[j-nsp] Juniper Netflow

Yevgeniy Voloshin yevgeniy.voloshin at gmail.com
Thu Sep 3 08:59:14 EDT 2009


Hi Chris,

Stefan mean, that You did not apply some family inet filter (input and
output) on interfaces!

Check this examples for Juniper routers:
http://www.splintered.net/sw/flow-tools/docs/flow-tools-examples.html

---
Yev.
Stephen Leacock<http://www.brainyquote.com/quotes/authors/s/stephen_leacock.html>
- "I detest life-insurance agents: they always argue that I shall some
day
die, which is not so."

2009/9/3 Chris Kawchuk <juniperdude at gmail.com>

> Hi There,
>
> sampling {
>   input {
>       family inet {
>           rate 1;
>           run-length 1;
>           max-packets-per-second 65535;
>       }
>
> This part has me worried. It says, Sample every packet, and the next packet
> too. You might want to try this instead for sakes of clairity:
>
> sampling {
>   input {
>       family inet {
>           rate 10;
>           run-length 9;
>           max-packets-per-second 65535;
>       }
>
> This says "Sample every 10 packets, and the next 9 after it" (meaning 100%)
> of the packets).
>
> Also:
>
>           max-packets-per-second 65535;
>
> You may be running into (1) A limitation of pps, or (2) if you're doing
> RE-Based netflow sampling, there is a limit of 7000 packets per second (in
> order not to overflow the internal traffic/conuncations pathways between the
> DPC card and the RE on the MX).
>
> See
> http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/configuring-traffic-sampling.html
>
> Regards,
>
> - Chris.
>  (Heh, it's nice to see someone using my template!) =)
>
>
>
> On 2009-09-03, at 5:54 AM, Servet wrote:
>
>
>>
>> Hi Guys
>>
>> i have a problem with juniper netflow traffic values, i think there is no
>> problem about the config and flow-analyser. If i use a cisco device, the
>> results of snmp polls and results of the flow-analyser are similar
>> But in juniper; i get 180 mbit/s traffic value with SNMP requests from my
>> juniper MX-960 router, but netflow says me it is 120mbit. Also my sampling
>> rate is 1.
>> You can see config below, do you have any idea?  why i can't get similar
>> results from snmp and netflow
>> Kind regards
>>
>>
>>
>> sampling {
>>   input {
>>       family inet {
>>           rate 1;
>>           run-length 1;
>>           max-packets-per-second 65535;
>>       }
>>   }
>>   output {
>>       cflowd x.x.x.x {
>>           port 9996;
>>           version 5;
>>           autonomous-system-type origin;
>>       }
>>       flow-inactive-timeout 600;
>>       flow-active-timeout 60;
>>       interface sp-4/1/0 {
>>           source-address y.y.y.y;
>>       }
>>   }
>> }
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list