[j-nsp] Arbor Peakflow with MX960

Jonas Frey (Probe Networks) jf at probe-networks.de
Thu Aug 18 17:32:58 EDT 2011 

Hello Matt,

i am not too familar with peakflow but you should get it working with
the following:

router# show forwarding-options 
sampling {
    input {
        family inet {
            rate 100;
        }
    }
    output {
        cflowd A.B.C.D {
            port 2055;
            version 5;
        }


router# show firewall filter incoming 
term 1 {
    then {
        sample;
        next term;
    }
}
[ your normal firewall rules here ]
term 4 {
    then accept;
}


After that you apply this filter "incoming" on whatever interface you
want to sample. The "next term" statement only samples and will continue
processing your firewall rules as normal.

As for the global config at forwarding-options: I havent tried this. I
like to have this only running on interfaces i configure the filter
on...much more precise.

-- 
Mit freundlichen Grüßen / Best regards, 
Jonas Frey

----------------------------------------------------------------
Probe Networks Jonas Frey        e-Mail: jf at probe-networks.de
Auf Strützberg 26                D-66663 Merzig
Tel: +(49) (0) 180 5959723*      Fax: +(49) (0) 180 5998480*
* (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise) 
Internet: www.probe-networks.de  Hotline: 0800 1656531
----------------------------------------------------------------

Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind
oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens
untersagt.

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the contents of this
e-mail is strictly prohibited.

------------------------------------------


Am Donnerstag, den 18.08.2011, 12:43 -0700 schrieb Matt Hite:
> Hello --
> 
> I've recently deployed some MX960 (Treo) and now need to get their
> flow data in Arbor Peakflow SP. Unfortunately the instructions in the
> Arbor manual appear to be very long in the tooth and a bit confusing.
> Specifically, the integration directions are for a "JunOS version
> 5.5B1.3 on a Juniper M5 Router." Now I'm sure there is carry over that
> is relevant still, I just want to make sure I'm going down the right
> path. Apologies for the rudimentary questions here. My previous
> experience was sflow only...
> 
> They mention using "set forwarding- options family inet filter input
> filter <name>" as "the easiest way to apply a filter to all packets
> received by the system."
> 
> They then suggest a filter like this:
> 
> admin at m5# set firewall filter cflowd term sampled_packets from
> source-address 0.0.0.0/0
> admin at m5# set firewall filter cflowd term sampled_packets then accept
> admin at m5# set firewall filter cflowd term other then accept
> 
> To make things a bit confusing, they also say to enable it on an interface:
> 
> set interfaces e3/4/1 unit 0 family inet filter input cflowd
> 
> I'm guessing you would do it on the interface or do it globally with
> the "set forwarding- options family inet filter input filter <name>"
> command? Confused a bit by this...
> 
> Also, since I have other filters on the input side of my interfaces, I
> presume I'd remove that last term "other" from their example. Although
> I'm a bit concerned that dropping that on the input filter for the
> interface will act as a terminating action in the evaluation of
> packets flowing through the interface, and it won't continue on with
> my other terms.
> 
> I also see some mention in the Juniper CLI manual about how to do it
> if you have a Monitoring Services PIC:
> 
> http://jnpr.net/techpubs/software/junos/junos90/swconfig-policy/configuring-flow-monitoring.html
> 
> Also, Arbor provides some instructions on configuring version 9 cflow,
> too, although I don't think that's actually what I need to do.
> 
> Does anyone have a similar setup who might be willing to help me out
> with an annotated example? It would be very much appreciated.
> 
> Thanks,
> 
> -M
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110818/22b1a015/attachment.pgp>

More information about the juniper-nsp mailing list