[j-nsp] Juniper MX Flow Sampling

Niall Donaghy niall.donaghy at geant.org
Tue Sep 20 19:38:18 EDT 2016 

Hi Daniel,

We are running MPC3/4E and MS-MPC, Junos 14.1R5.5 production and 15.1F6.9 in our lab, where we sample inet, inet6 and mpls with
Netflow  v9.
Unfortunately I don't believe what you seek to do is possible, but I cannot conclusively confirm.
I can point you to documentation which refers only to families inet, inet6 and mpls for sampling.

# Junos 15.1F6.9
@mx1.cbg.uk.re0# set forwarding-options sampling family ?
Possible completions:
> inet                 Sample IPv4 packets
> inet6                Sample IPv6 packets
> mpls                 Sample mpls packets

@mx1.cbg.uk.re0# set firewall family bridge filter foo term bar then ?
<sample not listed>

# Interestingly VPLS sampling is possible since Junos 13.2, but I'm not sure of the full limitations, but fundamentally it appears
possible only for IPFIX.
@mx1.cbg.uk.re0 # set firewall family vpls filter foo term bar then sample ?
Possible completions:
  <[Enter]>            Execute this command

Must you sample for analysis, or simply gather traffic volume statistics per-VLAN and on aggregate?
If the latter, SNMP is your best bet.

Kind regards,
Niall

> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Daniel Stephens
> Sent: 20 September 2016 16:39
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Juniper MX Flow Sampling
> 
> Hi all,
> 
> Looking for some assistance with flow sampling on an MX960. I have an MX960 with multiple DPCE-R-4XGE and an MS-DPC card installed
> and running JunOS 13.3R6.5. I am looking for a means of sampling layer 2 traffic on the device and not just routed traffic.
> 
> I have an upstream which is delivering multiple VLANs over a single 10G interface, and only one of these VLANs directly terminates
on this
> MX960 device, while the others use bridge domains to be trunked to other devices where they terminate. I need to sample the
aggregate
> traffic at the port level of all VLANs associated with the circuit, and not just the one which terminates on this device itself.
> 
> The documentation seems to indicate that sampling can only be performed using a filter in family inet, which I cannot do with
vlan-bridge
> encapsulation. Can anyone confirm if this is in fact the case, or if there is a way to sample layer 2 traffic on the platform?
> 
> Thank you,
> Daniel
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list