[j-nsp] MX 3D netflow capacity

Jack Bates jbates at brightok.net
Tue Nov 1 09:50:14 EDT 2011 

On 11/1/2011 6:39 AM, Phil Mayers wrote:
> On the MX series routers, the only netflow you can do with DPCs is 
> heavily sampled, exported by the RE, and limited to Netflow v5?
>
Without an ms-dpc, that is correct.

> If you have DPCs, you can buy an MS-DPC to do "real" netflow. Based on 
> the software license part numbers, it seems this card can go up to at 
> least 40 million (!) flows?
>
MS-DPC does 5.2 million flows per NPU, and it has 2x NPU on the DPC. so 
just over 10mil. It handles IPv4, MPLS, MPLS-IPv4, IPv6. Max throughput 
is around 7-8Gbps (2NPU).
> If you have an MS-DPC, how is the flow capture performed? Do packets 
> get routed through the MS-DPC and then back into the fabric, or does 
> the packet (or some portion of it) get replicated? Does this affect 
> forwarding throughput or latency?
>
My understanding is that it's mirrored to the MS-DPC.

>
> If you have MPCs, the Trio chipset supports netflow "inline"? But I 
> see no indication of what the flow capacity of the Trio PFEs is. I see 
> some part numbers for "10 Gbps of J-flow (requires MPC)" such as 
> S-ACCT-JFloW-IN- 10g. But does that number refer to input (customer) 
> packets or output (jflow) packets?
>
IPv4 IPFIX is all that was enabled on trio the last I checked. they are 
still adding the rest of the features to it. Trio does 4 million flows, 
40Mpps, and 20Gbit (presumably per trio).
> I'm assuming these licenses cost a lot of money; can any give 
> indications of what cost? Or what fraction of the MPC cost?
>
No idea.
> How do the two (MS-DPC or MPC with built-in netflow) compare 
> feature-wise with "equivalent" Cisco platforms (ASR, for example). Do 
> they support IPv6, full "unsampled" (1:1) netflow, full src/dst 
> ip/port & interface "masks" etc.?
>
MS-DPC does jflow v9. if you're traffic is lower than it's caps, it can 
do 1:1.

The trio is only v4, but uses the new IPFix. v6 and mpls support are on 
the roadmap for it.
> The upshot of the question is, what combination of Juniper hardware do 
> you need to do unsampled netflow "the same as an equivalent Cisco", 
> and roughly how much would it cost? I'm assuming "too much" is the 
> answer, but would like to be sure.
>

As the code completes, trio support is the most likely to actually pull 
1:1, but even it has it's limitations. I current just use the RE with 
file logging if I need to check for something. I still haven't found a 
flow collection layout I'm happy with. Once I do and trio has IPv6, I'll 
pop the licenses for that, but then I'm fully MPC.


Jack

More information about the juniper-nsp mailing list