[j-nsp] MX80 JFlow Setup

Andy Litzinger andy.litzinger.lists at gmail.com
Thu Jan 15 12:44:45 EST 2015 

Hi Scott and all,
  can you give an example of what i might have to open?  I have a
reject-all and log statement at the end of my lo0.0 filter and I don't see
any matches toward my flow-server ip.  I'm also don't understand why an
input filter on the loopback would impact outbound traffic to my
flow-server?

I forgot to mentions, but I'm running 13.3R4.6

I am running a tcpdump on my flow-server and no packets have arrived.  It
seems to me that flows are being captured and exported, even with the
default template settings:

# run show services accounting flow inline-jflow
  Flow information
    TFEB Slot: 0
    Flow Packets: 5805, Flow Bytes: 3941343
    Active Flows: 4, Total Flows: 3907
    Flows Exported: 3457, Flow Packets Exported: 3453
    Flows Inactive Timed Out: 3204, Flows Active Timed Out: 699

<let a few seconds pass>

# run show services accounting flow inline-jflow
  Flow information
    TFEB Slot: 0
    Flow Packets: 5806, Flow Bytes: 3942763
    Active Flows: 2, Total Flows: 3907
    Flows Exported: 3458, Flow Packets Exported: 3454
    Flows Inactive Timed Out: 3206, Flows Active Timed Out: 699

regards,
 -andy



On Thu, Jan 15, 2015 at 6:51 AM, Scott Granados <scott at granados-llc.net>
wrote:

> You will definitely have to poke a hole in your firewall on your
> loopback.  Also, make sure the loopback is part of the main routing
> instance not in another grouting instance, your source until very recent
> releases has to be in the global table.  Use TCPDump to make sure that flow
> packets are reaching your collector as well for testing.
>
>
> On Jan 15, 2015, at 12:18 AM, Andy Litzinger <
> Andy.Litzinger at theplatform.com> wrote:
>
> > Yes I do. Sounds like I need to pole a hole?
> >
> >
> >
> >> On Jan 14, 2015, at 6:14 PM, Eduardo Schoedler <listas at esds.com.br>
> wrote:
> >>
> >> Do you have a firewall in your loopback?
> >>
> >> --
> >> Eduardo
> >>
> >> Em quarta-feira, 14 de janeiro de 2015, Andy Litzinger <
> >> andy.litzinger.lists at gmail.com> escreveu:
> >>
> >>> Levi,
> >>> did you get this working?  My MX80 appears to be collecting flows, but
> I
> >>> don't see any output to my flow server.  The server ip is reachable
> from my
> >>> MX 80.
> >>>
> >>> # show chassis
> >>> <snip>
> >>> tfeb {
> >>>   slot 0 {
> >>>       sampling-instance tp-sampling-instance;
> >>>   }
> >>> }
> >>>
> >>> # show forwarding-options sampling
> >>> traceoptions {
> >>>   file ipfix.log size 10k;
> >>> }
> >>> instance {
> >>>   tp-sampling-instance {
> >>>       input {
> >>>           rate 1000;
> >>>       }
> >>>       family inet {
> >>>           output {
> >>>               flow-server <my flow server> {
> >>>                   port 2055;
> >>>                   version-ipfix {
> >>>                       template {
> >>>                           ipfix-ipv4-template;
> >>>                       }
> >>>                   }
> >>>               }
> >>>               inline-jflow {
> >>>                   source-address <my loopback>;
> >>>               }
> >>>           }
> >>>       }
> >>>   }
> >>> }
> >>>
> >>> # show services
> >>> flow-monitoring {
> >>>   version-ipfix {
> >>>       template ipfix-ipv4-template {
> >>>           ipv4-template;
> >>>       }
> >>>   }
> >>> }
> >>>
> >>> # show interfaces ge-1/0/0
> >>> <snip>
> >>> unit 0 {
> >>>   family inet {
> >>>       sampling {
> >>>           input;
> >>>       }
> >>>       address <isp-uplink-ip>;
> >>>   }
> >>> }
> >>>
> >>> # run show services accounting status inline-jflow
> >>> Status information
> >>>   TFEB Slot: 0
> >>>   IPV4 export format: Version-IPFIX, IPV6 export format: Not set
> >>>   VPLS export format: Not set
> >>>   IPv4 Route Record Count: 516479, IPv6 Route Record Count: 4
> >>>   Route Record Count: 516483, AS Record Count: 143756
> >>>   Route-Records Set: Yes, Config Set: Yes
> >>>
> >>> # run show services accounting flow inline-jflow
> >>> Flow information
> >>>   TFEB Slot: 0
> >>>   Flow Packets: 1445, Flow Bytes: 1419455
> >>>   Active Flows: 22, Total Flows: 935
> >>>   Flows Exported: 764, Flow Packets Exported: 752
> >>>   Flows Inactive Timed Out: 623, Flows Active Timed Out: 290
> >>>
> >>> regards,
> >>> -andy
> >>
> >> --
> >> Eduardo Schoedler
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list