[j-nsp] RE : flow export

[Stefan Fouant]

On Wed, Dec 3, 2008 at 4:10 PM, Bit Gossip <bit.gossip at chello.nl> wrote:
> If you want to sample all traffic, as it appears from your config, you
> don't really need a fw filter but you can use the following simple form:
>
>    ge-0/0/0 {
>        unit 0 {
>            family inet {
>                sampling {
>                    input;
>                }
>            }
>        }
>    }
>
>
> Cheers,
> bit
>

FYI, I'm not sure if this is a known issue, but at least in our
implementation of JUNOS 8.2 we had issues when we had sampling on an
interface which also had a firewall filter applied simultaneously.
Packets did not make it through the PFE in these cases.  As a rule of
thumb I now inherently always apply sampling as part of a firewall
filter.  It also gives you the flexibility to modify the match
parameters of your sampling in the future without much re-engineering.

-- 
Stefan Fouant