[j-nsp] j4350 not reporting destination interface in netflow records

Anton Smith anton at huge.geek.nz
Fri Jul 13 11:47:15 EDT 2007 

Hi,

I am having problems with missing destination interface index numbers. 
They are always set to 0. Source interface index numbers appear to be 
fine and correct.

My configuration is roughly as follows:

     ge-0/0/1 {
         speed 10m;
         link-mode full-duplex;
         gigether-options {
             no-auto-negotiation;
         }
         unit 0 {
             family inet {
                 no-redirects;
                 sampling {
                     input;
                     output;
                 }
                 address x.x.x.x/30;
             }
         }
     }

forwarding-options {
     sampling {
         input {
             family inet {
                 rate 20;
             }
         }
         output {
             file filename samples;
             cflowd y.y.y.y {
                 port 1500;
                 source-address z.z.z.z;
                 version 8;
                 aggregation {
                     source-destination-prefix;
                 }
             }
             flow-active-timeout 900;
         }
     }
}

However, when using local dump, all I get are records like this 
(regardless of the source interface, the dest interface is always 0 - 
although in this copy/paste I only show two records from the same source 
interface):

Jul 14 02:51:13 v8 flow entry
Jul 14 02:51:13    Num of flows: 1
Jul 14 02:51:13    Pkts in flow: 1
Jul 14 02:51:13    Bytes in flow: 91
Jul 14 02:51:13    Start time of flow: 2066780464
Jul 14 02:51:13    End time of flow: 2066780464
Jul 14 02:51:13 Src/Dst prefix aggregation
Jul 14 02:51:13    Src prefix x.x.x.x
Jul 14 02:51:13    Dst prefix y.y.y.y
Jul 14 02:51:13    Src Mask 0x0
Jul 14 02:51:13    Dst Mask 0x18
Jul 14 02:51:13    Src AS xxx
Jul 14 02:51:13    Dst AS xxxxx
Jul 14 02:51:13    Src Interface 43
Jul 14 02:51:13    Dst Interface 0
Jul 14 02:51:13 v8 flow entry
Jul 14 02:51:13    Num of flows: 1
Jul 14 02:51:13    Pkts in flow: 1
Jul 14 02:51:13    Bytes in flow: 126
Jul 14 02:51:13    Start time of flow: 2066740843
Jul 14 02:51:13    End time of flow: 2066740843
Jul 14 02:51:13 Src/Dst prefix aggregation
Jul 14 02:51:13    Src prefix x.x.x.x
Jul 14 02:51:13    Dst prefix y.y.y.y
Jul 14 02:51:13    Src Mask 0x0
Jul 14 02:51:13    Dst Mask 0x1b
Jul 14 02:51:13    Src AS xxx
Jul 14 02:51:13    Dst AS xxxxx
Jul 14 02:51:13    Src Interface 43
Jul 14 02:51:13    Dst Interface 0


On my flow capture machine, running flow-filter on output interfaces 
gives me nothing except for output interface '0', so the output 
interface information simply is not there.

I am wondering if the information will be included if I sample from a 
firewall filter rather than using the 'sample' directive on the 
interface, although I am yet to try this.

I also wonder what information is given to the sampling daemon from the 
forwarding daemon, is the sample packet given after the forwarding 
decision is made, or before? If before, then I can understand why it 
cannot note the output interface...

Any ideas?

More information about the juniper-nsp mailing list