Re: [j-nsp] Netflow config for MX204

> From: Saku Ytti > Sent: Friday, April 17, 2020 11:53 AM > > On Fri, 17 Apr 2020 at 13:23, wrote: > > > Yup this bit was clear, actually on this one, when I was searching I > > stumbled > upon a XR-9k cmd to enable connecting management port to fabric ... "rp > mgmtethernet forwarding" > >

Re: [j-nsp] Netflow config for MX204

On Fri, 17 Apr 2020 at 13:23, wrote: > Yup this bit was clear, actually on this one, when I was searching I stumbled > upon a XR-9k cmd to enable connecting management port to fabric ... "rp > mgmtethernet forwarding" I don't think you can. I think you enable forwarding through RE, but the

Re: [j-nsp] Netflow config for MX204

> From: Saku Ytti > Sent: Friday, April 17, 2020 8:49 AM > > On Fri, 17 Apr 2020 at 10:39, wrote: > > > Can you expand on the above please? > > Say comparing RE/RSP management port on ASR9k and MX, > > No management port is revenue port, and will kill your flow export, if flow > export is

Re: [j-nsp] Netflow config for MX204

On 17/Apr/20 09:49, Saku Ytti wrote: > No management port is revenue port, and will kill your flow export, if > flow export is supported directly from the NPU. Because if it works, > it means NPU has to _punt_ the traffic to control-plane, to export it. > Where as if NPU supports exporting off

Re: [j-nsp] Netflow config for MX204

On Fri, 17 Apr 2020 at 10:39, wrote: > Can you expand on the above please? > Say comparing RE/RSP management port on ASR9k and MX, No management port is revenue port, and will kill your flow export, if flow export is supported directly from the NPU. Because if it works, it means NPU has to

Re: [j-nsp] Netflow config for MX204

> Saku Ytti > Sent: Sunday, April 12, 2020 9:44 AM > > On Sun, 12 Apr 2020 at 03:53, Mark Tinka wrote: > > > On 11/Apr/20 08:04, Nick Schmalenberger via juniper-nsp wrote: > > > I had the same issue with first trying to export over fxp0, then > > > > We just export flows in-band. Just seems

Re: [j-nsp] Netflow config for MX204

On 14/Apr/20 22:50, Nick Schmalenberger via juniper-nsp wrote: > I am exporting in-band, the next-table is so the default table > can access a port in my routing instance that has the in-band > ports. Well, we don't use VRF's for the Internet table. For us, it's always seemed like an overly

Re: [j-nsp] Netflow config for MX204

--- Begin Message --- On Sun, Apr 12, 2020 at 02:45:57AM +0200, Mark Tinka wrote: > > > On 11/Apr/20 08:04, Nick Schmalenberger via juniper-nsp wrote: > > I had the same issue with first trying to export over fxp0, then > > trying with my routing instance, and I ended up making a static > >

Re: [j-nsp] Netflow config for MX204

--- Begin Message --- Perhaps you just needed to add (to your original config) routing-instance vrf-name under forwarding-options sampling family inet output flow-server x.x.x..x and not to overdo everything under vrf On 09-Apr-20 10:03, Liam Farr wrote: Seems I cant just drop the

Re: [j-nsp] Netflow config for MX204

On Sun, 12 Apr 2020 at 12:13, Vincent Bernat wrote: > What's a "non-revenue port"? fxp0, em0, mgmtmethernet0, etc. Any port not hanging off of forwarding hardware. -- ++ytti ___ juniper-nsp mailing list juniper-nsp@puck.nether.net

Re: [j-nsp] Netflow config for MX204

❦ 12 avril 2020 11:43 +03, Saku Ytti: >> We just export flows in-band. Just seems simpler, and has been reliable >> for close to 10 years. > > in-band is right, Trio can export the flow itself, you will kill your > performance if you do non-revenue port export. What's a "non-revenue port"? --

Re: [j-nsp] Netflow config for MX204

On Sun, 12 Apr 2020 at 03:53, Mark Tinka wrote: > On 11/Apr/20 08:04, Nick Schmalenberger via juniper-nsp wrote: > > I had the same issue with first trying to export over fxp0, then > > We just export flows in-band. Just seems simpler, and has been reliable > for close to 10 years. in-band is

Re: [j-nsp] Netflow config for MX204

On 11/Apr/20 08:04, Nick Schmalenberger via juniper-nsp wrote: > I had the same issue with first trying to export over fxp0, then > trying with my routing instance, and I ended up making a static > route in inet6.0 with next-table over to the instance table where > the route into the LAN for my

Re: [j-nsp] Netflow config for MX204

--- Begin Message --- On Sat, Apr 11, 2020 at 03:52:53PM +1200, Liam Farr wrote: > Hi, > > Got things working in the end, thanks everyone for their help and patience. > > Also thanks @John Kristoff especially for the template at > https://github.com/jtkristoff/junos/blob/master/flows.md it was >

Re: [j-nsp] Netflow config for MX204

Hi, Got things working in the end, thanks everyone for their help and patience. Also thanks @John Kristoff especially for the template at https://github.com/jtkristoff/junos/blob/master/flows.md it was very helpful. As I suspected I was doing something dumb, or rather a combination of the dumb.

Re: [j-nsp] Netflow config for MX204

On Thu, 9 Apr 2020 06:20:00 + Liam Farr wrote: > However I am getting export packet failures. Some loss of flows being exported may be unavoidable depending on your configuration and environment. If you want to see fewer errors you may just have to sample less frequently. The numbers

Re: [j-nsp] Netflow config for MX204

--- Begin Message --- By any chance does you config/design include LSYS? If yes export could/will have issues, BUT at same time this combination is not officially supported together to start with. So if trying to use these together, you are on your own.

Re: [j-nsp] Netflow config for MX204

Seems I cant just drop the forwarding options into the vrf verbatim; # show | compare [edit] - forwarding-options { - sampling { - sample-once; - instance { - default { - input { - rate 100; - } -

Re: [j-nsp] Netflow config for MX204

hey, To be honest, we are on the old method and don't notice any badness. One of those "If it ain't broke" times :-). If you have your tables sized correctly then why would you notice anything? They are the same tables after all. I was just pointing out that if someone is distributing a

Re: [j-nsp] Netflow config for MX204

--- Begin Message --- On 09-Apr-20 08:20, Liam Farr wrote: Hi, changed to a loopback address on one of the VRF's, ... Not sure specifically what I am doing wrong here, it seems to be collecting the flows ok, but exporting is the issue? I'd appreciate any advice or pointers thanks :)

Re: [j-nsp] Netflow config for MX204

On 8/Apr/20 18:17, Tarko Tikan wrote: >   > > AFAIR no. You can verify via "show jnh 0 inline-services > flow-table-info" from the PFE shell. Okay. To be honest, we are on the old method and don't notice any badness. One of those "If it ain't broke" times :-). Mark.

Re: [j-nsp] Netflow config for MX204

Hi, I'm using the config example at https://github.com/jtkristoff/junos/blob/master/flows.md (many thanks) with a couple of exceptions. However I am getting export packet failures. Exceptions / changes from the example are the use of *flex-flow-sizing* and *sampling on the interface* rather

Re: [j-nsp] Netflow config for MX204

hey, Does one need to reboot the box if you switch to "flex-flow-sizing"? The documentation seems to say so if you're going from the old format to the new one. AFAIR no. You can verify via "show jnh 0 inline-services flow-table-info" from the PFE shell. -- tarko

Re: [j-nsp] Netflow config for MX204

On 8/Apr/20 16:33, Tarko Tikan wrote: > > I don't have any 204s but perhaps use flex-flow-sizing instead manual > table sizes? > > And if you do a lot of flow then you need to raise flow-export-rate > from default as well. Does one need to reboot the box if you switch to "flex-flow-sizing"?

Re: [j-nsp] Netflow config for MX204

hey, I've used IPFIX before, here is an example of how that might be setup, whether it is good or not I'll let others judge and I can fix if there is feedback: I don't have any 204s but perhaps use flex-flow-sizing instead manual

Re: [j-nsp] Netflow config for MX204

    Hi,     IMHO,     Directly on the interface permit to use plugins in Elastiflow (example) to highlight odd traffic behavior (Scans/DDoS) - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W

Re: [j-nsp] Netflow config for MX204

On 8/Apr/20 14:51, Mark Tinka wrote: > > Looks good. The only other thing I would do different is to sample directly on the interface, rather than through a firewall filter: xe-0/1/0 {     unit 0 {     family inet {     sampling {     input;     output;

Re: [j-nsp] Netflow config for MX204

On 8/Apr/20 14:42, John Kristoff wrote: > > I've used IPFIX before, here is an example of how that might be setup, > whether it is good or not I'll let others judge and I can fix if there > is feedback: > > Looks good. The only

Re: [j-nsp] Netflow config for MX204

On Wed, 8 Apr 2020 09:26:10 + Liam Farr wrote: > Just wondering is someone here has a working netflow config for a MX204 > they might be able to share. I've used IPFIX before, here is an example of how that might be setup, whether it is good or not I'll let others judge and I can fix if

Re: [j-nsp] Netflow config for MX204

On 8/Apr/20 11:26, Liam Farr wrote: > Hi, > > Just wondering is someone here has a working netflow config for a MX204 > they might be able to share. > > Last time I did netflow on a Juniper router it was a J2320 

[j-nsp] Netflow config for MX204

Hi, Just wondering is someone here has a working netflow config for a MX204 they might be able to share. Last time I did netflow on a Juniper router it was a J2320  -- Kind Regards Liam Farr Maxum Data +64-9-950-5302 ___ juniper-nsp mailing list