[j-nsp] PIC Based Active Monitoring/Sampling (Netflow export) on JunOS 9.6

Scott Berkman scott at sberkman.net
Mon Jan 4 10:42:27 EST 2010 

All,

	Got this working.  From the config below in the OP, the changes that
seemed to do it were the following:

 > show configuration services 
flow-monitoring;

And then bouncing the AS PIC:
request chassis pic offline fpc-slot 7 pic-slot 0

I still am not sure what types of addresses NEED to be on the sp- interface,
or if it needs any at all, but the addresses below are what we have in our
production config.

	Thanks again for the help,

	-Scott

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Scott Berkman
Sent: Thursday, December 31, 2009 2:56 PM
To: 'Nilesh Khambal'; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] PIC Based Active Monitoring/Sampling (Netflow export)
on JunOS 9.6

Yes NTP is configured and active (has been for some time):

> show ntp status 
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Sat Aug  1 07:54:37 UTC 2009 (1)",
processor="i386", system="JUNOS9.6R1.13", leap=00, stratum=2,
precision=-19, rootdelay=0.476, rootdispersion=23.517, peer=14316,
refid=<NTPServer_IP>,
reftime=cee77c51.7f464601  Thu, Dec 31 2009 14:38:57.497, poll=7,
clock=cee77fd1.2dd261cc  Thu, Dec 31 2009 14:53:53.178, state=4,
offset=0.187, frequency=87.792, jitter=0.287, stability=0.001

Thanks,

	-Scott

-----Original Message-----
From: Nilesh Khambal [mailto:nkhambal at juniper.net] 
Sent: Thursday, December 31, 2009 1:51 PM
To: Scott Berkman; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] PIC Based Active Monitoring/Sampling (Netflow export)
on JunOS 9.6

Have you configured NTP server on the router? If not, can you pls configured
it and check? You may need to bounce the AS PIC after configuring it.

Thanks,
Nilesh.

-----Original Message-----
From: Scott Berkman
Sent: Thu 12/31/2009 10:33 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] PIC Based Active Monitoring/Sampling (Netflow export) on
JunOS 9.6



All,



I am trying to configure active flow monitoring similar to the following
link with an AS PIC on an M160 running 9.6:



http://www.juniper.net/techpubs/software/junos/junos95/feature-guide/id-1137
6518.html



I have checked all of the 9.6 documents such as this:

http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-co
llections/config-guide-policy/id-11391310.html



However all of the guides are in the incorrect format for the newer JunOS
codes as discussed in this previous post:

http://www.gossamer-threads.com/lists/nsp/juniper/19361



Is there an updated guide that actually has the correct command syntax?



More specifically, I am having trouble understanding the configuration of
the interface for the AS itself.  I am using something like the following:



>show configuration interfaces sp-7/0/0

unit 0 {

    family inet {

        address 172.16.1.1/32 {

            destination 172.16.1.2;

        }

    }

}



But I don't know what addresses to use for the "source" and "destination"
here.  Should these be private IPs that aren't on any other interface?
Should they match the source address to be used for the PIC interface under
[forwarding-options sampling]?



The current status is that the account service seems to be running normally,
but no netflow packets are arriving at the configured flow-server.  There is
no connectivity or routing problems and I can ping between the source
address and the flow-server just fine.  Here is the rest of my config,
addresses modified to protect the innocent:



forwarding-options {

    sampling {

        input {

            rate 1;

        }

        family inet {

            output {

                flow-server 10.1.1.2 {

                    port 2055;

                    autonomous-system-type peer;

                    version 5;

                }

                interface sp-7/0/0 {

                    source-address 10.1.1.1;

                }

            }

        }

    }

}



Here are some of the show services accounting outputs:

>show services accounting status

Service Accounting interface: sp-7/0/0, Local interface index: 156

Service name: (default sampling)

Interface state: Accounting

  Service ID: 0

  Export interval (in seconds): 60, Export format: cflowd v5

  Protocol: IPv4, Engine type: 188, Engine ID: 23

  Route record count: 306719, IFL to SNMP index count: 12, AS count: 151299

  Time set: Yes, Configuration set: Yes

  Route record set: Yes, IFL SNMP map set: Yes



> show services accounting usage

Service Accounting interface: sp-7/0/0, Local interface index: 156

Service name: (default sampling)

Interface state: Accounting

  CPU utilization

    Uptime: 74409324 milliseconds, Interrupt time: 0 microseconds

    Load (5 second): 66%, Load (1 minute): 63%



> show services accounting memory

Service Accounting interface: sp-7/0/0, Local interface index: 156

Service name: (default sampling)

Interface state: Accounting

  Memory utilization

    Allocation count: 48776505, Free count: 48702927, Maximum allocated: 0

    Allocations per second: 0, Frees per second: 0

    Total memory used (in bytes): 186178160, Total memory free (in bytes):
294069272



> show services accounting errors

Service Accounting interface: sp-7/0/0, Local interface index: 156

Service name: (default sampling)

Interface state: Accounting

  Error information

    Packets dropped (no memory): 0, Packets dropped (not IP): 0

    Packets dropped (not IPv4): 0, Packets dropped (header too small): 0

    Memory allocation failures: 0, Memory free failures: 0

    Memory free list failures: 0

    Memory warning: No, Memory overload: No, PPS overload: No, BPS overload:
No



> show services accounting flow

Service Accounting interface: sp-7/0/0, Local interface index: 156

Service name: (default sampling)

Interface state: Accounting

  Flow information

    Flow packets: 957825306, Flow bytes: 375757478595

    Flow packets 10-second rate: 45742, Flow bytes 10-second rate: 13294092

    Active flows: 96942, Total flows: 48807590

    Flows exported: 48791666, Flows packets exported: 1638159

    Flows inactive timed out: 48710648, Flows active timed out: 81447



Finally, the following does produce what seems to be valid entries:

> show services accounting flow-detail limit 10



                Thanks!



                -Scott

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list