[j-nsp] AS2 PIC and exporting the flow records

Alexander Arsenyev (GU/ETL) alexander.arsenyev at ericsson.com
Tue Jan 10 17:15:19 EST 2006 

It seems Your input and export interfaces are the same (sp-1/1/0) and
AFAIK this leads to a possible SW loop.
Check out this link (it's a little dated but concept still applies):
http://www.juniper.net/techpubs/software/junos/junos60/feature-guide-60/
html/fg-flow-monitoring27.html#1108921
<quote>
A Monitoring Services or Adaptive Services interface is usually the
target for the output of the sampling process...
</quote>
So You are sampling Your own output here :-)

With sp-1/1/0 interface deactivated the sampling is performed by RE.

Also, I could not see where Your FW filter is applied. Maybe You are
sampling more than one sp-1/1/0 interface?

HTH
Cheers
Alex
 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Matti Saarinen
Sent: 10 January 2006 17:39
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] AS2 PIC and exporting the flow records


I've been trying to configure an M10i equipped with AS2 PIC to export
netflow records generated by the AS2 PIC. Perhaps I've misunderstood how
AS2 PIC works or I've misconfigured something. I've tried reading the
docs, both feature guide and services interfaces guide but I've not
found a solution. The router runs JUNOS 7.4R1.7.

Below is the config I've used.

forwarding-options {
    sampling {
        input {
            family inet {
                rate 1;
            }
        }
        output {
            cflowd 1.2.3.206 {
                port 9994;
                source-address 1.2.3.30;
                version 5;
            }
            interface sp-1/1/0 {
                source-address 1.2.3.30;
            }
        }
    }
interfaces {
[...]
    sp-1/1/0 {
        unit 1 {
            family inet {
                sampling {
                    input;
                    output;
                }
                address 1.2.3.30/32 {
                    destination 1.2.3.206;
                }   
            }       
        }           
    }               
}


The traffic is directed to sampling with the following firewall filter
term.

term sample {
  then {
     sample;
     next term;
   }
}


If I deactive the interface config from the sampling output
configuration, the router starts exporting flow records. With the
interface config it exports nothing.

Cheers,

--
- Matti -
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list