[j-nsp] Using multiple sources for flows on Logical Systems

Alexander Arseniev arseniev at btinternet.com
Thu Nov 24 16:48:07 EST 2016 

Hello,

What happens if You configure "inline-jflow source-address 2.2.2.2" 
instead of 1.1.1.1?

I bet Your jflow source IP would become 2.2.2.2 and since 2.2.2.2 exists 
in the LS LAB, your collector can recognise these packets carry tfc 
stats from LS LAB.

By the same token, You have to have 1 jflow instance per LS.

Or do I miss something here?

Thx

Alex


On 24/11/2016 19:21, Epafras R Schaden wrote:
>
> Hi Alex,
>
> I tried your suggestion on LAB, but unfortunately it does not work. It 
> appears that the configuration that sets the source-address on the 
> packets outgoing the router to the flow server is the in-line jflow 
> source configuration, and it cannot be configured for each instance.
>
> I’m attaching my configuration to share. If you and other guys have 
> any suggestion I’ll be glad to test.
>
> Thanks
>
> Epafras Schaden
>
> [edit]
>
> epafras at PE1# show services
>
> flow-monitoring {
>
> version-ipfix {
>
>  template flow {
>
> flow-active-timeout 60;
>
> flow-inactive-timeout 30;
>
> template-refresh-rate {
>
> seconds 10;
>
>             }
>
> option-refresh-rate {
>
> seconds 10;
>
>             }
>
>  ipv4-template;
>
>         }
>
>     }
>
> }
>
> [edit]
>
> epafras at PE1# show forwarding-options
>
> sampling {
>
>     input {
>
>         rate 1000;
>
>     }
>
>     instance {
>
>         LAB {
>
> input {
>
> rate 1000;
>
> run-length 0;
>
>             }
>
> family inet {
>
> output {
>
> flow-inactive-timeout 15;
>
> flow-active-timeout 60;
>
> flow-server 50.0.0.254 {
>
> port 63636;
>
> version-ipfix {
>
> template {
>
> flow;
>
> }
>
> }
>
> }
>
> inline-jflow {
>
> source-address 1.1.1.1;
>
>         }
>
> }
>
>             }
>
>         }
>
>     }
>
> }
>
> [edit]
>
> epafras at PE1#
>
> [edit]
>
> epafras at PE1# show interfaces lo0
>
> unit 0 {
>
>     family inet {
>
>         address 1.1.1.1/32;
>
>         address 2.2.2.2/32;
>
>     }
>
> }
>
> epafras at PE1# top show logical-systems FLOW
>
> interfaces {
>
>     ge-0/0/0 {
>
>         unit 200 {
>
> description "LS FLOW - VLAN 200";
>
> vlan-id 200;
>
> family inet {
>
> sampling {
>
> input;
>
>       output;
>
> }
>
> address 200.0.0.254/24;
>
>             }
>
>         }
>
>     }
>
>     ge-0/0/1 {
>
>         unit 201 {
>
> description "LS FLOW - VLAN 201";
>
> vlan-id 201;
>
> family inet {
>
> sampling {
>
> input;
>
> output;
>
> }
>
> address 201.0.0.254/24;
>
>             }
>
>         }
>
>     }
>
>     lo0 {
>
>         unit 1 {
>
> family inet {
>
> address 2.2.2.2/32;
>
>             }
>
>         }
>
>     }
>
> }
>
> forwarding-options {
>
>     sampling {
>
>         family inet {
>
> output {
>
> flow-server 50.0.0.254 {
>
> port 63636;
>
> source-address 2.2.2.2;
>
> }
>
>             }
>
>         }
>
>     }
>
> }
>
> Results on FLOW SERVER. Flows from traffic passing thought L.S. FLOW
>
> 17:16:15.272367 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.273342 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.273350 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.273352 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.274376 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.274386 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.274389 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.275262 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.275268 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.275271 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.276368 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 190
>
> 17:16:15.276374 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.276376 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.277367 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.277381 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.278324 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
>
> 17:16:15.278333 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.279348 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.280349 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 445
>
> 17:16:15.281303 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
>
> 17:16:15.286309 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
>
> 17:16:15.288257 IP 1.1.1.1.50101 > 50.0.0.254.63636: UDP, length 105
>
> *From: *Alexander Arseniev <arseniev at btinternet.com>
> *Date: *Wednesday, 23 November 2016 11:06
> *To: *Epafras R Schaden <epafras.schaden at gmail.com>, J-NSP List 
> <juniper-nsp at puck.nether.net>
> *Subject: *Re: [j-nsp] Using multiple sources for flows on Logical Systems
>
> Hello,
>
> Have You tried to duplicate Your LS IP on master system lo0.0, and 
> explicitly set "source-address" for each LS-mapped Jflow instance to 
> be one of these duplicated IPs?
>
> if You worry about leaking these IP to Your IGP, then JUNOS has tools 
> to selectively disallow lo0.0 IP into IGP.
>
> Thanks
> Alex
>
> On 23/11/2016 11:51, Epafras R Schaden wrote:
>
>     Hello All,
>
>       
>
>     We have an MX480 configured to export IPFIX flows to a server. Now, we have created some Logical Systems on the router to provide something like a “virtual router” to some of our customers on this location.
>
>       
>
>     I have now configured some of those instances to export flows to the same flow server, but the objective is to monitor each logical system as a different router. But, I realized that all flows are going with the same “source router” and is the master instance source address, as explained in the documentation bellow:
>
>       
>
>     https://kb.juniper.net/InfoCenter/index?page=content&id=KB27035&actp=search#oVDDK8SlxYPs227b.97
>
>       
>
>     http://www.juniper.net/documentation/en_US/junos16.1/topics/example/active-monitoring-on-logical-systems-configuring.html
>
>       
>
>     The question is, has anyone had this claim yet? Is there any way to configure the router to send the flows with different source addresses per logical system?
>
>       
>
>     Any help will be appreciated.
>
>       
>
>     Thanks
>
>       
>
>     Epafras Schaden
>
>     Sunnyvale Networks.
>
>     _______________________________________________
>
>     juniper-nsp mailing listjuniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
>
>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>

More information about the juniper-nsp mailing list