[j-nsp] Netflow Export - MX running 10.x
Chris Evans
chrisccnpspam2 at gmail.com
Fri Sep 17 12:30:32 EDT 2010
My opinion. Don't waste time on firewall filters. Use the sampling command
under family inet instead.
> Hi there..
>
>
>
> I'm working with an MX480 running 10.0R3.10 trying to get Netflow 5
> exporting up and running.... been reading some of the docs from Juniper
and
> must be reading the wrong info because what they talk about I don't see ;)
>
>
>
> First, firewall filter:
>
>
>
> filter cflowd {
>
> term sampled_packets {
>
> from {
>
> source-address {
>
> 0.0.0.0/0;
>
> }
>
> }
>
> then accept;
>
> }
>
> term other {
>
> then accept;
>
> }
>
> }
>
>
>
>
>
> Then forwarding options:
>
>
>
> sampling {
>
> input {
>
> rate 1;
>
> run-length 0;
>
> max-packets-per-second 7000;
>
> }
>
> family inet {
>
> output {
>
> flow-server xx.xxx.xx.2 {
>
> port 5000;
>
> source-address xx.xx.xxx.59;
>
> version 5;
>
> }
>
> }
>
> }
>
> }
>
>
>
>
>
> When I apply this as input on an interface I see nothing hitting the
netflow
> system.... the docs talk about "sampling output" instead of "sampling
family
> inet" but I have no option for "sampling output"
>
>
>
> Confused I am ;) Doesn't take much ... (oh, and yes I want 1:1 sampling at
> this point simply because the traffic levels will allow it in the short
> term)
>
>
>
> Paul
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list