[j-nsp] MS-DPC and netflow.

[Chris Tracy]

Hi Peter,

> The configuration is accepted, and I see some flow exports to my collector.
> 
> But the traffic received at the collector is arriving at an interval og about 60 seconds,
> and it seems the data is the same. I suspect that is only template information, and not
> actual flow data.

It looks like some others have already gotten back to you.  I suspect that you are indeed just getting template sets and not actually sampling any traffic yet.

Assuming your collector is a Unix host, a good way to check what you are receiving is with tshark (text-based version of wireshark).  You just have to tell tshark which packet dissector to use for the port 9990 traffic, for example:

% tshark -nV -d udp.port==9990,cflow udp port 9990 
Capturing on eth0
Frame 1 (1458 bytes on wire, 1458 bytes captured)
[...]
Cisco NetFlow/IPFIX
    Version: 5
    Count: 29
    [...]

Note that tshark will not be able to decode v9 flow records until it gets a template set.  I'm sure there is a way to do this with the graphical version but I am not familiar with it.

> 2. As my box is running as PE, I think the mpls-ipv4 template is the one to use, am I correct ?

You might want to take a look at the URL below.  It explains what fields are included in each template (or you could just look at the output of tshark when it receives a template set):

http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/config-guide-services/topic-29581.html

As Paolo mentioned, it depends on exactly what you are trying to do.  I would suggest taking a look at the 'Restrictions' section of the above URL as it describes one limitation of the mpls-ipv4 template when using L2VPNs which may or may not apply to you.

Cheers,
-Chris

--
Chris Tracy <ctracy at es.net>
Energy Sciences Network (ESnet)
Lawrence Berkeley National Laboratory