Hello,
What happens if You configure "inline-jflow source-address 2.2.2.2"
instead of 1.1.1.1?
I bet Your jflow source IP would become 2.2.2.2 and since 2.2.2.2 exists
in the LS LAB, your collector can recognise these packets carry tfc
stats from LS LAB.
By the same token, You have to have 1 jflow instance per LS.
Or do I miss something here?
Thx
Alex
On 24/11/2016 19:21, Epafras R Schaden wrote:
Hi Alex,
I tried your suggestion on LAB, but unfortunately it does not work. It
appears that the configuration that sets the source-address on the
packets outgoing the router to the flow server is the in-line jflow
source configuration, and it cannot be configured for each instance.
I’m attaching my configuration to share. If you and other guys have
any suggestion I’ll be glad to test.
Thanks
Epafras Schaden
[edit]
epafras@PE1# show services
flow-monitoring {
version-ipfix {
template flow {
flow-active-timeout 60;
flow-inactive-timeout 30;
template-refresh-rate {
seconds 10;
}
option-refresh-rate {
seconds 10;
}
ipv4-template;
}
}
}
[edit]
epafras@PE1# show forwarding-options
sampling {
input {
rate 1000;
}
instance {
LAB {
input {
rate 1000;
run-length 0;
}
family inet {
output {
flow-inactive-timeout 15;
flow-active-timeout 60;
flow-server 50.0.0.254 {
port 63636;
version-ipfix {
template {
flow;
}
}
}
inline-jflow {
source-address 1.1.1.1;
}
}
}
}
}
}
[edit]
epafras@PE1#
[edit]
epafras@PE1# show interfaces lo0
unit 0 {
family inet {
address 1.1.1.1/32;
address 2.2.2.2/32;
}
}
epafras@PE1# top show logical-systems FLOW
interfaces {
ge-0/0/0 {
unit 200 {
description "LS FLOW - VLAN 200";
vlan-id 200;
family inet {
sampling {
input;
output;
}
address 200.0.0.254/24;
}
}
}
ge-0/0/1 {
unit 201 {
description "LS FLOW - VLAN 201";
vlan-id 201;
family inet {
sampling {
input;
output;
}
address 201.0.0.254/24;
}
}
}
lo0 {
unit 1 {
family inet {
address 2.2.2.2/32;
}
}
}
}
forwarding-options {
sampling {
family inet {
output {
flow-server 50.0.0.254 {
port 63636;
source-address 2.2.2.2;
}
}
}
}
}
Results on FLOW SERVER. Flows from traffic passing thought L.S. FLOW
17:16:15.272367 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.273342 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.273350 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.273352 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.274376 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.274386 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.274389 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.275262 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.275268 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.275271 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.276368 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 190
17:16:15.276374 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.276376 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.277367 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.277381 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.278324 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
17:16:15.278333 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.279348 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.280349 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
17:16:15.281303 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
17:16:15.286309 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
17:16:15.288257 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
*From: *Alexander Arseniev <arsen...@btinternet.com>
*Date: *Wednesday, 23 November 2016 11:06
*To: *Epafras R Schaden <epafras.scha...@gmail.com>, J-NSP List
<juniper-nsp@puck.nether.net>
*Subject: *Re: [j-nsp] Using multiple sources for flows on Logical Systems
Hello,
Have You tried to duplicate Your LS IP on master system lo0.0, and
explicitly set "source-address" for each LS-mapped Jflow instance to
be one of these duplicated IPs?
if You worry about leaking these IP to Your IGP, then JUNOS has tools
to selectively disallow lo0.0 IP into IGP.
Thanks
Alex
On 23/11/2016 11:51, Epafras R Schaden wrote:
Hello All,
We have an MX480 configured to export IPFIX flows to a server. Now, we have
created some Logical Systems on the router to provide something like a “virtual
router” to some of our customers on this location.
I have now configured some of those instances to export flows to the same
flow server, but the objective is to monitor each logical system as a different
router. But, I realized that all flows are going with the same “source router”
and is the master instance source address, as explained in the documentation
bellow:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB27035&actp=search#oVDDK8SlxYPs227b.97
http://www.juniper.net/documentation/en_US/junos16.1/topics/example/active-monitoring-on-logical-systems-configuring.html
The question is, has anyone had this claim yet? Is there any way to
configure the router to send the flows with different source addresses per
logical system?
Any help will be appreciated.
Thanks
Epafras Schaden
Sunnyvale Networks.
_______________________________________________
juniper-nsp mailing listjuniper-...@puck.nether.net
<mailto:juniper-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
