < >> >> andy.litzinger.li...@gmail.com> escreveu: >> >> >> >>> Levi, >> >>> did you get this working? My MX80 appears to be collecting flows, >> but I >> >>> don't see any output to my flow server. The server ip is reachable >> from my >> >>> MX 80. >> >>> >> >>> # show chassis >> >>> <snip> >> >>> tfeb { >> >>> slot 0 { >> >>> sampling-instance tp-sampling-instance; >> >>> } >> >>> } >> >>> >> >>> # show forwarding-options sampling >> >>> traceoptions { >> >>> file ipfix.log size 10k; >> >>> } >> >>> instance { >> >>> tp-sampling-instance { >> >>> input { >> >>> rate 1000; >> >>> } >> >>> family inet { >> >>> output { >> >>> flow-server <my flow server> { >> >>> port 2055; >> >>> version-ipfix { >> >>> template { >> >>> ipfix-ipv4-template; >> >>> } >> >>> } >> >>> } >> >>> inline-jflow { >> >>> source-address <my loopback>; >> >>> } >> >>> } >> >>> } >> >>> } >> >>> } >> >>> >> >>> # show services >> >>> flow-monitoring { >> >>> version-ipfix { >> >>> template ipfix-ipv4-template { >> >>> ipv4-template; >> >>> } >> >>> } >> >>> } >> >>> >> >>> # show interfaces ge-1/0/0 >> >>> <snip> >> >>> unit 0 { >> >>> family inet { >> >>> sampling { >> >>> input; >> >>> } >> >>> address <isp-uplink-ip>; >> >>> } >> >>> } >> >>> >> >>> # run show services accounting status inline-jflow >> >>> Status information >> >>> TFEB Slot: 0 >> >>> IPV4 export format: Version-IPFIX, IPV6 export format: Not set >> >>> VPLS export format: Not set >> >>> IPv4 Route Record Count: 516479, IPv6 Route Record Count: 4 >> >>> Route Record Count: 516483, AS Record Count: 143756 >> >>> Route-Records Set: Yes, Config Set: Yes >> >>> >> >>> # run show services accounting flow inline-jflow >> >>> Flow information >> >>> TFEB Slot: 0 >> >>> Flow Packets: 1445, Flow Bytes: 1419455 >> >>> Active Flows: 22, Total Flows: 935 >> >>> Flows Exported: 764, Flow Packets Exported: 752 >> >>> Flows Inactive Timed Out: 623, Flows Active Timed Out: 290 >> >>> >> >>> regards, >> >>> -andy >> >> >> >> -- >> >> Eduardo Schoedler >> >> _______________________________________________ >> >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > >> > _______________________________________________ >> > juniper-nsp mailing list juniper-nsp@puck.nether.net >> > https://puck.nether.net/mailman/listinfo/juniper-nsp >> >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp