[j-nsp] Netflow / JFlow questions
Stefan Fouant
sfouant at shortestpathfirst.net
Tue Aug 31 23:47:36 EDT 2010
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Chris Evans
> Sent: Tuesday, August 31, 2010 9:02 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Netflow / JFlow questions
>
> Have a few questions for some folks who have implemented JFlow..
>
> I have a working jflow setup with basic ipv4 and ingress collection on
> a m7i
> with a services pic and also on a MX platform with the MS-DPC blade.
>
> #1 - Is egress netflow supported? It appears that only ingress is
> supported.
Yes, egress netflow is supported - it's either a factor of turning on an
output firewall filter with an action of 'then sample' or enabling sampling
on output on the interface.
> #2 - Why do all examples that I can find say to use a firewall filter
> to
> sample traffic, I have successfully used the 'set interface xx-x/x/x
> unit xx
> family inet sample' command. This appears to be the new way of doing
> it.
Enabling sampling on the interface is not the "new way" of doing it. It's
been supported either way for quite some time; which one to choose really
depends on your needs. For many environments that want only need to monitor
certain applications, I typically suggest enabling sampling within a
firewall filter because this really enables the sampling to scale. On the
other hand, for those customer environments that want to look at everything
I would generally suggest enabling sampling on the interface.
> #3 - In my lab I have a MPLS VPN setup and am trying to netflow
> interfaces
> within the VRF. As it appears the device can only do ingress netflow I
> also
> need to sample the mpls interface. Does anyone have an example of how
> to
> gather netflow stats from both the vrf and mpls pe <> p interfaces?
Again, you can do egress netflow so you shouldn't need to do the above. But
if you did want to monitor an MPLS enabled interface, you are going to
probably need Netflow v9 coupled with a customized template for sampling.
HTHs.
Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D
More information about the juniper-nsp
mailing list