[j-nsp] Arbor Peakflow with MX960

Jonas Frey (Probe Networks) jf at probe-networks.de
Thu Aug 18 18:56:52 EDT 2011 

Woops,
forgot something. Input also changed and should be now:


sampling {
    input {
        rate 100;
    }

(no longer using family...)


Am Freitag, den 19.08.2011, 00:51 +0200 schrieb Jonas Frey (Probe
Networks):
> Matt,
> 
> yes the config changed in JunOS 10.x.
> 
> See below:
> 
> --- OLD ---
> sampling {
>     input {
>         family inet {
>             rate 100;
>         }
>     }
>     output { 
>         flow-server A.B.C.D {
>             port 2055;
>             version 5;
>         }
>     }
> 
> --- NEW ---
> 
> sampling {
>     input {
>         family inet {
>             rate 100;
>         }
>     }
>   family inet {
>         output {
>             flow-server A.B.C.D {    
>                 port 2055;
>                 version 5;
>             }
>         }
> }
> 
> 
> They changed the family thing, you now have to define the type of
> address family you want to sample (this way you can also separate v4/v6
> sampling).
> 
> 
> 
> Best regards,
> Jonas
> 
> 
> Am Donnerstag, den 18.08.2011, 15:33 -0700 schrieb Matt Hite:
> > Thanks to Jeff Richmond and Jonas Frey who were kind enough to provide
> > guidance both on and off-list.
> > 
> > This is what I ended up with:
> > 
> > [edit interfaces xe-0/0/0 unit 0 family inet filter]
> > +       input-list [ sample-cflow accept-da accept-bgp accept-icmp
> > discard-all ];
> > [edit forwarding-options]
> > +   sampling {
> > +       input {
> > +           family inet {
> > +               rate 500;
> > +               run-length 0;
> > +               max-packets-per-second 65535;
> > +           }
> > +       }
> > +       output {
> > +           flow-server 172.20.1.80 {
> > +               port 5000;
> > +               version 5;
> > +           }
> > +       }
> > +   }
> > [edit firewall]
> > +    family inet {
> > +        filter sample-cflow {
> > +            term 1 {
> > +                then sample;
> > +            }
> > +        }
> > +    }
> > 
> > What is interesting is that the config parser tells me the "output"
> > stanza is depreciated.
> > 
> > input {
> >     family inet {
> >         rate 500;
> >         run-length 0;
> >         max-packets-per-second 65535;
> >     }
> > }
> > output { ## Warning: 'output' is deprecated
> >     flow-server 172.20.1.80 {
> >         port 5000;
> >         version 5;
> >     }
> > }
> > 
> > Anyone know the new, non-deprecated way?
> > 
> > -M
> > 
> > On Thu, Aug 18, 2011 at 12:43 PM, Matt Hite <lists at beatmixed.com> wrote:
> > > Hello --
> > >
> > > I've recently deployed some MX960 (Treo) and now need to get their
> > > flow data in Arbor Peakflow SP. Unfortunately the instructions in the
> > > Arbor manual appear to be very long in the tooth and a bit confusing.
> > > Specifically, the integration directions are for a "JunOS version
> > > 5.5B1.3 on a Juniper M5 Router." Now I'm sure there is carry over that
> > > is relevant still, I just want to make sure I'm going down the right
> > > path. Apologies for the rudimentary questions here. My previous
> > > experience was sflow only...
> > >
> > > They mention using "set forwarding- options family inet filter input
> > > filter <name>" as "the easiest way to apply a filter to all packets
> > > received by the system."
> > >
> > > They then suggest a filter like this:
> > >
> > > admin at m5# set firewall filter cflowd term sampled_packets from
> > > source-address 0.0.0.0/0
> > > admin at m5# set firewall filter cflowd term sampled_packets then accept
> > > admin at m5# set firewall filter cflowd term other then accept
> > >
> > > To make things a bit confusing, they also say to enable it on an interface:
> > >
> > > set interfaces e3/4/1 unit 0 family inet filter input cflowd
> > >
> > > I'm guessing you would do it on the interface or do it globally with
> > > the "set forwarding- options family inet filter input filter <name>"
> > > command? Confused a bit by this...
> > >
> > > Also, since I have other filters on the input side of my interfaces, I
> > > presume I'd remove that last term "other" from their example. Although
> > > I'm a bit concerned that dropping that on the input filter for the
> > > interface will act as a terminating action in the evaluation of
> > > packets flowing through the interface, and it won't continue on with
> > > my other terms.
> > >
> > > I also see some mention in the Juniper CLI manual about how to do it
> > > if you have a Monitoring Services PIC:
> > >
> > > http://jnpr.net/techpubs/software/junos/junos90/swconfig-policy/configuring-flow-monitoring.html
> > >
> > > Also, Arbor provides some instructions on configuring version 9 cflow,
> > > too, although I don't think that's actually what I need to do.
> > >
> > > Does anyone have a similar setup who might be willing to help me out
> > > with an annotated example? It would be very much appreciated.
> > >
> > > Thanks,
> > >
> > > -M
> > >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110819/d365e694/attachment.pgp>

More information about the juniper-nsp mailing list