[j-nsp] Netflow + OriginAS in logical systems

Andree Toonk Andree at Toonk.nl
Fri Sep 25 12:52:49 EDT 2009


Hi all,

I'm trying to use cflow on our MX480s within a logical system but ran into an issue with AS resolution.
I wonder if others have used cflow in a logical system and were able to get this working.

The logical system has full BGP routing from 3 separate upstreams ISP's Exporting netflow works fine, however the AS resolution doesn't seem to work correct. 
All flows are reporting AS 0, except for those ASN's that are directly connected to the Master instance.
So it seems that while the flows are coming from the logical-system TX,  it tries to determine the ASns for the flows using the routing table in the master instance. Resulting in many flows with AS 0.

Is any of you aware of a way I can use cflow in this logical-system, with proper AS resolution? Or is this just a limitation of sampling & logical-systems?
This is the configuration we used:

In master:
forwarding-options {
    sampling {
        input {
            family inet {
                rate 100;
            }
        }
        output {
            cflowd x.x.x.x
                port 23456;
                version 5;
                autonomous-system-type origin;
            }
        }
    }
}

firewall {
    filter all {
        term all {
            then {
                sample;
                accept;
            }
        }
    }
}


Then on the interface towards one of our upstreams, in logical system:

interfaces {
    ge-0/1/0 {
        unit 0 {
            family inet {
                filter {
                    input all;
                    output all;
                }
                address x.x.x.x/30;
            }
        }
    }
}

Thanks,
 Andree


More information about the juniper-nsp mailing list