[j-nsp] cflow cflowd problems
Rodrigo Santos
rodrigo.santos at quantiza.com
Thu Dec 1 06:04:27 EST 2005
Hi all,
I am trying to export the flows of a Juniper j6300, JUNOS Release
Software [ 7.2R1.7 ] (Export edition), to a external machine.
Setiing "local-dump" parameter in the Juniper, is possible to verify
that the NextHop and OutPutInterfaceIndex are always with value 0:
Nov 29 12:17:55 v5 flow entry
Nov 29 12:17:55 Src addr: x.x.x.x
Nov 29 12:17:55 Dst addr: y.y.y.y
Nov 29 12:17:55 Nhop addr: 0.0.0.0 <=========== always
Nov 29 12:17:55 Input interface: 47
Nov 29 12:17:55 Output interface: 0 <========== always
Nov 29 12:17:55 Pkts in flow: 2
Nov 29 12:17:55 Bytes in flow: 96
Nov 29 12:17:55 Start time of flow: 3546172797
Nov 29 12:17:55 End time of flow: 3546175877
Nov 29 12:17:55 Src port: 38662
Nov 29 12:17:55 Dst port: 48385
Nov 29 12:17:55 TCP flags: 0x2
Nov 29 12:17:55 IP proto num: 6
Nov 29 12:17:55 TOS: 0x0
Nov 29 12:17:55 Src AS: xxxx
Nov 29 12:17:55 Dst AS: yyyy
Nov 29 12:17:55 Src netmask len: 17
Nov 29 12:17:55 Dst netmask len: 24
The question is that the parameters used for collecting software
(flowscan) are these to identify to which the traffic are of input and
which is of output, but as the data are come zeroed are not obtaining to
make the collection.
PS.: This exactly process is functioning perfectly for the collected
flows of the Cisco.
In the configuration of the Juniper, we are using:
forwarding-options {
sampling {
input {
family inet {
rate 1;
run-length 0;
max-packets-per-second 5000;
}
}
output {
cflowd y.y.y.y {
port 10003;
source-address ;
version 5;
no-local-dump;
autonomous-system-type peer;
}
aggregate-export-interval 90;
flow-inactive-timeout 60;
flow-active-timeout 60;
}
}
hash-key {
family inet {
layer-3;
}
}
}
firewall {
filter all {
term all {
then {
sample;
accept;
}
}
}
}
Can somebody help me to discover what it is happening and as to correct
the problem?
Thanks.
--
Rodrigo Santos
More information about the juniper-nsp
mailing list