[j-nsp] MS-DPC and netflow.
bit gossip
bit.gossip at chello.nl
Fri Jul 16 05:01:28 EDT 2010
Peter,
the config provided is working fine on 10.2R1.8
Sampling must indeed be enabled at logical interface level with
something like this:
ge-3/0/7 {
link-mode full-duplex;
unit 0 {
family inet {
sampling {
input;
}
address 1.1.1.1/30;
}
}
}
or also with a firewall filter.
Thanks,
Luca.
On Fri, 2010-07-16 at 08:01 +0200, Peter Krupl wrote:
> Hi Chris, Luca, David (Posted a reply off list),
>
> Im running Junos 10.1R1.8.
> The current configuration im using is shown below.
>
> The configuration is accepted, and I see some flow exports to my collector.
>
> But the traffic received at the collector is arriving at an interval og about 60 seconds,
> and it seems the data is the same. I suspect that is only template information, and not
> actual flow data.
>
> 1.
> Do I (have to)/(can i) specify which interfaces should be included in the flow export ?
>
> 2.
> As my box is running as PE, I think the mpls-ipv4 template is the one to use, am I correct ?
>
> 3.
> The license for flow accounting called "SA-ACCT-5M" did not contain any license keys. Do I need to obtain an activation key somehow ? Maybe this is why I don't se any flows.?
>
>
>
> -----------------------------------CONFIG-----------------------------------
> chassis {
> .
> fpc 1 {
> .
> pic 1 {
> tunnel-services {
> bandwidth 10g;
> }
> adaptive-services {
> service-package layer-3;
> }
> }
> }
> network-services ip;
> }
> interfaces {
> .
> sp-1/1/0 {
> unit 0 {
> family inet;
> family inet6;
> family mpls;
> }
> }
> .
> }
> forwarding-options {
> sampling {
> input {
> rate 1;
> run-length 1;
> }
> family mpls {
> output {
> flow-server 213.173.238.99{
> port 9990;
> source-address 89.233.99.193;
> version9 {
> template {
> mpls-ipv4;
> }
> }
> }
> interface sp-1/1/0 {
> source-address 89.233.99.193;
> }
> }
> }
> }
> }
>
> services {
> flow-monitoring {
> version9 {
> template ipv4 {
> ipv4-template;
> }
> template ipv6 {
> ipv6-template;
> }
> template mpls {
> mpls-template;
> }
> template mpls-ipv4 {
> mpls-ipv4-template;
> }
> }
> }
> .
> }
>
> -----------------------------------CONFIG-----------------------------------
>
> Kind Regards,
> Peter Krupl
>
>
> -----Original Message-----
> From: Chris Tracy [mailto:ctracy at es.net]
> Sent: Thursday, July 15, 2010 7:55 PM
> To: bit gossip
> Cc: Peter Krupl; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] MS-DPC and netflow.
>
> Peter, Luca,
>
> I believe you need to be running 9.6 or later in order to use the config that Luca provided below.
>
> Prior to 9.6, you will only find 'input', 'output' and 'traceoptions' under forwarding-options { sampling { ... } }. After 9.6, you will find 'family inet' and 'family inet6' under that level -- but not in earlier releases. In either case, under output { ... }, older JUNOS seems to use 'cflowd' while newer JUNOS uses the 'flow-server' keyword.
>
> The advantage is that after 9.6, you can output IPv4 and IPv6 flow data to the same collector IP address/port. e.g. apply multiple templates to a single collector. Before 9.6, you had to apply the IPv4 template to one cflowd IP, and the IPv6 (or MPLS) template to another cflowd IP.
>
> Another cool thing you can do after 9.6 is per-FPC sampling instances. For example, you can do
>
> forwarding-options {
> sampling {
> instance {
> xyz {
> input { ... }
> family inet { ... }
> family inet6 { ... }
> }
> }
> }
> }
> chassis {
> fpc X {
> sampling-instance xyz;
> }
> }
>
> I haven't really seen a reason to use this type of config yet, but if you are somehow max'ing out the resources of a single MS-DPC, it looks like you could potentially use this syntax to dedicate one MS-DPC to one or more FPCs, another MS-DPC to another set of FPCs, etc.
>
> For completeness, here is a working example from JUNOS 9.3. Just make sure you are doing sampling somewhere in your firewall filters (e.g. you might sample all inbound on every interface). You need to be careful not to sample the same flow twice (on each router) or else your flow records will show double packets/octets.
>
> interfaces {
> sp-1/0/0 {
> unit 0 {
> family inet;
> family inet6;
> family mpls;
> }
> }
> }
> forwarding-options {
> sampling {
> input {
> family inet {
> rate 1;
> run-length 0;
> max-packets-per-second 65000;
> }
> family inet6 {
> rate 1;
> run-length 0;
> max-packets-per-second 65000;
> }
> }
> output {
> cflowd 10.0.0.1 {
> port 9999;
> version9 {
> template {
> ipv4;
> }
> }
> no-local-dump;
> autonomous-system-type origin;
> }
> cflowd 10.0.0.2 {
> port 9999;
> version9 {
> template {
> ipv6;
> }
> }
> no-local-dump;
> autonomous-system-type origin;
> }
> flow-inactive-timeout 15;
> flow-active-timeout 60;
> interface sp-1/0/0 {
> source-address [router loopback address];
> }
> }
> }
> }
> services {
> flow-monitoring {
> version9 {
> template ipv4 {
> ipv4-template;
> }
> template mpls {
> mpls-template;
> }
> template ipv6 {
> ipv6-template;
> }
> }
> }
> }
>
> Cheers,
> -Chris
>
>
> On Jul 15, 2010, at 10:18 AM, bit gossip wrote:
>
> > Hi Peter,
> > this should be working
> > Thanks,
> > Luca.
> >
> > forwarding-options {
> > sampling {
> > input {
> > rate 1;
> > run-length 0;
> > }
> > family inet {
> > output {
> > flow-server 1.1.1.66 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO_V9;
> > }
> > }
> > }
> > flow-server 1.1.1.194 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO_V9;
> > }
> > }
> > }
> > interface sp-2/0/0 {
> > source-address 1.1.1.1;
> > }
> > }
> > }
> > family inet6 {
> > output {
> > flow-server 1.1.1.66 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO-INET6-V9;
> > }
> > }
> > }
> > flow-server 1.1.1.194 {
> > port 3333;
> > autonomous-system-type origin;
> > no-local-dump;
> > version9 {
> > template {
> > PIPPO-INET6-V9;
> > }
> > }
> > }
> > interface sp-2/0/0 {
> > source-address 1.1.1.1;
> > }
> > }
> > }
> > }
> > }
> > services {
> > flow-monitoring {
> > version9 {
> > template PIPPO_V9 {
> > ipv4-template;
> > }
> > template PIPPO-INET6-V9 {
> > ipv6-template;
> > }
> > }
> > }
> > }
> >
> > On Thu, 2010-07-15 at 10:58 +0200, Peter Krupl wrote:
> >> Hi guys,
> >>
> >> Im at a complete loss regarding this issue. And the documentation at J is
> >> a bad mess of RE based flow sampling, and M series stuff mixed with
> >> MX/MS-DPC stuff.
> >>
> >> 1 .Do I need to prep the MS-DPC more than ? :
> >> aggregated-devices {
> >> ethernet {
> >> device-count 1;
> >> }
> >> }
> >> fpc 1 {
> >> pic 0 {
> >> adaptive-services {
> >> service-package layer-3;
> >> }
> >> }
> >> pic 1 {
> >> adaptive-services {
> >> service-package layer-3;
> >> }
> >> }
> >> }
> >> network-services ip;
> >>
> >> 2. Anyone has a working configuration for netflow v9 on MX ?
> >>
> >> 3. And what is the purpose of the source address statement under / forwarding-options/output/interface,
> >> where is this address used ?
> >>
> >> Im running 10.1R1.8 and the suggested config in the docs for 10.1 gives me a
> >> deprecated warning.
> >>
> >> Here is my config:
> >>
> >> forwarding-options {
> >> sampling {
> >> input {
> >> family inet {
> >> rate 1;
> >> }
> >> family mpls {
> >> rate 1;
> >> }
> >> }
> >> output { ## Warning: 'output' is deprecated
> >> flow-inactive-timeout 30;
> >> flow-active-timeout 60;
> >> flow-server 213.173.238.14 {
> >> port 9990;
> >> version9 {
> >> template {
> >> ip-template;
> >> }
> >> }
> >> }
> >> interface sp-1/0/0 {
> >> source-address 1.1.1.1;
> >> }
> >> }
> >> }
> >> }
> >>
> >> Kind regards,
> >> Peter Krupl
> >>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> --
> Chris Tracy <ctracy at es.net>
> Energy Sciences Network (ESnet)
> Lawrence Berkeley National Laboratory
>
>
>
>
More information about the juniper-nsp
mailing list