[j-nsp] clarification of enabling sample

Brian Spade bitkraft at gmail.com
Sat Oct 25 21:38:33 EDT 2008


Docs show to create a firewall filter for sampling, i.e.:

firewall {
    family inet filter catch_all term default then {
        sample; accept; }}

I have enabled sampling directly on the interface without using a firewall
filter.  Everything works fine.

ge-3/1/0 {
      unit 0 {
        family inet {
            sampling {
                input;
                output;
            }
          address 10.100.20.3/30;
        }
    }
}

Do you really need this firewall filter?  What is the difference of just
enabling sample on the interface?

/b


More information about the juniper-nsp mailing list