[j-nsp] Juniper Netflow

Chris Kawchuk juniperdude at gmail.com
Thu Sep 3 08:27:06 EDT 2009 

Hi There,

sampling {
    input {
        family inet {
            rate 1;
            run-length 1;
            max-packets-per-second 65535;
        }

This part has me worried. It says, Sample every packet, and the next  
packet too. You might want to try this instead for sakes of clairity:

sampling {
    input {
        family inet {
            rate 10;
            run-length 9;
            max-packets-per-second 65535;
        }

This says "Sample every 10 packets, and the next 9 after it" (meaning  
100%) of the packets).

Also:

            max-packets-per-second 65535;

You may be running into (1) A limitation of pps, or (2) if you're  
doing RE-Based netflow sampling, there is a limit of 7000 packets per  
second (in order not to overflow the internal traffic/conuncations  
pathways between the DPC card and the RE on the MX).

See http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/configuring-traffic-sampling.html

Regards,

- Chris.
  (Heh, it's nice to see someone using my template!) =)


On 2009-09-03, at 5:54 AM, Servet wrote:

>
>
> Hi Guys
>
> i have a problem with juniper netflow traffic values, i think there  
> is no problem about the config and flow-analyser. If i use a cisco  
> device, the results of snmp polls and results of the flow-analyser  
> are similar
> But in juniper; i get 180 mbit/s traffic value with SNMP requests  
> from my juniper MX-960 router, but netflow says me it is 120mbit.  
> Also my sampling rate is 1.
> You can see config below, do you have any idea?  why i can't get  
> similar results from snmp and netflow
> Kind regards
>
>
>
> sampling {
>    input {
>        family inet {
>            rate 1;
>            run-length 1;
>            max-packets-per-second 65535;
>        }
>    }
>    output {
>        cflowd x.x.x.x {
>            port 9996;
>            version 5;
>            autonomous-system-type origin;
>        }
>        flow-inactive-timeout 600;
>        flow-active-timeout 60;
>        interface sp-4/1/0 {
>            source-address y.y.y.y;
>        }
>    }
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list