[j-nsp] netflow sampling problem in 10.2
Chris Tracy
ctracy at es.net
Thu May 19 14:11:55 EDT 2011
Hi Matjaž,
Comments in-line below.
> It is RE-based. We don't have a $MS-DPC :-(
> The config is very simple and it worked for us in 9.6. In firewall filters we use terms like that:
>
> term Sample {
> then {
> count cntrS_Sample;
> sample;
> next term;
> }
> }
> (all these filters are ingress/input)
>
> ...and we sample with:
>
> [ forwarding-options sampling ]
> input {
> rate 256;
> run-length 0;
> max-packets-per-second 8000;
There is a hard limit of 7000, you'll never get more than that with RE-based sampling. I'd recommend lowering this, but this likely has nothing to do with your problem.
> family inet {
> output {
> flow-active-timeout 300;
> flow-server *** {
> port ***;
> autonomous-system-type peer;
> no-local-dump;
> source-address x.y.z.w;
> version 5;
> }
> }
I'd try changing this to:
[ remove family inet {...}, put directly under sampling { ... } ]
output {
cflowd x.x.x.x { /* instead of flow-server... */
...same...
}
}
Please let the list know if this helps!
Cheers,
-Chris
--
Chris Tracy <ctracy at es.net>
Energy Sciences Network (ESnet)
Lawrence Berkeley National Laboratory
More information about the juniper-nsp
mailing list