[j-nsp] MX80 JFlow Setup

Scott Granados scott at granados-llc.net
Thu Jan 15 09:51:40 EST 2015 

You will definitely have to poke a hole in your firewall on your loopback.  Also, make sure the loopback is part of the main routing instance not in another grouting instance, your source until very recent releases has to be in the global table.  Use TCPDump to make sure that flow packets are reaching your collector as well for testing.


On Jan 15, 2015, at 12:18 AM, Andy Litzinger <Andy.Litzinger at theplatform.com> wrote:

> Yes I do. Sounds like I need to pole a hole?
> 
> 
> 
>> On Jan 14, 2015, at 6:14 PM, Eduardo Schoedler <listas at esds.com.br> wrote:
>> 
>> Do you have a firewall in your loopback?
>> 
>> --
>> Eduardo
>> 
>> Em quarta-feira, 14 de janeiro de 2015, Andy Litzinger <
>> andy.litzinger.lists at gmail.com> escreveu:
>> 
>>> Levi,
>>> did you get this working?  My MX80 appears to be collecting flows, but I
>>> don't see any output to my flow server.  The server ip is reachable from my
>>> MX 80.
>>> 
>>> # show chassis
>>> <snip>
>>> tfeb {
>>>   slot 0 {
>>>       sampling-instance tp-sampling-instance;
>>>   }
>>> }
>>> 
>>> # show forwarding-options sampling
>>> traceoptions {
>>>   file ipfix.log size 10k;
>>> }
>>> instance {
>>>   tp-sampling-instance {
>>>       input {
>>>           rate 1000;
>>>       }
>>>       family inet {
>>>           output {
>>>               flow-server <my flow server> {
>>>                   port 2055;
>>>                   version-ipfix {
>>>                       template {
>>>                           ipfix-ipv4-template;
>>>                       }
>>>                   }
>>>               }
>>>               inline-jflow {
>>>                   source-address <my loopback>;
>>>               }
>>>           }
>>>       }
>>>   }
>>> }
>>> 
>>> # show services
>>> flow-monitoring {
>>>   version-ipfix {
>>>       template ipfix-ipv4-template {
>>>           ipv4-template;
>>>       }
>>>   }
>>> }
>>> 
>>> # show interfaces ge-1/0/0
>>> <snip>
>>> unit 0 {
>>>   family inet {
>>>       sampling {
>>>           input;
>>>       }
>>>       address <isp-uplink-ip>;
>>>   }
>>> }
>>> 
>>> # run show services accounting status inline-jflow
>>> Status information
>>>   TFEB Slot: 0
>>>   IPV4 export format: Version-IPFIX, IPV6 export format: Not set
>>>   VPLS export format: Not set
>>>   IPv4 Route Record Count: 516479, IPv6 Route Record Count: 4
>>>   Route Record Count: 516483, AS Record Count: 143756
>>>   Route-Records Set: Yes, Config Set: Yes
>>> 
>>> # run show services accounting flow inline-jflow
>>> Flow information
>>>   TFEB Slot: 0
>>>   Flow Packets: 1445, Flow Bytes: 1419455
>>>   Active Flows: 22, Total Flows: 935
>>>   Flows Exported: 764, Flow Packets Exported: 752
>>>   Flows Inactive Timed Out: 623, Flows Active Timed Out: 290
>>> 
>>> regards,
>>> -andy
>> 
>> -- 
>> Eduardo Schoedler
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list