[j-nsp] MS-DPC and netflow.
Chris Tracy
ctracy at es.net
Thu Jul 15 13:54:47 EDT 2010
Peter, Luca,
I believe you need to be running 9.6 or later in order to use the config that Luca provided below.
Prior to 9.6, you will only find 'input', 'output' and 'traceoptions' under forwarding-options { sampling { ... } }. After 9.6, you will find 'family inet' and 'family inet6' under that level -- but not in earlier releases. In either case, under output { ... }, older JUNOS seems to use 'cflowd' while newer JUNOS uses the 'flow-server' keyword.
The advantage is that after 9.6, you can output IPv4 and IPv6 flow data to the same collector IP address/port. e.g. apply multiple templates to a single collector. Before 9.6, you had to apply the IPv4 template to one cflowd IP, and the IPv6 (or MPLS) template to another cflowd IP.
Another cool thing you can do after 9.6 is per-FPC sampling instances. For example, you can do
forwarding-options {
sampling {
instance {
xyz {
input { ... }
family inet { ... }
family inet6 { ... }
}
}
}
}
chassis {
fpc X {
sampling-instance xyz;
}
}
I haven't really seen a reason to use this type of config yet, but if you are somehow max'ing out the resources of a single MS-DPC, it looks like you could potentially use this syntax to dedicate one MS-DPC to one or more FPCs, another MS-DPC to another set of FPCs, etc.
For completeness, here is a working example from JUNOS 9.3. Just make sure you are doing sampling somewhere in your firewall filters (e.g. you might sample all inbound on every interface). You need to be careful not to sample the same flow twice (on each router) or else your flow records will show double packets/octets.
interfaces {
sp-1/0/0 {
unit 0 {
family inet;
family inet6;
family mpls;
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 1;
run-length 0;
max-packets-per-second 65000;
}
family inet6 {
rate 1;
run-length 0;
max-packets-per-second 65000;
}
}
output {
cflowd 10.0.0.1 {
port 9999;
version9 {
template {
ipv4;
}
}
no-local-dump;
autonomous-system-type origin;
}
cflowd 10.0.0.2 {
port 9999;
version9 {
template {
ipv6;
}
}
no-local-dump;
autonomous-system-type origin;
}
flow-inactive-timeout 15;
flow-active-timeout 60;
interface sp-1/0/0 {
source-address [router loopback address];
}
}
}
}
services {
flow-monitoring {
version9 {
template ipv4 {
ipv4-template;
}
template mpls {
mpls-template;
}
template ipv6 {
ipv6-template;
}
}
}
}
Cheers,
-Chris
On Jul 15, 2010, at 10:18 AM, bit gossip wrote:
> Hi Peter,
> this should be working
> Thanks,
> Luca.
>
> forwarding-options {
> sampling {
> input {
> rate 1;
> run-length 0;
> }
> family inet {
> output {
> flow-server 1.1.1.66 {
> port 3333;
> autonomous-system-type origin;
> no-local-dump;
> version9 {
> template {
> PIPPO_V9;
> }
> }
> }
> flow-server 1.1.1.194 {
> port 3333;
> autonomous-system-type origin;
> no-local-dump;
> version9 {
> template {
> PIPPO_V9;
> }
> }
> }
> interface sp-2/0/0 {
> source-address 1.1.1.1;
> }
> }
> }
> family inet6 {
> output {
> flow-server 1.1.1.66 {
> port 3333;
> autonomous-system-type origin;
> no-local-dump;
> version9 {
> template {
> PIPPO-INET6-V9;
> }
> }
> }
> flow-server 1.1.1.194 {
> port 3333;
> autonomous-system-type origin;
> no-local-dump;
> version9 {
> template {
> PIPPO-INET6-V9;
> }
> }
> }
> interface sp-2/0/0 {
> source-address 1.1.1.1;
> }
> }
> }
> }
> }
> services {
> flow-monitoring {
> version9 {
> template PIPPO_V9 {
> ipv4-template;
> }
> template PIPPO-INET6-V9 {
> ipv6-template;
> }
> }
> }
> }
>
> On Thu, 2010-07-15 at 10:58 +0200, Peter Krupl wrote:
>> Hi guys,
>>
>> Im at a complete loss regarding this issue. And the documentation at J is
>> a bad mess of RE based flow sampling, and M series stuff mixed with
>> MX/MS-DPC stuff.
>>
>> 1 .Do I need to prep the MS-DPC more than ? :
>> aggregated-devices {
>> ethernet {
>> device-count 1;
>> }
>> }
>> fpc 1 {
>> pic 0 {
>> adaptive-services {
>> service-package layer-3;
>> }
>> }
>> pic 1 {
>> adaptive-services {
>> service-package layer-3;
>> }
>> }
>> }
>> network-services ip;
>>
>> 2. Anyone has a working configuration for netflow v9 on MX ?
>>
>> 3. And what is the purpose of the source address statement under / forwarding-options/output/interface,
>> where is this address used ?
>>
>> Im running 10.1R1.8 and the suggested config in the docs for 10.1 gives me a
>> deprecated warning.
>>
>> Here is my config:
>>
>> forwarding-options {
>> sampling {
>> input {
>> family inet {
>> rate 1;
>> }
>> family mpls {
>> rate 1;
>> }
>> }
>> output { ## Warning: 'output' is deprecated
>> flow-inactive-timeout 30;
>> flow-active-timeout 60;
>> flow-server 213.173.238.14 {
>> port 9990;
>> version9 {
>> template {
>> ip-template;
>> }
>> }
>> }
>> interface sp-1/0/0 {
>> source-address 1.1.1.1;
>> }
>> }
>> }
>> }
>>
>> Kind regards,
>> Peter Krupl
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Chris Tracy <ctracy at es.net>
Energy Sciences Network (ESnet)
Lawrence Berkeley National Laboratory
More information about the juniper-nsp
mailing list