[j-nsp] Arbor Peakflow with MX960

Jonas Frey (Probe Networks) jf at probe-networks.de
Thu Aug 18 19:27:04 EDT 2011


Yes, basically switched the definitions. But it makes more sense...dont
need to specify the input family as you already do that by applying the
filter on the interface you want to sample which then carries
v4/v6/whatever.

So its only needed for output as you can then split your flow's to
various capture devices (i.e. if you have one for v4 and one for v6).

Best Regards,
Jonas

Am Donnerstag, den 18.08.2011, 16:08 -0700 schrieb Matt Hite:
> Bizarre. So you define the family type you want to sample by
> specifying it as the family type on the output stanza? (Seems
> backwards?)
> 
> On Thu, Aug 18, 2011 at 3:51 PM, Jonas Frey (Probe Networks)
> <jf at probe-networks.de> wrote:
> > Matt,
> >
> > yes the config changed in JunOS 10.x.
> >
> > See below:
> >
> > --- OLD ---
> > sampling {
> >    input {
> >        family inet {
> >            rate 100;
> >        }
> >    }
> >    output {
> >        flow-server A.B.C.D {
> >            port 2055;
> >            version 5;
> >        }
> >    }
> >
> > --- NEW ---
> >
> > sampling {
> >    input {
> >        family inet {
> >            rate 100;
> >        }
> >    }
> >  family inet {
> >        output {
> >            flow-server A.B.C.D {
> >                port 2055;
> >                version 5;
> >            }
> >        }
> > }
> >
> >
> > They changed the family thing, you now have to define the type of
> > address family you want to sample (this way you can also separate v4/v6
> > sampling).
> >
> >
> >
> > Best regards,
> > Jonas
> >
> >
> > Am Donnerstag, den 18.08.2011, 15:33 -0700 schrieb Matt Hite:
> >> Thanks to Jeff Richmond and Jonas Frey who were kind enough to provide
> >> guidance both on and off-list.
> >>
> >> This is what I ended up with:
> >>
> >> [edit interfaces xe-0/0/0 unit 0 family inet filter]
> >> +       input-list [ sample-cflow accept-da accept-bgp accept-icmp
> >> discard-all ];
> >> [edit forwarding-options]
> >> +   sampling {
> >> +       input {
> >> +           family inet {
> >> +               rate 500;
> >> +               run-length 0;
> >> +               max-packets-per-second 65535;
> >> +           }
> >> +       }
> >> +       output {
> >> +           flow-server 172.20.1.80 {
> >> +               port 5000;
> >> +               version 5;
> >> +           }
> >> +       }
> >> +   }
> >> [edit firewall]
> >> +    family inet {
> >> +        filter sample-cflow {
> >> +            term 1 {
> >> +                then sample;
> >> +            }
> >> +        }
> >> +    }
> >>
> >> What is interesting is that the config parser tells me the "output"
> >> stanza is depreciated.
> >>
> >> input {
> >>     family inet {
> >>         rate 500;
> >>         run-length 0;
> >>         max-packets-per-second 65535;
> >>     }
> >> }
> >> output { ## Warning: 'output' is deprecated
> >>     flow-server 172.20.1.80 {
> >>         port 5000;
> >>         version 5;
> >>     }
> >> }
> >>
> >> Anyone know the new, non-deprecated way?
> >>
> >> -M
> >>
> >> On Thu, Aug 18, 2011 at 12:43 PM, Matt Hite <lists at beatmixed.com> wrote:
> >> > Hello --
> >> >
> >> > I've recently deployed some MX960 (Treo) and now need to get their
> >> > flow data in Arbor Peakflow SP. Unfortunately the instructions in the
> >> > Arbor manual appear to be very long in the tooth and a bit confusing.
> >> > Specifically, the integration directions are for a "JunOS version
> >> > 5.5B1.3 on a Juniper M5 Router." Now I'm sure there is carry over that
> >> > is relevant still, I just want to make sure I'm going down the right
> >> > path. Apologies for the rudimentary questions here. My previous
> >> > experience was sflow only...
> >> >
> >> > They mention using "set forwarding- options family inet filter input
> >> > filter <name>" as "the easiest way to apply a filter to all packets
> >> > received by the system."
> >> >
> >> > They then suggest a filter like this:
> >> >
> >> > admin at m5# set firewall filter cflowd term sampled_packets from
> >> > source-address 0.0.0.0/0
> >> > admin at m5# set firewall filter cflowd term sampled_packets then accept
> >> > admin at m5# set firewall filter cflowd term other then accept
> >> >
> >> > To make things a bit confusing, they also say to enable it on an interface:
> >> >
> >> > set interfaces e3/4/1 unit 0 family inet filter input cflowd
> >> >
> >> > I'm guessing you would do it on the interface or do it globally with
> >> > the "set forwarding- options family inet filter input filter <name>"
> >> > command? Confused a bit by this...
> >> >
> >> > Also, since I have other filters on the input side of my interfaces, I
> >> > presume I'd remove that last term "other" from their example. Although
> >> > I'm a bit concerned that dropping that on the input filter for the
> >> > interface will act as a terminating action in the evaluation of
> >> > packets flowing through the interface, and it won't continue on with
> >> > my other terms.
> >> >
> >> > I also see some mention in the Juniper CLI manual about how to do it
> >> > if you have a Monitoring Services PIC:
> >> >
> >> > http://jnpr.net/techpubs/software/junos/junos90/swconfig-policy/configuring-flow-monitoring.html
> >> >
> >> > Also, Arbor provides some instructions on configuring version 9 cflow,
> >> > too, although I don't think that's actually what I need to do.
> >> >
> >> > Does anyone have a similar setup who might be willing to help me out
> >> > with an annotated example? It would be very much appreciated.
> >> >
> >> > Thanks,
> >> >
> >> > -M
> >> >
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110819/c7304538/attachment.pgp>


More information about the juniper-nsp mailing list