[j-nsp] J-Flow seems to not exporting all the traffic

Bruce Morgan Bruce.Morgan at aarnet.edu.au
Sun Jan 6 21:53:12 EST 2013 

Hi Samol,

What Junos are you running?

Inline jflow is supported as of Junos 11.2, but buggy, until Junos 13.1 gets released in terms of origin AS as the tfeb pointer is 16 bits > 64K AS paths leads to incorrect assignments.  Junos 11.2R6.5 fixes this by adding a bogus AS entry but this is a partial fix.

I think both v9 and IPFIX is supported in 11.2 with inline-jflow – I just use IPFIX.

To configure it you'd need to do:
chassis {
    tfeb {
        slot 0 {
            sampling-instance customer;
        }
    }
}
forwarding-options {
    sampling {
        instance {
            customer {
                input {
                    rate 1;
                }
                family inet {
                    output {
                        flow-server 1.1.1.2 {
                            port 9991;
                            autonomous-system-type origin;
                            no-local-dump;
                            version-ipfix {
                                template {
                                    ipv4;
                                }
                            }
                        }
                        inline-jflow {
                            source-address 1.1.1.1;
                            flow-export-rate 400;
                        }
                    }
                }
            }
        }
    }
}
firewall {
   family inet {
      filter flow-filter {
        term default {
            then {
                sample;
                accept;
            }
        }
    }
}
services {
    flow-monitoring {
        version-ipfix {
            template ipv4 {
                flow-active-timeout 60;
                flow-inactive-timeout 60;
                template-refresh-rate {
                    packets 10000;
                    seconds 60;
                }
                option-refresh-rate {
                    packets 10000;
                    seconds 60;
                }
                ipv4-template;
            }
        }
    }
}

Best look at the Juniper documentation on inline-jflow, though it's erroneous in a number of parts

regards

Bruce

Bruce Morgan
Operations and Peering Manager
street address:  AARNet, POD 3, 20 Dick Perry Ave, Kensington, WA 6151, Australia
m. 0408 882 390     t. +61 8 9289 2212      e.  bruce.morgan at aarnet.edu.au<mailto:bruce.morgan at aarnet.edu.au>
w. www.aarnet.edu.au<http://www.aarnet.edu.au/>


From: Samol <molasian at gmail.com<mailto:molasian at gmail.com>>
Date: Monday, 7 January 2013 10:31 AM
To: Bruce Morgan <Bruce.Morgan at aarnet.edu.au<mailto:Bruce.Morgan at aarnet.edu.au>>
Cc: juniper-nsp <juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
Subject: Re: [j-nsp] J-Flow seems to not exporting all the traffic

Hi Bruce,

I think MX5 doesn't support inline jflow and what is tfeb ? why withouth inline jflow and tfeb, we only collect few percent of traffic ? could you explain more on this?

Regards,
Sam

2013/1/7 Bruce Morgan <Bruce.Morgan at aarnet.edu.au<mailto:Bruce.Morgan at aarnet.edu.au>>
tfeb

More information about the juniper-nsp mailing list