[j-nsp] Using the FXP for flow sources
Scott Granados
scott at granados-llc.net
Thu Aug 21 13:47:59 EDT 2014
This makes sense to me. Thanks for such a good response I really feel like I have a better bead on this now.
Thanks
Scott
On Aug 21, 2014, at 1:43 PM, Tyler Christiansen <tyler at adap.tv<mailto:tyler at adap.tv>> wrote:
This is platform-dependent. Some platforms (definitely EX, probably SRX) use the RE for processing flow data--so you can use fxp0. Other platforms (MX) use the PFE, which is why fxp0 is not a valid interface.
I did some testing on this a few months ago to confirm that EX switches (at least 3200, 3300, 4200, 4500, and 4550) use RE and MX uses PFE. I think I tested our SRX550, too, and saw that it used RE. I honestly don't recall the results of the SRX test, though.
You can find out pretty easily--if you enable it and you can see flow traffic using tcpdump on the SRX (or monitor traffic), it's handled by the RE. If you _don't_ see flow data (but you know it's actually being sent), it's handled by the PFE.
--tc
On Thu, Aug 21, 2014 at 10:09 AM, Scott Granados <scott at granados-llc.net<mailto:scott at granados-llc.net>> wrote:
Hi,
So I’m still a bit confused on what can or can’t be used in the flow monitoring processes. In this case I have an SRX 3600 with a routing instance. I found a config example that illustrates how to enable flow sampling in this type of environment. It specifically mentions that you use a source IP with in the global routing table and not the instance. In my case the only interface I have in the global instance is fxp0.0 (management). I have read in the case of the MX you can’t use the management interface asa flow source. I haven’t been able to find anything regarding the SRX. Is FXP0 a valid source for flow monitoring or do I need to create another interface, maybe a loopback, with in the global instance? Also, is there a good document that details better the limitations of flow monitoring on the SRX. I’ve found some bits and pieces but nothing centralized. Any pointers would be most appreciated.
Thanks
Scott
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
[https://adap.tv/sigs/logo.png]
Tyler Christiansen | Technical Operations
tyler<http://adap.tv/>@adap.tv<http://adap.tv/> | www.adap.tv<http://www.adap.tv/>
m : 864.346.4095
More information about the juniper-nsp
mailing list