Hi all,
Thanks for supporting.
After the change of flow-table-size we now get to see flows on the GENIEATM
box.
result:
Received Flows/sec: 5126
Flow information
FPC Slot: 0
Flow Packets: 42833914564, Flow Bytes: 37364742189748
Active Flows: 235206, Total Flows: 1015377662
Flow
I recently did this on operational/live MX960's on my 100 gig mpls ring with
no problem. ...no service impact, no card reboots.
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 4
I run...
agould@960> show system information
Model: mx960
Family: junos
Junos: 17.4R1-S2.2
Hos
Hi,
On 02.01.2019 13:18, sth...@nethelp.no wrote:
From 16.1R1 and up you should also configure the ip flow table sizes
as the default is 1024 entries for v4 if I'm not mistaken. Not sure if
this is your current issue but is something to consider as well. Also
check flex-flow-sizing as an option
Hi,
On 02.01.2019 11:49, Saku Ytti wrote:
Trio does IPFIX in HW, it can inspect each and every packet with no
different cost. So if your flow table can survive it, do 1:1 and get
more visibility.
AFAIK not all Trio Generations and variants are able to do 1:1 at Line Rate.
IIRC MPC5E and newer
> From 16.1R1 and up you should also configure the ip flow table sizes
> as the default is 1024 entries for v4 if I'm not mistaken. Not sure if
> this is your current issue but is something to consider as well. Also
> check flex-flow-sizing as an option.
Note that changing the flow table sizes has
>From 16.1R1 and up you should also configure the ip flow table sizes
as the default is 1024 entries for v4 if I'm not mistaken. Not sure if
this is your current issue but is something to consider as well. Also
check flex-flow-sizing as an option.
Luis
On Wed, Jan 2, 2019 at 7:51 AM A. Camci wro
> see the config:
>
> set services flow-monitoring version-ipfix template ipv4 ipv4-template
> set services flow-monitoring version-ipfix template ipv6 ipv6-template
We have a bit more, e.g.
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 15;
On Wed, 2 Jan 2019 at 12:32, Dave Bell wrote:
> Netflow/Jflow/IPFIX does not sample packets. It samples flows. A flow is
> (could be?) made up of many packets.
Everyone probably means the same thing here, but the way you are
saying it, is very confusing to me.
Sampling means we do not look at e
you're right, but that's what I meant.
Op wo 2 jan. 2019 om 11:29 schreef Dave Bell :
> i want samples of a every 128 packets
>>
>
> Netflow/Jflow/IPFIX does not sample packets. It samples flows. A flow is
> (could be?) made up of many packets.
>
>
_
>
> i want samples of a every 128 packets
>
Netflow/Jflow/IPFIX does not sample packets. It samples flows. A flow is
(could be?) made up of many packets.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/ju
This sets a sampling rate of 128:1. Is that intentional?
yes.
i want samples of a every 128 packets
i have also tried with 100 and 512 but still same output.
Op wo 2 jan. 2019 om 11:16 schreef Dave Bell :
> set forwarding-options sampling instance inline input rate 128
>
> This sets a sampling
set forwarding-options sampling instance inline input rate 128
This sets a sampling rate of 128:1. Is that intentional?
Dave
On Wed, 2 Jan 2019 at 10:08, A. Camci wrote:
> Hi Steinar,
>
> see the config:
>
> set services flow-monitoring version-ipfix template ipv4 ipv4-template
> set services
Hi Steinar,
see the config:
set services flow-monitoring version-ipfix template ipv4 ipv4-template
set services flow-monitoring version-ipfix template ipv6 ipv6-template
set forwarding-options sampling instance inline input rate 128
set forwarding-options sampling instance inline family inet ou
> Does anyone have experience with GENIEATM ( 6.3.2 ) and Juniper MX480 MPCE
> Type 2 3D ( 16.1R4-S3.6).
> recently we use the inline-jflow monitoring.
>
> it works but we receive too little sampling.
> expect a 10k of sampling per second instead of 100 samples
We have quite a bit of experience w
Hi all,
Does anyone have experience with GENIEATM ( 6.3.2 ) and Juniper MX480 MPCE
Type 2 3D ( 16.1R4-S3.6).
recently we use the inline-jflow monitoring.
it works but we receive too little sampling.
expect a 10k of sampling per second instead of 100 samples
Border Router:
Flow information
F
SRRD mem size should be related to the route table size, from what I
understood...
On an MX480 in 16.1R with DFZ in VRF:
> show system processes extensive | match srrd
5174 root 1 200 1220M 509M select 3 30:36 0.00% srrd
Not sure an MX104 is the best gear to run DFZ + inl
Hi All,
I’m trying to do inline jflow on my mx-104s, and the inline part is working
fine. But it seems to use a lot of memory, to the extent that i think it’s
leaking. I’d encountered PR1180158 when running 15.1R6, so I’m trying it on one
router with 17.4R1-16 I’m not seeing the route delete fa
We turned this up this morning with no service hits and flows are
exporting correctly;
- MX480 Virtual-Chassis
- Enabled on member 1 / FPC 0
- Junos 14.1
:)
Scott H.
On 9/11/14, 7:00 PM, Hugo Slabbert wrote:
Forgot to note: we were running 11.4R7.5 on both that MX480 and MX5,
in case that's
Hi Scott,
Without taking a look at the implementation guides I can't answer this with
100% certainty, however look for PRs before deploying inline-jflow as it's
bitten a fair few people.
We're currently waiting for the next release of Junos to resolve a jflow
issue / issues.
Cheers,
Graham
Grah
Thanks for all the input guys, we're going to give this a go early
tomorrow morning. We're running 14.1, I'll report back my findings for
reference.
Scott H.
On 9/11/14, 5:59 PM, Hugo Slabbert wrote:
We did not get a hit on enabling inline sampling with a config very
similar yours, though we
Hey guys,
Quick question, if we setup inline jflow on a MX480 and do not adjust
the hash table sizes, will the FPC still restart?*
Specifically the config change would look like this ( MX480 VC, member
1, FPC 0(VC FPC 12) would be put into this but not member 0 ):
[edit chassis]
+ member
On (2013-12-14 21:25 +0200), moki wrote:
> Do you think of any other original way to avoid the problem ?
I don't think so. Get rid of ECMP or upgrade.
--
++ytti
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman
Thank you guys
Phil , I originally configured the rate to 1000 , So i believe that's not
the problem .
Saku Thanks for your reply , I saw the PR , and the workaround is
problematic , because the router where the sampling configured is Edge
router , and off course it has ecmp toward the collector an
Do you have ECMP or LFA towards collector? And are you running earlier than
11.4R6, 12.1R4 or 12.2R2? If so, you might be hitting PR805061
Try 'show jnh 0 sample-inline statistics ipv4' in PFE
Do you see 'Flow insert Policer Drops' incrementing?
On 8 December 2013 20:09, moki wrote:
> Hello g
On Dec 8, 2013, at 1:09 PM, moki wrote:
> when i execute the command
> show services accounting flow inline-jflow fpc-slot 0
> The counters don't grow
> Flow information
>FPC Slot: 0
>Flow Packets: 9811498, Flow Bytes: 7364152991
>Active Flows: 4294967295, Total Flows: 4134755
>
Hello guys
I have a problem with inline jflow I configured everything by the book .
The router exported netflow information for about 20 minutes , and
afterwards it stopped .
Here is the configuration :
fpc 0 {
sampling-instance sample-ins1;
inline-services {
flow-table-size {
On Friday, July 05, 2013 11:28:25 PM david@orange.com
wrote:
> I tested RPKI on a beta 12.2 and found a major bug but
> now fixed. 12.3 works fine for us since 2 months. But,
> of course without nsr ;-)
Good to hear. It's early days so not too bad.
Roll-out of RPKI is likely to be increment
I tested RPKI on a beta 12.2 and found a major bug but now fixed. 12.3 works
fine for us since 2 months. But, of course without nsr ;-)
David
Envoyé depuis mon Samsung Galaxy Ace d'Orange
Mark Tinka a écrit :
On Monday, July 01, 2013 05:02:33 PM Mark Tinka wrote:
> The only reason I'd ven
On Monday, July 01, 2013 05:02:33 PM Mark Tinka wrote:
> The only reason I'd venture into 12.3 or 13 is if the
> hardware requires it.
On second thought, we want RPKI support, and that is 12.2
minimum.
Mark.
signature.asc
Description: This is a digitally signed message part.
_
gh to try 12.3 yet to see what the damage is? =)
From: Richard Hesse [mailto:richard.he...@weebly.com<http://weebly.com>]
Sent: Friday, June 28, 2013 5:52 PM
To: Gabriel Blanchard
Cc: Drew Weaver; juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>
Subject: Re: [j-nsp] Inl
chard Hesse [mailto:richard.he...@weebly.com<http://weebly.com>]
Sent: Friday, June 28, 2013 5:52 PM
To: Gabriel Blanchard
Cc: Drew Weaver; juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>
Subject: Re: [j-nsp] Inline jflow AS Lookup Failures
Did you report the crash to Junip
On Monday, July 01, 2013 04:24:37 PM Drew Weaver wrote:
> Has anyone else been brave enough to try 12.3 yet to see
> what the damage is? =)
Still on 11.4 here.
The only reason I'd venture into 12.3 or 13 is if the
hardware requires it.
We're looking to get some new Juniper kit next year, so
m
Has anyone else been brave enough to try 12.3 yet to see what the damage is? =)
From: Richard Hesse [mailto:richard.he...@weebly.com]
Sent: Friday, June 28, 2013 5:52 PM
To: Gabriel Blanchard
Cc: Drew Weaver; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Inline jflow AS Lookup Failures
Did
that 12.3R3 is going to
> be?
> >
> > From: Richard Hesse [mailto:richard.he...@weebly.com]
> > Sent: Friday, June 28, 2013 2:58 PM
> > To: Drew Weaver
> > Cc: juniper-nsp@puck.nether.net
> > Subject: Re: [j-nsp] Inline jflow AS Lookup Failures
> >
>
t; Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] Inline jflow AS Lookup Failures
>
> It's fixed in JunOS 12.3R3 and 13.2R1. It's in PR#820988, but that isn't
> ready for the public yet.
>
> -richard
>
> On Fri, Jun 28, 2013 at 5:08 PM, Richard Hesse
How much of a disaster (vs 11.4) are we guessing that 12.3R3 is going to be?
From: Richard Hesse [mailto:richard.he...@weebly.com]
Sent: Friday, June 28, 2013 2:58 PM
To: Drew Weaver
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Inline jflow AS Lookup Failures
It's fixed in JunOS 1
It's fixed in JunOS 12.3R3 and 13.2R1. It's in PR#820988, but that isn't
ready for the public yet.
-richard
On Fri, Jun 28, 2013 at 5:08 PM, Richard Hesse wrote:
> It's totally useless right now. I have a support case open with Juniper on
> this. I'll post back to the list if we make any headwa
It's totally useless right now. I have a support case open with Juniper on
this. I'll post back to the list if we make any headway.
-richard
On Fri, Jun 28, 2013 at 9:51 AM, Drew Weaver wrote:
> Howdy,
>
> I am wondering if anyone has figured out any way to get inline jflow to
> send proper ds
Howdy,
I am wondering if anyone has figured out any way to get inline jflow to send
proper dstas/srcas on routers with full tables?
I'm seeing a lot of these incrementing (snipped output):
show services accounting errors inline-jflow
Route Record Lookup Failures: 5415, AS Lookup Failures: 1
Hello guys
I already saw some emails regarding inline jflow issue but i will try anyway
I have the following configuration at my edge router :
set chassis fpc 0 sampling-instance sample-ins1
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 3
set chassis fpc 0 inline-servi
* Paolo Lucente [2012-11-22 18:24]:
> > 3) The test collector is reporting missed flows. I'm not sure if that
> >is a problem with the collector or if I'm really missing flows.
> >Anyone else had this problem?
>
> It can be something else but i'm generically not surprised on this:
> nearl
Hi,
On Tue, Nov 20, 2012 at 04:54:23PM +0100, Sebastian Wiesinger wrote:
> 3) The test collector is reporting missed flows. I'm not sure if that
>is a problem with the collector or if I'm really missing flows.
>Anyone else had this problem?
It can be something else but i'm generically no
On (2012-11-20 16:54 +0100), Sebastian Wiesinger wrote:
Just started with IPFIX export on two nodes this monday.
> 2) In Douglas Hanks Juniper MX Series book it is noted that the
>sampling rate for inline jflow must always be 1 (other rates are
>not valid). Still it seems to work with rat
Hello,
we're just setting up inline-jflow on MX Trio chipsets and I'm seeing
a few odd things:
1) Why is inline-jflow sending so many packets instead of putting more
then one flow in one udp packet? Every ~5 seconds I get a LOT of UDP
packets at the same time, many of them only containing 1
: Graham Brown
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] inline-jflow
Actually I thought of something
I have another router which is connected to the MPC on the problematic
router . I will configure the source interface address with this interface
on the MPC and configure static route toward
Actually I thought of something
I have another router which is connected to the MPC on the problematic
router . I will configure the source interface address with this interface
on the MPC and configure static route toward specific destination of the
flow server to this another router which has als
Hi Moki,
No worries; this is the exact challenge that faced my customer. Their
server was on the management subnet which was only connected to the routers
via the management interfaces. I'm not sure what they did to resolve it; I
would presume that they moved the server.
Sorry that I don't have a
Thank you Graham,
I suspected that this is the case ...
Is there another way to overcome this problem ?
Because our netflow server connected to OOB management network which is
routed only via Fxp interface ...
On Thu, Sep 6, 2012 at 6:55 PM, Graham Brown
wrote:
> Hi Moki,
>
> The export of flow d
* dha...@juniper.net (Doug Hanks) [Thu 06 Sep 2012, 18:58 CEST]:
Using fxp0 for inline-jflow has been disabled since 10.2; you need
to use a revenue port as the egress.
Or what engineers call a non-management port
-- Niels.
--
___
juniper-n
Using fxp0 for inline-jflow has been disabled since 10.2; you need to use
a revenue port as the egress.
On 9/6/12 5:05 AM, "moki" wrote:
>Hello
>Does anyone know if inline-jflow support to send traffic via fxp
>interface.
>I tried to configure inline-jflow with the configuration bellow when the
Hi Moki,
The export of flow data is not supported via an fxp interface. The fxp0
interface does not have the hardware capabilities to handle this kind of
operation.
I had a similar customer query a while back; they could configure the
export of flows via the fxp interface, however it never worked
Hello
Does anyone know if inline-jflow support to send traffic via fxp interface.
I tried to configure inline-jflow with the configuration bellow when the
route to the destination is the fxp interface:
family inet {
output {
flow-server 88.88.88.1 {<-- routed via
52 matches
Mail list logo