[j-nsp] Sampling Traffic --- Urgent

[Bit Gossip]

Hi Uttam,
I think it is common practice, and it is required also by major netflow
tools, to have sampling enabled as input on all interfaces. This allows
to directly getting stats for ingress traffic and indirectly getting
stats for egress traffic by aggregating on the egress if-index of the
netflow record. This avoid double counting the same flow first on
ingress on one interface and then again on egress on another interface.
As a source interface I would suggest using lo0 interface for the fact
that it is always up, this is also what would happen by default if you
configure default-address-selection and do not configure the
source-address.
One thing that you may want to check: I think that the M10i is equipped
with the integrated service-pic that would allow to perform sampling in
hardware rather than on the RE. In that case you find a sp-././.
interface. By enabling family inet on it you enable the service pic;
then you can source netflow from it.
HTH,
Bit.

    sp-1/0/0 {
        unit 0 {
            family inet;
        }
    }

sampling {
    input {
        family inet {
            rate 1111;
            run-length 0;
            max-packets-per-second 5000;
        }
    }
    output {
        cflowd 2.2.2.2 {
            port 3333;
            version5;
        }
        interface sp-1/0/0 {
            source-address 1.1.1.1;
        }
    }
}


On Sun, 2009-12-20 at 21:45 +0545, Uttam Shrestha Rana wrote:
> Dear Steinar,
> 
> Thank your for your kind help.
> 
> The topic sampling traffic from juniper is somewhat confusing to me and
> exploring myself that may be causing some problem on defining my issue
> correctly.
> 
> Still some more thing to get help from experts like you and from J-nsp
> 
> Actually my scenario is like this:
> 
> On my Juniper M10i JUNOS 9.2, the two interfaces where our upstream provier
> is connected we have enabled sampling and flow collector is connected on
> next interface say C with IP (203.XX.XX.1) version 5, port xxxx.
>  Now the question is:
> 1) Interfaces where upstream providers are connected, input and output
> sampling has enabled, is it a best practice or not?
> 2)In sampling forwarding options, I have configured cflowd destination
> (203.XX.XX.2) a collector server IP, with the source IP of interface C. Is
> it a best practice if i kept the source IP as the interface C (collector
> connected interface 203.xx.xx.1) or not ?  If i don't specify the source IP
> address then what can be the result?
> 
> Thank You
> 
> Regards,
> Uttam
> 
> On Sat, Dec 19, 2009 at 8:29 PM, <sthaug at nethelp.no> wrote:
> 
> > > I have enabled sampling on one interface facing to upstream and got the
> > > result as needed (Cflowd) . But now i want to enable sampling on both the
> > > interfaces facing to upstream provide. On the server will it give
> > sampling
> > > result on addative of both the interfaces or separately of particular
> > > interface. I am looking for sampling separately  of interface on my
> > server,
> > > is it possible to be done?
> >
> > When you enable netflow on both of your upstream provider interfaces,
> > netflow information for both of those interfaces will be sent to your
> > netflow collector. You can differentiate between the interfaces using
> > (SNMP) ifIndex, which is part of the netflow information sent to the
> > collector.
> >
> > Steinar Haug, Nethelp consulting, sthaug at nethelp.no
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp