[j-nsp] MX80 JFlow Setup

Andy Litzinger andy.litzinger.lists at gmail.com
Thu Jan 15 12:57:19 EST 2015 

The flow configuration is working as posted-  i was testing this in a
legacy setup and forgot there was another firewall in the path between my
mx80s and my flow collector.

thanks all for the help!

-andy

On Thu, Jan 15, 2015 at 9:44 AM, Andy Litzinger <
andy.litzinger.lists at gmail.com> wrote:

> Hi Scott and all,
>   can you give an example of what i might have to open?  I have a
> reject-all and log statement at the end of my lo0.0 filter and I don't see
> any matches toward my flow-server ip.  I'm also don't understand why an
> input filter on the loopback would impact outbound traffic to my
> flow-server?
>
> I forgot to mentions, but I'm running 13.3R4.6
>
> I am running a tcpdump on my flow-server and no packets have arrived.  It
> seems to me that flows are being captured and exported, even with the
> default template settings:
>
> # run show services accounting flow inline-jflow
>   Flow information
>     TFEB Slot: 0
>     Flow Packets: 5805, Flow Bytes: 3941343
>     Active Flows: 4, Total Flows: 3907
>     Flows Exported: 3457, Flow Packets Exported: 3453
>     Flows Inactive Timed Out: 3204, Flows Active Timed Out: 699
>
> <let a few seconds pass>
>
> # run show services accounting flow inline-jflow
>   Flow information
>     TFEB Slot: 0
>     Flow Packets: 5806, Flow Bytes: 3942763
>     Active Flows: 2, Total Flows: 3907
>     Flows Exported: 3458, Flow Packets Exported: 3454
>     Flows Inactive Timed Out: 3206, Flows Active Timed Out: 699
>
> regards,
>  -andy
>
>
>
> On Thu, Jan 15, 2015 at 6:51 AM, Scott Granados <scott at granados-llc.net>
> wrote:
>
>> You will definitely have to poke a hole in your firewall on your
>> loopback.  Also, make sure the loopback is part of the main routing
>> instance not in another grouting instance, your source until very recent
>> releases has to be in the global table.  Use TCPDump to make sure that flow
>> packets are reaching your collector as well for testing.
>>
>>
>> On Jan 15, 2015, at 12:18 AM, Andy Litzinger <
>> Andy.Litzinger at theplatform.com> wrote:
>>
>> > Yes I do. Sounds like I need to pole a hole?
>> >
>> >
>> >
>> >> On Jan 14, 2015, at 6:14 PM, Eduardo Schoedler <listas at esds.com.br>
>> wrote:
>> >>
>> >> Do you have a firewall in your loopback?
>> >>
>> >> --
>> >> Eduardo
>> >>
>> >> Em quarta-feira, 14 de janeiro de 2015, Andy Litzinger <
>> >> andy.litzinger.lists at gmail.com> escreveu:
>> >>
>> >>> Levi,
>> >>> did you get this working?  My MX80 appears to be collecting flows,
>> but I
>> >>> don't see any output to my flow server.  The server ip is reachable
>> from my
>> >>> MX 80.
>> >>>
>> >>> # show chassis
>> >>> <snip>
>> >>> tfeb {
>> >>>   slot 0 {
>> >>>       sampling-instance tp-sampling-instance;
>> >>>   }
>> >>> }
>> >>>
>> >>> # show forwarding-options sampling
>> >>> traceoptions {
>> >>>   file ipfix.log size 10k;
>> >>> }
>> >>> instance {
>> >>>   tp-sampling-instance {
>> >>>       input {
>> >>>           rate 1000;
>> >>>       }
>> >>>       family inet {
>> >>>           output {
>> >>>               flow-server <my flow server> {
>> >>>                   port 2055;
>> >>>                   version-ipfix {
>> >>>                       template {
>> >>>                           ipfix-ipv4-template;
>> >>>                       }
>> >>>                   }
>> >>>               }
>> >>>               inline-jflow {
>> >>>                   source-address <my loopback>;
>> >>>               }
>> >>>           }
>> >>>       }
>> >>>   }
>> >>> }
>> >>>
>> >>> # show services
>> >>> flow-monitoring {
>> >>>   version-ipfix {
>> >>>       template ipfix-ipv4-template {
>> >>>           ipv4-template;
>> >>>       }
>> >>>   }
>> >>> }
>> >>>
>> >>> # show interfaces ge-1/0/0
>> >>> <snip>
>> >>> unit 0 {
>> >>>   family inet {
>> >>>       sampling {
>> >>>           input;
>> >>>       }
>> >>>       address <isp-uplink-ip>;
>> >>>   }
>> >>> }
>> >>>
>> >>> # run show services accounting status inline-jflow
>> >>> Status information
>> >>>   TFEB Slot: 0
>> >>>   IPV4 export format: Version-IPFIX, IPV6 export format: Not set
>> >>>   VPLS export format: Not set
>> >>>   IPv4 Route Record Count: 516479, IPv6 Route Record Count: 4
>> >>>   Route Record Count: 516483, AS Record Count: 143756
>> >>>   Route-Records Set: Yes, Config Set: Yes
>> >>>
>> >>> # run show services accounting flow inline-jflow
>> >>> Flow information
>> >>>   TFEB Slot: 0
>> >>>   Flow Packets: 1445, Flow Bytes: 1419455
>> >>>   Active Flows: 22, Total Flows: 935
>> >>>   Flows Exported: 764, Flow Packets Exported: 752
>> >>>   Flows Inactive Timed Out: 623, Flows Active Timed Out: 290
>> >>>
>> >>> regards,
>> >>> -andy
>> >>
>> >> --
>> >> Eduardo Schoedler
>> >> _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>

More information about the juniper-nsp mailing list