[j-nsp] Using the FXP for flow sources

Tyler Christiansen tyler at adap.tv
Thu Aug 21 13:53:02 EDT 2014 

No problem.

Just keep in mind that with the RE processing flow data, you can quickly
kill your RE if your sampling rate is too low.  1:1 sampling with the MX
isn't as problematic since it's processed by the PFE.

--tc


On Thu, Aug 21, 2014 at 10:47 AM, Scott Granados <scott at granados-llc.net>
wrote:

> This makes sense to me.  Thanks for such a good response I really feel
> like I have a better bead on this now.
>
> Thanks
> Scott
>
> On Aug 21, 2014, at 1:43 PM, Tyler Christiansen <tyler at adap.tv> wrote:
>
> This is platform-dependent.  Some platforms (definitely EX, probably SRX)
> use the RE for processing flow data--so you can use fxp0.  Other platforms
> (MX) use the PFE, which is why fxp0 is not a valid interface.
>
> I did some testing on this a few months ago to confirm that EX switches
> (at least 3200, 3300, 4200, 4500, and 4550) use RE and MX uses PFE.  I
> think I tested our SRX550, too, and saw that it used RE.  I honestly don't
> recall the results of the SRX test, though.
>
> You can find out pretty easily--if you enable it and you can see flow
> traffic using tcpdump on the SRX (or monitor traffic), it's handled by the
> RE.  If you _don't_ see flow data (but you know it's actually being sent),
> it's handled by the PFE.
>
> --tc
>
>
> On Thu, Aug 21, 2014 at 10:09 AM, Scott Granados <scott at granados-llc.net>
> wrote:
>
>> Hi,
>>         So I’m still a bit confused on what can or can’t be used in the
>> flow monitoring processes.  In this case I have an SRX 3600 with a routing
>> instance.  I found a config example that illustrates how to enable flow
>> sampling in this type of environment.  It specifically mentions that you
>> use a source IP with in the global routing table and not the instance.  In
>> my case the only interface I have in the global instance is fxp0.0
>> (management).  I have read in the case of the MX you can’t use the
>> management interface asa flow source.  I haven’t been able to find anything
>> regarding the SRX.  Is FXP0 a valid source for flow monitoring or do I need
>> to create another interface, maybe a loopback, with in the global
>> instance?  Also, is there a good document that details better the
>> limitations of flow monitoring on the SRX.  I’ve found some bits and pieces
>> but nothing centralized.  Any pointers would be most appreciated.
>>
>> Thanks
>> Scott
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
>
> *Tyler Christiansen | Technical Operations*
> tyler <http://adap.tv/>@adap.tv <http://adap.tv/> | www.adap.tv
> *m :* 864.346.4095
>
>
>


-- 

*Tyler Christiansen | Technical Operations*
tyler <http://adap.tv/>@adap.tv <http://adap.tv/> | www.adap.tv
*m :* 864.346.4095

More information about the juniper-nsp mailing list