[j-nsp] Juniper Netflow

Serge Vautour sergevautour at yahoo.ca
Thu Sep 3 11:25:56 EDT 2009 

We do it this way and haven't seen a problem. We have a mix is Cisco and Juniper.

re0> show configuration forwarding-options 
sampling {
    input {
        family inet {
            rate 400;
            run-length 0;
            max-packets-per-second 7000;
        }
    }
    output {
        cflowd x.x.x.x {
            port 5000;
            source-address y.y.y.y;
            version 5;
        }
    }
}
family inet {
    filter {
        input CflowdSample;
    }
}


re0> show configuration firewall filter CflowdSample         
term sampled_packets {
    from {
        source-address {
            0.0.0.0/0;
        }
    }
    then {
        sample;
        accept;
    }
}

This does a 1/400 sample on every packet going through any interface.

Serge


----- Original Message ----
From: Servet <servet at doruk.net.tr>
To: Stefan Fouant <sfouant at gmail.com>; juniper-nsp at puck.nether.net
Sent: Thursday, September 3, 2009 10:29:05 AM
Subject: Re: [j-nsp] Juniper Netflow

Sampling applied at the interface ...
i dont use firewall filter.


----- Original Message ----- 
From: "Stefan Fouant" <sfouant at gmail.com>
To: "Servet" <servet at doruk.net.tr>; <juniper-nsp at puck.nether.net>
Sent: Thursday, September 03, 2009 3:18 PM
Subject: Re: [j-nsp] Juniper Netflow


> Curious... Are you sampling via Firewall filter, or is sampling
> applied at the Interface?
>
>
>
> On 9/3/09, Servet <servet at doruk.net.tr> wrote:
>>
>>
>> Hi Guys
>>
>> i have a problem with juniper netflow traffic values, i think there is no
>> problem about the config and flow-analyser. If i use a cisco device, the
>> results of snmp polls and results of the flow-analyser are similar
>> But in juniper; i get 180 mbit/s traffic value with SNMP requests from my
>> juniper MX-960 router, but netflow says me it is 120mbit. Also my 
>> sampling
>> rate is 1.
>> You can see config below, do you have any idea?  why i can't get similar
>> results from snmp and netflow
>> Kind regards
>>
>>
>>
>> sampling {
>>     input {
>>         family inet {
>>             rate 1;
>>             run-length 1;
>>             max-packets-per-second 65535;
>>         }
>>     }
>>     output {
>>         cflowd x.x.x.x {
>>             port 9996;
>>             version 5;
>>             autonomous-system-type origin;
>>         }
>>         flow-inactive-timeout 600;
>>         flow-active-timeout 60;
>>         interface sp-4/1/0 {
>>             source-address y.y.y.y;
>>         }
>>     }
>> }
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
> -- 
> Sent from Gmail for mobile | mobile.google.com
>
> Stefan Fouant
>
> Stay the patient course.
> Of little worth is your ire.
> The network is down. 

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



      __________________________________________________________________
The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!  Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/

More information about the juniper-nsp mailing list