[j-nsp] Wierd problem with RE-based sampling on 12.3

david.roy at orange.com david.roy at orange.com
Fri Aug 2 17:01:28 EDT 2013


Did you try only input direction? I guess yes and i guess it works but just to be sure. I

Netflow v5 & 12.3 work fine for us on dpc but we use only input sampling.


Tom Eichhorn <tom at wirkbetrieb.net> a écrit :

Dear all,

I have a very curious problem with some box running
JunOS 12.3, DPC-based:

I have one interface towards some upstream provider and want to
generate cflow for in- and outbound direction and have the following

teichhorn at somerouter# show forwarding-options
sampling {
    input {
        rate 2048;
        run-length 0;
        max-packets-per-second 4096;
    family inet {
        output {
            flow-active-timeout 60;
            flow-server a.a.a.a {
                port 9000;
                autonomous-system-type origin;
                source-address (ip lo0);
                version 5;

teichhorn at somerouter# show interfaces xe-0/3/0
description "TRANSIT - XXX";
unit 0 {
    family inet {
        sampling {
        address c.c.c.c;
    family inet6 {
        address a:b:c:d::1/128;

(It doesn't matter if I use family inet sampling or a firewall filter)

All the flows which are exported only contains the outbound packets,
but no inbound ones.

Has anyone seen that before or has a hint? I would like to open a case
the next days but like to hear your opinion before...

(And no, I can't simply put output sampling on the other interfaces,
since there is MPLS forwarding on them active...)

juniper-nsp mailing list juniper-nsp at puck.nether.net


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

More information about the juniper-nsp mailing list