[j-nsp] Using the FXP for flow sources

Scott Granados scott at granados-llc.net
Thu Aug 21 13:55:26 EDT 2014


So the interesting thing is I had opened a ticket to ask this same question and I got a totally opposite answer.:)

I guess the best thing to do here is after hours today test out the config and see how it goes.  Else spin up another 3600 in the lab and give it a run through.  Your answer makes a lot more sense to me but that’s me.  I also appreciate the impact of sampling on the RE.  That makes sense since the work isn’t punted to the PFE like in the case of the MX hardware.


On Aug 21, 2014, at 1:53 PM, Tyler Christiansen <tyler at adap.tv<mailto:tyler at adap.tv>> wrote:

No problem.

Just keep in mind that with the RE processing flow data, you can quickly kill your RE if your sampling rate is too low.  1:1 sampling with the MX isn't as problematic since it's processed by the PFE.

--tc


On Thu, Aug 21, 2014 at 10:47 AM, Scott Granados <scott at granados-llc.net<mailto:scott at granados-llc.net>> wrote:
This makes sense to me.  Thanks for such a good response I really feel like I have a better bead on this now.

Thanks
Scott

On Aug 21, 2014, at 1:43 PM, Tyler Christiansen <tyler at adap.tv<mailto:tyler at adap.tv>> wrote:

This is platform-dependent.  Some platforms (definitely EX, probably SRX) use the RE for processing flow data--so you can use fxp0.  Other platforms (MX) use the PFE, which is why fxp0 is not a valid interface.

I did some testing on this a few months ago to confirm that EX switches (at least 3200, 3300, 4200, 4500, and 4550) use RE and MX uses PFE.  I think I tested our SRX550, too, and saw that it used RE.  I honestly don't recall the results of the SRX test, though.

You can find out pretty easily--if you enable it and you can see flow traffic using tcpdump on the SRX (or monitor traffic), it's handled by the RE.  If you _don't_ see flow data (but you know it's actually being sent), it's handled by the PFE.

--tc


On Thu, Aug 21, 2014 at 10:09 AM, Scott Granados <scott at granados-llc.net<mailto:scott at granados-llc.net>> wrote:
Hi,
        So I’m still a bit confused on what can or can’t be used in the flow monitoring processes.  In this case I have an SRX 3600 with a routing instance.  I found a config example that illustrates how to enable flow sampling in this type of environment.  It specifically mentions that you use a source IP with in the global routing table and not the instance.  In my case the only interface I have in the global instance is fxp0.0 (management).  I have read in the case of the MX you can’t use the management interface asa flow source.  I haven’t been able to find anything regarding the SRX.  Is FXP0 a valid source for flow monitoring or do I need to create another interface, maybe a loopback, with in the global instance?  Also, is there a good document that details better the limitations of flow monitoring on the SRX.  I’ve found some bits and pieces but nothing centralized.  Any pointers would be most appreciated.

Thanks
Scott


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp



--
[https://adap.tv/sigs/logo.png]
Tyler Christiansen | Technical Operations
tyler<http://adap.tv/>@adap.tv<http://adap.tv/> | www.adap.tv<http://www.adap.tv/>
m : 864.346.4095




--
[https://adap.tv/sigs/logo.png]
Tyler Christiansen | Technical Operations
tyler<http://adap.tv/>@adap.tv<http://adap.tv/> | www.adap.tv<http://www.adap.tv/>
m : 864.346.4095



More information about the juniper-nsp mailing list