[j-nsp] Arbor Peakflow with MX960

Thu Aug 18 18:33:17 EDT 2011

Thanks to Jeff Richmond and Jonas Frey who were kind enough to provide
guidance both on and off-list.

This is what I ended up with:

[edit interfaces xe-0/0/0 unit 0 family inet filter]
+       input-list [ sample-cflow accept-da accept-bgp accept-icmp
discard-all ];
[edit forwarding-options]
+   sampling {
+       input {
+           family inet {
+               rate 500;
+               run-length 0;
+               max-packets-per-second 65535;
+           }
+       }
+       output {
+           flow-server 172.20.1.80 {
+               port 5000;
+               version 5;
+           }
+       }
+   }
[edit firewall]
+    family inet {
+        filter sample-cflow {
+            term 1 {
+                then sample;
+            }
+        }
+    }

What is interesting is that the config parser tells me the "output"
stanza is depreciated.

input {
    family inet {
        rate 500;
        run-length 0;
        max-packets-per-second 65535;
    }
}
output { ## Warning: 'output' is deprecated
    flow-server 172.20.1.80 {
        port 5000;
        version 5;
    }
}

Anyone know the new, non-deprecated way?

-M

On Thu, Aug 18, 2011 at 12:43 PM, Matt Hite <lists at beatmixed.com> wrote:
> Hello --
>
> I've recently deployed some MX960 (Treo) and now need to get their
> flow data in Arbor Peakflow SP. Unfortunately the instructions in the
> Arbor manual appear to be very long in the tooth and a bit confusing.
> Specifically, the integration directions are for a "JunOS version
> 5.5B1.3 on a Juniper M5 Router." Now I'm sure there is carry over that
> is relevant still, I just want to make sure I'm going down the right
> path. Apologies for the rudimentary questions here. My previous
> experience was sflow only...
>
> They mention using "set forwarding- options family inet filter input
> filter <name>" as "the easiest way to apply a filter to all packets
> received by the system."
>
> They then suggest a filter like this:
>
> admin at m5# set firewall filter cflowd term sampled_packets from
> source-address 0.0.0.0/0
> admin at m5# set firewall filter cflowd term sampled_packets then accept
> admin at m5# set firewall filter cflowd term other then accept
>
> To make things a bit confusing, they also say to enable it on an interface:
>
> set interfaces e3/4/1 unit 0 family inet filter input cflowd
>
> I'm guessing you would do it on the interface or do it globally with
> the "set forwarding- options family inet filter input filter <name>"
> command? Confused a bit by this...
>
> Also, since I have other filters on the input side of my interfaces, I
> presume I'd remove that last term "other" from their example. Although
> I'm a bit concerned that dropping that on the input filter for the
> interface will act as a terminating action in the evaluation of
> packets flowing through the interface, and it won't continue on with
> my other terms.
>
> I also see some mention in the Juniper CLI manual about how to do it
> if you have a Monitoring Services PIC:
>
> http://jnpr.net/techpubs/software/junos/junos90/swconfig-policy/configuring-flow-monitoring.html
>
> Also, Arbor provides some instructions on configuring version 9 cflow,
> too, although I don't think that's actually what I need to do.
>
> Does anyone have a similar setup who might be willing to help me out
> with an annotated example? It would be very much appreciated.
>
> Thanks,
>
> -M
>