[j-nsp] Netflow Export - MX running 10.x

Paul Stewart paul at paulstewart.org
Fri Sep 17 12:42:33 EDT 2010


Thanks - do you have sample config or docs on this?  Sorry, still a bit lost
- converting from Cisco world which appears to be a lot different ;)

 

From: Chris Evans [mailto:chrisccnpspam2 at gmail.com] 
Sent: September-17-10 12:31 PM
To: Paul Stewart
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Netflow Export - MX running 10.x

 

My opinion. Don't waste time on firewall filters.  Use the sampling command
under family inet instead.  

> Hi there..
> 
> 
> 
> I'm working with an MX480 running 10.0R3.10 trying to get Netflow 5
> exporting up and running.... been reading some of the docs from Juniper
and
> must be reading the wrong info because what they talk about I don't see ;)
> 
> 
> 
> First, firewall filter:
> 
> 
> 
> filter cflowd {
> 
> term sampled_packets {
> 
> from {
> 
> source-address {
> 
> 0.0.0.0/0;
> 
> }
> 
> }
> 
> then accept;
> 
> }
> 
> term other {
> 
> then accept;
> 
> }
> 
> }
> 
> 
> 
> 
> 
> Then forwarding options:
> 
> 
> 
> sampling {
> 
> input {
> 
> rate 1;
> 
> run-length 0;
> 
> max-packets-per-second 7000;
> 
> }
> 
> family inet {
> 
> output {
> 
> flow-server xx.xxx.xx.2 {
> 
> port 5000;
> 
> source-address xx.xx.xxx.59;
> 
> version 5;
> 
> }
> 
> }
> 
> }
> 
> }
> 
> 
> 
> 
> 
> When I apply this as input on an interface I see nothing hitting the
netflow
> system.... the docs talk about "sampling output" instead of "sampling
family
> inet" but I have no option for "sampling output" 
> 
> 
> 
> Confused I am ;) Doesn't take much ... (oh, and yes I want 1:1 sampling at
> this point simply because the traffic levels will allow it in the short
> term)
> 
> 
> 
> Paul
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list