[j-nsp] Juniper Cflow, IPFix which one
Paolo Autore
pautore at columbus-networks.com
Wed Aug 8 08:09:45 EDT 2007
Juniper does J-flow
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Richard A
Steenbergen
Sent: Wednesday, August 08, 2007 01:32
To: Ivan c
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Juniper Cflow, IPFix which one
On Wed, Aug 08, 2007 at 08:54:53AM +1000, Ivan c wrote:
> Hi All,
>
> Which standard does Juniper do? Sflow, NetFlow, IPFix, CFlow etc..?
>
> And does anyone have a open source tools to interrogate the
> information out of the Juniper for traffic accounting?
CFlow isn't actually a standard, it's the name of a particular third
party
program which collects NetFlow datagrams (and an old and defunct one at
that). The only possible reason I can think of for Juniper to use the
word
"cflow" at all is to avoid using the word "netflow" (does Cisco have
that
trademarked or something?).
At any rate, Juniper calls the configuration element "cflowd" but this
really means the NetFlow protocol. It supports V5 (aka "classic"), V8
(with flow aggregation), and as of JUNOS 8.3 V9 (aka "the sflow clone").
IPFIX is the IETF standardized version (aka "not-Ciscoized") of NetFlow
V9, which is essentially the exact same thing but with a few minor
tweaks
for non-Cisco enterprise specific templates (which is why it is often
called NetFlow V10). All of the other versions of NetFlow were weird
Cisco-specific hacks (for CATOS etc) which have no bearing on anything
today.
The "other protocol" is sFlow, created by a third party (InMon) many
years
ago. The protocol was a bit dirty, but essentially it kicked NetFlow's
ass
to the curb in every way possible when it came to functionality. InMon
makes their money selling sFlow collectors to enterprises who can't
figure
out how to do it themselves, but the specification is openly published
and
not "that" complex". NetFlow V9 is infact largely a copy of sFlow
features
and protocol design, using extensible "templates" to pass different
types
of messages, and copying most of the data that sFlow was previously
unique
in being able to export.
Cisco obviously doesn't want to use sFlow because it competes with
NetFlow, which is their protocol, but I'm not sure why Juniper hasn't
implemented it. It's possible that InMon charges some kind of obnoxious
licensing fees for the sFlow agents or name, I'm not sure, but every
other
major vendor who makes routing products (Foundry Extreme Farce10 etc)
has
embraced sFlow. I gave a NANOG presentation on sFlow use/design recently
(http://www.nanog.org/mtg-0702/presentations/Steenbergen-sflow.pdf), and
released some free sFlow datagram parsing libs and example analysis
code,
if you want to read more on that subject.
I haven't used NetFlow V9/IPFIX in any detail to see if they've done a
good enough job copying sFlow, but on the surface it looks like they've
replicated at least 90% of the functionality (sampling functionality at
any rate, I kinda like the sFlow counter push :P). It's possible that it
has, in which case we may see a lot of vendors switching to IPFIX in the
near future, for the the moment there is a lot of existing deployed base
using sFlow, especially in non Cisco/Juniper switching-land. Unless
there
is some really specific reason that I'm not aware of (like
aforementioned
obnoxious licensing fees or somesuch), I would encourage everyone to ask
Juniper to implement sFlow support in addition to V9/IPFIX (especially
as
they grow into the L2 market with the MX platform). Hey, it could
happen.
:)
--
Richard A Steenbergen <ras at e-gerbil.net>
http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1
2CBC)
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list