Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Hi, On 25-Jan-15 23:34, John Brown wrote: I'm looking for advise on configuring our MX480 (Junos 12.3R4.6) to support IPFIX flows for Andrisoft's WanGuard flow based tools. They only have samples for M series and that C company. Coming back to this old thread. I've been evaluating Andrisoft's WANGuard and they today fixed in latest software that bug with flow active timeouts. So with 13.3R5.9 and MX104 I get now all the flows accounted. Cheers, Toni ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
I'm testing wanguard with my mx.
The product is interresting, not perfect, but interresting.
I'm not using inline ipfix, but software flow with the below
configuration :
sampling {
input {
rate 1000;
}
family inet {
output {
flow-server 15.5.17.7 {
port 5678;
source-address 15.5.17.10;
version 5;
}
}
}
}
with Flow protocol : Netflow v5,v7 or v9, IPFIX.
The wanguard documentation specifie that if we are using juniper and
ipfix, we habe to choose Flow protocol IPFIX with flows Timeout.
--
Raphael Mazelier
AS39605
Le 26/01/15 05:29, Jordan Whited a écrit :
If clocks are sync’d my best guess would be that your active and/or inactive
flow timeouts are longer than what is configured on the collector and it
doesn’t like that.
Try making them match the collector and if that doesn’t work make the MX
timeouts slightly shorter.
http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html
http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Le 26/01/15 16:03, John Brown a écrit : Hi Raphael, I curious as why you are using software flow. I thought the inline was better from a performance perspective on the router.. Bad experience with inline jflow on mx80, and also inline ipfix is a bit buggy, missing some field. It seems that juniper have fixed this on higher release, but I m happy with software flow for now. -- Raphael Mazelier AS39605 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Hi Raphael, I curious as why you are using software flow. I thought
the inline was better from a performance perspective on the router..
On Mon, Jan 26, 2015 at 6:45 AM, Raphael Mazelier r...@futomaki.net wrote:
I'm testing wanguard with my mx.
The product is interresting, not perfect, but interresting.
I'm not using inline ipfix, but software flow with the below configuration :
sampling {
input {
rate 1000;
}
family inet {
output {
flow-server 15.5.17.7 {
port 5678;
source-address 15.5.17.10;
version 5;
}
}
}
}
with Flow protocol : Netflow v5,v7 or v9, IPFIX.
The wanguard documentation specifie that if we are using juniper and ipfix,
we habe to choose Flow protocol IPFIX with flows Timeout.
--
Raphael Mazelier
AS39605
Le 26/01/15 05:29, Jordan Whited a écrit :
If clocks are sync’d my best guess would be that your active and/or
inactive flow timeouts are longer than what is configured on the collector
and it doesn’t like that.
Try making them match the collector and if that doesn’t work make the MX
timeouts slightly shorter.
http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html
http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Hi Raphael, I curious as why you are using software flow. I thought the inline was better from a performance perspective on the router.. Bad experience with inline jflow on mx80, and also inline ipfix is a bit buggy, missing some field. It seems that juniper have fixed this on higher release, but I m happy with software flow for now. As far as I know the software version cannot do IPfix. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Le 26/01/15 17:19, sth...@nethelp.no a écrit : As far as I know the software version cannot do IPfix. Yes, software flow are jflow or cflow v5. -- Raphael Mazelier AS39605 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Not inline j-flow will kill your box.
--
Eduardo
2015-01-26 13:03 GMT-02:00 John Brown j...@citylinkfiber.com:
Hi Raphael, I curious as why you are using software flow. I thought
the inline was better from a performance perspective on the router..
On Mon, Jan 26, 2015 at 6:45 AM, Raphael Mazelier r...@futomaki.net
wrote:
I'm testing wanguard with my mx.
The product is interresting, not perfect, but interresting.
I'm not using inline ipfix, but software flow with the below
configuration :
sampling {
input {
rate 1000;
}
family inet {
output {
flow-server 15.5.17.7 {
port 5678;
source-address 15.5.17.10;
version 5;
}
}
}
}
with Flow protocol : Netflow v5,v7 or v9, IPFIX.
The wanguard documentation specifie that if we are using juniper and
ipfix,
we habe to choose Flow protocol IPFIX with flows Timeout.
--
Raphael Mazelier
AS39605
Le 26/01/15 05:29, Jordan Whited a écrit :
If clocks are sync’d my best guess would be that your active and/or
inactive flow timeouts are longer than what is configured on the
collector
and it doesn’t like that.
Try making them match the collector and if that doesn’t work make the MX
timeouts slightly shorter.
http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html
http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
As far as I know the software version cannot do IPfix. Yes, software flow are jflow or cflow v5. Both the limited sample rate and the fact that the software/V5 version is limited to IPv4 only means that for some of us it is simply not an alternative. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
If clocks are sync’d my best guess would be that your active and/or inactive flow timeouts are longer than what is configured on the collector and it doesn’t like that. Try making them match the collector and if that doesn’t work make the MX timeouts slightly shorter. http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html http://www.juniper.net/documentation/en_US/junos12.3/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html On Jan 25, 2015, at 11:15 PM, John Brown j...@citylinkfiber.com wrote: Hi Paul, Yes all devices sync to the same internal NTP servers and are set for the same TZ. On Sun, Jan 25, 2015 at 8:40 PM, Paul S. cont...@winterei.se wrote: Just as a thought, do both systems have time synchronized with something like ntp? I've found that it helps to use the same timezone on the system hosting WANGuard as well as the routers (You should technically be using UTC anyway) On 1/26/2015 午前 06:34, John Brown wrote: Hi, I'm looking for advise on configuring our MX480 (Junos 12.3R4.6) to support IPFIX flows for Andrisoft's WanGuard flow based tools. They only have samples for M series and that C company. I'm getting some errors on the Andrisoft console that make me wonder if I have things set right. The MX is feeding multiple 10Gig links and a pile of 1 Gig links, both IPv4 and IPv6 Many thanks for pointers and help here is the error I get on the Andrisoft console Wrong flow timeout settings! Received flow from 391 seconds in the past! 16 flows discarded ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Just as a thought, do both systems have time synchronized with something like ntp? I've found that it helps to use the same timezone on the system hosting WANGuard as well as the routers (You should technically be using UTC anyway) On 1/26/2015 午前 06:34, John Brown wrote: Hi, I'm looking for advise on configuring our MX480 (Junos 12.3R4.6) to support IPFIX flows for Andrisoft's WanGuard flow based tools. They only have samples for M series and that C company. I'm getting some errors on the Andrisoft console that make me wonder if I have things set right. The MX is feeding multiple 10Gig links and a pile of 1 Gig links, both IPv4 and IPv6 Many thanks for pointers and help here is the error I get on the Andrisoft console Wrong flow timeout settings! Received flow from 391 seconds in the past! 16 flows discarded ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos MX series and Andrisoft Flow tools
Hi Paul, Yes all devices sync to the same internal NTP servers and are set for the same TZ. On Sun, Jan 25, 2015 at 8:40 PM, Paul S. cont...@winterei.se wrote: Just as a thought, do both systems have time synchronized with something like ntp? I've found that it helps to use the same timezone on the system hosting WANGuard as well as the routers (You should technically be using UTC anyway) On 1/26/2015 午前 06:34, John Brown wrote: Hi, I'm looking for advise on configuring our MX480 (Junos 12.3R4.6) to support IPFIX flows for Andrisoft's WanGuard flow based tools. They only have samples for M series and that C company. I'm getting some errors on the Andrisoft console that make me wonder if I have things set right. The MX is feeding multiple 10Gig links and a pile of 1 Gig links, both IPv4 and IPv6 Many thanks for pointers and help here is the error I get on the Andrisoft console Wrong flow timeout settings! Received flow from 391 seconds in the past! 16 flows discarded ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Junos MX series and Andrisoft Flow tools
Hi, I'm looking for advise on configuring our MX480 (Junos 12.3R4.6) to support IPFIX flows for Andrisoft's WanGuard flow based tools. They only have samples for M series and that C company. I'm getting some errors on the Andrisoft console that make me wonder if I have things set right. The MX is feeding multiple 10Gig links and a pile of 1 Gig links, both IPv4 and IPv6 Many thanks for pointers and help here is the error I get on the Andrisoft console Wrong flow timeout settings! Received flow from 391 seconds in the past! 16 flows discarded ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
