Peter,
the config provided is working fine on 10.2R1.8
Sampling must indeed be enabled at logical interface level with
something like this:
ge-3/0/7 {
link-mode full-duplex;
unit 0 {
family inet {
sampling {
input;
}
address 1.1.1.1/30;
}
}
}
or also with a firewall filter.
Thanks,
Luca.
On Fri, 2010-07-16 at 08:01 +0200, Peter Krupl wrote:
> Hi Chris, Luca, David (Posted a reply off list),
>
> Im running Junos 10.1R1.8.
> The current configuration im using is shown below.
>
> The configuration is accepted, and I see some flow exports to my collector.
>
> But the traffic received at the collector is arriving at an interval og about
> 60 seconds,
> and it seems the data is the same. I suspect that is only template
> information, and not
> actual flow data.
>
> 1.
> Do I (have to)/(can i) specify which interfaces should be included in the
> flow export ?
>
> 2.
> As my box is running as PE, I think the mpls-ipv4 template is the one to use,
> am I correct ?
>
> 3.
> The license for flow accounting called "SA-ACCT-5M" did not contain any
> license keys. Do I need to obtain an activation key somehow ? Maybe this is
> why I don't se any flows.?
>
>
>
> -----------------------------------CONFIG-----------------------------------
> chassis {
> .
> fpc 1 {
> .
> pic 1 {
> tunnel-services {
> bandwidth 10g;
> }
> adaptive-services {
> service-package layer-3;
> }
> }
> }
> network-services ip;
> }
> interfaces {
> .
> sp-1/1/0 {
> unit 0 {
> family inet;
> family inet6;
> family mpls;
> }
> }
> .
> }
> forwarding-options {
> sampling {
> input {
> rate 1;
> run-length 1;
> }
> family mpls {
> output {
> flow-server 213.173.238.99{
> port 9990;
> source-address 89.233.99.193;
> version9 {
> template {
> mpls-ipv4;
> }
> }
> }
> interface sp-1/1/0 {
> source-address 89.233.99.193;
> }
> }
> }
> }
> }
>
> services {
> flow-monitoring {
> version9 {
> template ipv4 {
> ipv4-template;
> }
> template ipv6 {
> ipv6-template;
> }
> template mpls {
> mpls-template;
> }
> template mpls-ipv4 {
> mpls-ipv4-template;
> }
> }
> }
> .
> }
>
> -----------------------------------CONFIG-----------------------------------
>
> Kind Regards,
> Peter Krupl
>
>
> -----Original Message-----
> From: Chris Tracy [mailto:[email protected]]
> Sent: Thursday, July 15, 2010 7:55 PM
> To: bit gossip
> Cc: Peter Krupl; [email protected]
> Subject: Re: [j-nsp] MS-DPC and netflow.
>
> Peter, Luca,
>
> I believe you need to be running 9.6 or later in order to use the config that
> Luca provided below.
>
> Prior to 9.6, you will only find 'input', 'output' and 'traceoptions' under
> forwarding-options { sampling { ... } }. After 9.6, you will find 'family
> inet' and 'family inet6' under that level -- but not in earlier releases. In
> either case, under output { ... }, older JUNOS seems to use 'cflowd' while
> newer JUNOS uses the 'flow-server' keyword.
>
> The advantage is that after 9.6, you can output IPv4 and IPv6 flow data to
> the same collector IP address/port. e.g. apply multiple templates to a
> single collector. Before 9.6, you had to apply the IPv4 template to one
> cflowd IP, and the IPv6 (or MPLS) template to another cflowd IP.
>
> Another cool thing you can do after 9.6 is per-FPC sampling instances. For
> example, you can do
>
> forwarding-options {
> sampling {
> instance {
> xyz {
> input { ... }
> family inet { ... }
> family inet6 { ... }
> }
> }
> }
> }
> chassis {
> fpc X {
> sampling-instance xyz;
> }
> }
>
> I haven't really seen a reason to use this type of config yet, but if you are
> somehow max'ing out the resources of a single MS-DPC, it looks like you could
> potentially use this syntax to dedicate one MS-DPC to one or more FPCs,
> another MS-DPC to another set of FPCs, etc.
>
> For completeness, here is a working example from JUNOS 9.3. Just make sure
> you are doing sampling somewhere in your firewall filters (e.g. you might
> sample all inbound on every interface). You need to be careful not to sample
> the same flow twice (on each router) or else your flow records will show
> double packets/octets.
>
> interfaces {
> sp-1/0/0 {
> unit 0 {
> family inet;
> family inet6;
> family mpls;
> }
> }
> }
> forwarding-options {
> sampling {
> input {
> family inet {
> rate 1;
> run-length 0;
> max-packets-per-second 65000;
> }
> family inet6 {
> rate 1;
> run-length 0;
> max-packets-per-second 65000;
> }
> }
> output {
> cflowd 10.0.0.1 {
> port 9999;
> version9 {
> template {
> ipv4;
> }
> }
> no-local-dump;
> autonomous-system-type origin;
> }
> cflowd 10.0.0.2 {
> port 9999;
> version9 {
> template {
> ipv6;
> }
> }
> no-local-dump;
> autonomous-system-type origin;
> }
> flow-inactive-timeout 15;
> flow-active-timeout 60;
> interface sp-1/0/0 {
> source-address [router loopback address];
> }
> }
> }
> }
> services {
> flow-monitoring {
> version9 {
> template ipv4 {
> ipv4-template;
> }
> template mpls {
> mpls-template;
> }
> template ipv6 {
> ipv6-template;
> }
> }
> }
> }
>
> Cheers,
> -Chris
>
>
> On Jul 15, 2010, at 10:18 AM, bit gossip wrote:
>
> > Hi Peter,
> > this should be working
> > Thanks,
> > Luca.
> >
> > forwarding-options {
> > sampling {
> > input {
> > rate 1;
> > run-length 0;
> > }
> > family inet {
> > output {
> > flow-server 1.1.1.66 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO_V9;
> > }
> > }
> > }
> > flow-server 1.1.1.194 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO_V9;
> > }
> > }
> > }
> > interface sp-2/0/0 {
> > source-address 1.1.1.1;
> > }
> > }
> > }
> > family inet6 {
> > output {
> > flow-server 1.1.1.66 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO-INET6-V9;
> > }
> > }
> > }
> > flow-server 1.1.1.194 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO-INET6-V9;
> > }
> > }
> > }
> > interface sp-2/0/0 {
> > source-address 1.1.1.1;
> > }
> > }
> > }
> > }
> > }
> > services {
> > flow-monitoring {
> > version9 {
> > template PIPPO_V9 {
> > ipv4-template;
> > }
> > template PIPPO-INET6-V9 {
> > ipv6-template;
> > }
> > }
> > }
> > }
> >
> > On Thu, 2010-07-15 at 10:58 +0200, Peter Krupl wrote:
> >> Hi guys,
> >>
> >> Im at a complete loss regarding this issue. And the documentation at J is
> >> a bad mess of RE based flow sampling, and M series stuff mixed with
> >> MX/MS-DPC stuff.
> >>
> >> 1 .Do I need to prep the MS-DPC more than ? :
> >> aggregated-devices {
> >> ethernet {
> >> device-count 1;
> >> }
> >> }
> >> fpc 1 {
> >> pic 0 {
> >> adaptive-services {
> >> service-package layer-3;
> >> }
> >> }
> >> pic 1 {
> >> adaptive-services {
> >> service-package layer-3;
> >> }
> >> }
> >> }
> >> network-services ip;
> >>
> >> 2. Anyone has a working configuration for netflow v9 on MX ?
> >>
> >> 3. And what is the purpose of the source address statement under /
> >> forwarding-options/output/interface,
> >> where is this address used ?
> >>
> >> Im running 10.1R1.8 and the suggested config in the docs for 10.1 gives me
> >> a
> >> deprecated warning.
> >>
> >> Here is my config:
> >>
> >> forwarding-options {
> >> sampling {
> >> input {
> >> family inet {
> >> rate 1;
> >> }
> >> family mpls {
> >> rate 1;
> >> }
> >> }
> >> output { ## Warning: 'output' is deprecated
> >> flow-inactive-timeout 30;
> >> flow-active-timeout 60;
> >> flow-server 213.173.238.14 {
> >> port 9990;
> >> version9 {
> >> template {
> >> ip-template;
> >> }
> >> }
> >> }
> >> interface sp-1/0/0 {
> >> source-address 1.1.1.1;
> >> }
> >> }
> >> }
> >> }
> >>
> >> Kind regards,
> >> Peter Krupl
> >>
> >> _______________________________________________
> >> juniper-nsp mailing list [email protected]
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list [email protected]
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> --
> Chris Tracy <[email protected]>
> Energy Sciences Network (ESnet)
> Lawrence Berkeley National Laboratory
>
>
>
>
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
