[j-nsp] cflow cflowd problems
Rodrigo Santos
rodrigo.santos at quantiza.com
Wed Dec 7 06:07:39 EST 2005
static {
route x.x.192.0/24 discard;
route y.y.224.225/32 next-hop [ y.y.226.217 z.z.57.81 ];
route x.x.192.0/21 discard;
route y.y.141.128/25 next-hop x.x.192.42;
route x.x.193.0/24 discard;
route a.a.59.18/32 next-hop b.b.221.37;
route x.x.197.0/24 discard;
}
router-id y.y.y.y; <=== cflowd IP on forwarding-options
autonomous-system xxxx;
forwarding-table {
export load-balancing;
}
Thanks,
Rodrigo
Steven Wong wrote:
> Hi Rodrigo,
>
> What's the configuration under "routing-options" ?
>
> Regards,
> Steven
>
>
>>-----Original Message-----
>>From: juniper-nsp-bounces at puck.nether.net
>>[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
>>Rodrigo Santos
>>Sent: Wednesday, December 07, 2005 6:40 AM
>>To: juniper-nsp at puck.nether.net
>>Subject: [j-nsp] cflow cflowd problems
>>
>>Hi all,
>>
>>I am trying to export the flows of a Juniper j6300, JUNOS Release
>>Software [ 7.2R1.7 ] (Export edition), to a external machine.
>>
>>Setiing "local-dump" parameter in the Juniper, is possible to verify
>>that the NextHop and OutPutInterfaceIndex are always with value 0:
>>
>>Nov 29 12:17:55 v5 flow entry
>>Nov 29 12:17:55 Src addr: x.x.x.x
>>Nov 29 12:17:55 Dst addr: y.y.y.y
>>Nov 29 12:17:55 Nhop addr: 0.0.0.0 <=========== always
>>Nov 29 12:17:55 Input interface: 47
>>Nov 29 12:17:55 Output interface: 0 <========== always
>>Nov 29 12:17:55 Pkts in flow: 2
>>Nov 29 12:17:55 Bytes in flow: 96
>>Nov 29 12:17:55 Start time of flow: 3546172797
>>Nov 29 12:17:55 End time of flow: 3546175877
>>Nov 29 12:17:55 Src port: 38662
>>Nov 29 12:17:55 Dst port: 48385
>>Nov 29 12:17:55 TCP flags: 0x2
>>Nov 29 12:17:55 IP proto num: 6
>>Nov 29 12:17:55 TOS: 0x0
>>Nov 29 12:17:55 Src AS: xxxx
>>Nov 29 12:17:55 Dst AS: yyyy
>>Nov 29 12:17:55 Src netmask len: 17
>>Nov 29 12:17:55 Dst netmask len: 24
>>
>>The question is that the parameters used for collecting software
>>(flowscan) are these to identify to which the traffic are of input and
>>which is of output, but as the data are come zeroed are not
>>obtaining to
>>make the collection.
>>
>>PS.: This exactly process is functioning perfectly for the collected
>>flows of the Cisco.
>>
>>In the configuration of the Juniper, we are using:
>>
>>forwarding-options {
>> sampling {
>> input {
>> family inet {
>> rate 1;
>> run-length 0;
>> max-packets-per-second 5000;
>> }
>> }
>> output {
>> cflowd y.y.y.y {
>> port 10003;
>> source-address ;
>> version 5;
>> no-local-dump;
>> autonomous-system-type peer;
>> }
>> aggregate-export-interval 90;
>> flow-inactive-timeout 60;
>> flow-active-timeout 60;
>> }
>> }
>> hash-key {
>> family inet {
>> layer-3;
>> }
>> }
>>}
>>
>>firewall {
>> filter all {
>> term all {
>> then {
>> sample;
>> accept;
>> }
>> }
>> }
>>}
>>
>>
>>Can somebody help me to discover what it is happening and as
>>to correct
>>the problem?
>>
>>Thanks.
>>
>>--
>>
>>Rodrigo Santos
>>_______________________________________________
>>juniper-nsp mailing list juniper-nsp at puck.nether.net
>>http://puck.nether.net/mailman/listinfo/juniper-nsp
>>
More information about the juniper-nsp
mailing list