[j-nsp] netflow config clue needed
Dave Plonka
plonka at doit.wisc.edu
Sun Sep 7 00:09:49 EDT 2003
Randy,
There is an example of how we configure sampling and cflowd version 5
export under JUNOS in the FlowScan mailing list archive here:
http://net.doit.wisc.edu/~plonka/list/flowscan/archive/0792.html
It's been working well for us by using the "sample" directive in
firewall filters, as in:
firewall {
filter CampusIO {
term all {
then {
sample;
accept;
}
}
}
}
That is we essentially apply that filter on every interface that we
want forwared traffic to be sampled.
I've never tried the method you showed below, using a sample stanza
within the sub-interface definition.
Dave
On Sat, Sep 06, 2003 at 03:07:02PM -0700, Randy Bush wrote:
> having trouble exporting flow data.
>
> 'tcpdump -i xx port 20666' on the host foo.bar shows no packets
> inbound.
>
> config is
>
>
> forwarding-options {
> monitoring foo-cflow {
> family inet {
> output {
> cflowd foo.bar port 20666;
> export-format cflowd-version-5;
> interface so-0/1/0 {
> source-address 666.42.7.11;
> }
> interface fe-0/0/2 {
> source-address 666.42.7.11;
> }
> }
> }
> }
> }
>
>
> fe-0/0/2 {
> ...
> unit 0 {
> family inet {
> ...
> address 11.7.42.666/30;
> sampling {
> input;
> output;
> }
> }
> }
> }
>
>
> so-0/1/0 {
> ...
> unit 0 {
> ...
> address 11.7.666.42/30;
> sampling {
> input;
> output;
> }
> }
> }
> }
>
>
> and searching the juniper web site did not help, nor did google.
> though i admit i am not a search term expert (just because i
> helped build the highway does not mean i can drive a car:-).
>
> randy
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
--
plonka at doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
More information about the juniper-nsp
mailing list