[j-nsp] Netflow Export - MX running 10.x

[Chris Evans]

No problem. I live a primary Cisco world too.  Once I get back to the office
I will post the config.
> Thanks - do you have sample config or docs on this? Sorry, still a bit
lost
> - converting from Cisco world which appears to be a lot different ;)
>
>
>
> From: Chris Evans [mailto:chrisccnpspam2 at gmail.com]
> Sent: September-17-10 12:31 PM
> To: Paul Stewart
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Netflow Export - MX running 10.x
>
>
>
> My opinion. Don't waste time on firewall filters. Use the sampling command
> under family inet instead.
>
>> Hi there..
>>
>>
>>
>> I'm working with an MX480 running 10.0R3.10 trying to get Netflow 5
>> exporting up and running.... been reading some of the docs from Juniper
> and
>> must be reading the wrong info because what they talk about I don't see
;)
>>
>>
>>
>> First, firewall filter:
>>
>>
>>
>> filter cflowd {
>>
>> term sampled_packets {
>>
>> from {
>>
>> source-address {
>>
>> 0.0.0.0/0;
>>
>> }
>>
>> }
>>
>> then accept;
>>
>> }
>>
>> term other {
>>
>> then accept;
>>
>> }
>>
>> }
>>
>>
>>
>>
>>
>> Then forwarding options:
>>
>>
>>
>> sampling {
>>
>> input {
>>
>> rate 1;
>>
>> run-length 0;
>>
>> max-packets-per-second 7000;
>>
>> }
>>
>> family inet {
>>
>> output {
>>
>> flow-server xx.xxx.xx.2 {
>>
>> port 5000;
>>
>> source-address xx.xx.xxx.59;
>>
>> version 5;
>>
>> }
>>
>> }
>>
>> }
>>
>> }
>>
>>
>>
>>
>>
>> When I apply this as input on an interface I see nothing hitting the
> netflow
>> system.... the docs talk about "sampling output" instead of "sampling
> family
>> inet" but I have no option for "sampling output"
>>
>>
>>
>> Confused I am ;) Doesn't take much ... (oh, and yes I want 1:1 sampling
at
>> this point simply because the traffic levels will allow it in the short
>> term)
>>
>>
>>
>> Paul
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>