[j-nsp] IPv6 traffic monitoring

[David Ball]

  Not sure about on the SRX, but on Ts and MXs you can apply a
firewall filter (defined under [edit firewall family inet6]) under
family inet6 on the interface, and have that firewall filter simply
'count'.  You can then poll the counter value using SNMP (having the
jnxFirewall MIB loaded will simplify this endeavor).  See related
thread here from earlier this week:

https://mail.google.com/mail/?shva=1#label/juniper-nsp/1304e03048f5aefb

  This method currently works for me, but again, is simply a byte
counter...no real inspection going on.

David


2011/6/10 André Vasquez <albernardes at gmail.com>:
> The only available way to monitor IPv6 traffic from management platform is using jflow version 9. Not all equipments have this feature available since its hardware based. We run v9 on MX and T platforms with MS-PIC/MS-DPC cards.
>
> The RFC 4293 describe new MIB to monitor traffic based on address family, but JunOS does support it yet.
>
> Rgds
>
> Enviado via iPhone
>
> Em 10/06/2011, às 05:02, L Kennedy <kennedyl at indigo.ie> escreveu:
>
>> Hi,
>>
>> I enabled v6 on a one of my SRX240s (inspired by IPv6 day yesterday) - apart
>> of lack of UTM, seems to work fine but how do I monitor how much traffic is
>> actually going over v6?
>>
>> Theres no v6 JFlow, even though our STRM (where the flow data is going) does
>> have a filter for v6 traffic; and the Juniper v6 MIB seems to only measure
>> total v6 packets *to* the box itself, not transit packets.
>>
>> The upstream MX does have v6 interface counters (though the SRX doesn't) but
>> again there doesn't seem to be any way of querying them over SNMP - anyone
>> have any ideas?
>>
>> Liam.
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp