[j-nsp] cflow cflowd problems

Wed Dec 7 09:15:56 EST 2005

executing "restart sampling", appears the following messages in 
/var/log/sampled:

Dec 7 11:10:38 Prefix x.x.194.162 not found in route records
Dec 7 11:10:39 Unable you get route-record will be addr x.x.194.162

Also already a TAC in 28/11 was opened, but so far we did not have reply.

Thanks,
Rodrigo

Steven Wong wrote:
> Hi Rodrigo,
> 
> Can you try to restart the sampled process ? If it doesn't help, I would
> suggest you to open a JTAC case for detail analysis.
> 
> Regards,
> Steven 
> 
> 
>>-----Original Message-----
>>From: Rodrigo Santos [mailto:rodrigo.santos at quantiza.com] 
>>Sent: Wednesday, December 07, 2005 9:52 PM
>>To: Steven Wong
>>Cc: juniper-nsp at puck.nether.net
>>Subject: Re: [j-nsp] cflow cflowd problems
>>
>>I made the requested modification (set routing-options 
>>route-record) but 
>>the result was the same...
>>
>>Nhop addr: 0.0.0.0 <=== in all flows
>>Output interface: 0 <== in all flows
>>
>>Rodrigo
>>
>>Steven Wong wrote:
>>
>>>Can you add this ?
>>>
>>>
>>>
>>>>set routing-options route-record
>>>
>>>
>>>- Steven 
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Rodrigo Santos [mailto:rodrigo.santos at quantiza.com] 
>>>>Sent: Wednesday, December 07, 2005 7:08 PM
>>>>To: Steven Wong
>>>>Cc: juniper-nsp at puck.nether.net
>>>>Subject: Re: [j-nsp] cflow cflowd problems
>>>>
>>>>static {
>>>>    route x.x.192.0/24 discard;
>>>>    route y.y.224.225/32 next-hop [ y.y.226.217 z.z.57.81 ];
>>>>    route x.x.192.0/21 discard;
>>>>    route y.y.141.128/25 next-hop x.x.192.42;
>>>>    route x.x.193.0/24 discard;
>>>>    route a.a.59.18/32 next-hop b.b.221.37;
>>>>    route x.x.197.0/24 discard;
>>>>}
>>>>router-id y.y.y.y; <=== cflowd IP on forwarding-options
>>>>autonomous-system xxxx;
>>>>forwarding-table {
>>>>    export load-balancing;
>>>>}
>>>>
>>>>Thanks,
>>>>Rodrigo
>>>>
>>>>Steven Wong wrote:
>>>>
>>>>
>>>>>Hi Rodrigo,
>>>>>
>>>>>What's the configuration under "routing-options" ?
>>>>>
>>>>>Regards,
>>>>>Steven 
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: juniper-nsp-bounces at puck.nether.net 
>>>>>>[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
>>>>>>Rodrigo Santos
>>>>>>Sent: Wednesday, December 07, 2005 6:40 AM
>>>>>>To: juniper-nsp at puck.nether.net
>>>>>>Subject: [j-nsp] cflow cflowd problems
>>>>>>
>>>>>>Hi all,
>>>>>>
>>>>>>I am trying to export the flows of a Juniper j6300, JUNOS Release
>>>>>>Software [ 7.2R1.7 ] (Export edition), to a external machine.
>>>>>>
>>>>>>Setiing "local-dump" parameter in the Juniper, is 
>>
>>possible to verify
>>
>>>>>>that the NextHop and OutPutInterfaceIndex are always with value 0:
>>>>>>
>>>>>>Nov 29 12:17:55 v5 flow entry
>>>>>>Nov 29 12:17:55    Src addr: x.x.x.x
>>>>>>Nov 29 12:17:55    Dst addr: y.y.y.y
>>>>>>Nov 29 12:17:55    Nhop addr: 0.0.0.0 <=========== always
>>>>>>Nov 29 12:17:55    Input interface: 47
>>>>>>Nov 29 12:17:55    Output interface: 0 <========== always
>>>>>>Nov 29 12:17:55    Pkts in flow: 2
>>>>>>Nov 29 12:17:55    Bytes in flow: 96
>>>>>>Nov 29 12:17:55    Start time of flow: 3546172797
>>>>>>Nov 29 12:17:55    End time of flow: 3546175877
>>>>>>Nov 29 12:17:55    Src port: 38662
>>>>>>Nov 29 12:17:55    Dst port: 48385
>>>>>>Nov 29 12:17:55    TCP flags: 0x2
>>>>>>Nov 29 12:17:55    IP proto num: 6
>>>>>>Nov 29 12:17:55    TOS: 0x0
>>>>>>Nov 29 12:17:55    Src AS: xxxx
>>>>>>Nov 29 12:17:55    Dst AS: yyyy
>>>>>>Nov 29 12:17:55    Src netmask len: 17
>>>>>>Nov 29 12:17:55    Dst netmask len: 24
>>>>>>
>>>>>>The question is that the parameters used for collecting software
>>>>>>(flowscan) are these to identify to which the traffic are 
>>>>
>>>>of input and
>>>>
>>>>
>>>>>>which is of output, but as the data are come zeroed are not 
>>>>>>obtaining to
>>>>>>make the collection.
>>>>>>
>>>>>>PS.: This exactly process is functioning perfectly for 
>>
>>the collected
>>
>>>>>>flows of the Cisco.
>>>>>>
>>>>>>In the configuration of the Juniper, we are using:
>>>>>>
>>>>>>forwarding-options {
>>>>>>    sampling {
>>>>>>        input {
>>>>>>            family inet {
>>>>>>                rate 1;
>>>>>>                run-length 0;
>>>>>>                max-packets-per-second 5000;
>>>>>>            }
>>>>>>        }
>>>>>>        output {
>>>>>>            cflowd y.y.y.y {
>>>>>>                port 10003;
>>>>>>                source-address ;
>>>>>>                version 5;
>>>>>>                no-local-dump;
>>>>>>                autonomous-system-type peer;
>>>>>>            }
>>>>>>            aggregate-export-interval 90;
>>>>>>            flow-inactive-timeout 60;
>>>>>>            flow-active-timeout 60;
>>>>>>        }
>>>>>>    }
>>>>>>    hash-key {
>>>>>>        family inet {
>>>>>>            layer-3;
>>>>>>        }
>>>>>>    }
>>>>>>}
>>>>>>
>>>>>>firewall {
>>>>>>    filter all {
>>>>>>        term all {
>>>>>>            then {
>>>>>>                sample;
>>>>>>                accept;
>>>>>>            }
>>>>>>        }
>>>>>>    }
>>>>>>}
>>>>>>
>>>>>>
>>>>>>Can somebody help me to discover what it is happening and as 
>>>>>>to correct
>>>>>>the problem?
>>>>>>
>>>>>>Thanks.
>>>>>>
>>>>>>-- 
>>>>>>
>>>>>>Rodrigo Santos
>>>>>>_______________________________________________
>>>>>>juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>>>http://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>>
>>>>