Welcome to weblogs.com.pk Sign in | Join | Help

Masood Ahmad Shah

This blog contains a summary of my research readings and thoughts in system and network engineering. View Masood Shah's profile on LinkedIn

Syndication

News


Netflow on Juniper Router

On Juniper Router's if you want to sample all traffic, you don't really need a firewall filter, you can use the following simple form:

    ge-0/0/0 {
        unit 0 {
            family inet {
                sampling {
                    input;
                }
            }
        }
    }

Packet sampling can also be done by defining a firewall filter to accept and sample specific traffic, applying that rule to the interface and then configuring the sampling forwarding option. just like...

forwarding-options {
     sampling {
         input {
             family inet {
                 rate 100; /* packet sampling rate */
             }
         }
         output {
             cflowd <flow collector IP address> {
                 port 9991; /* port number */
                 source-address <source IP>;
                 version 5;  /* netflow version number */
             }
             flow-active-timeout 60; /*the tool you're using may want something different */
             }
         }
}


These settings are per-interface:

interfaces {
   <interface> {
    family inet {
   sampling {
    input;
   }
   ...
    }
    ...
      }
     ...
  }

Note: If you want to use Jflow on M Series routers you will have to buy specialised hardware (AS/MS PIC or you can buy an M7i with embedded AS PIC).

One can use Jflow on the RE, but I personally don't reccomend it as you could flood out routing updates etc. Hardware wise you'd probably be best off with one of the new MultiService PICs (PE-MS-100-1 would fit). More info about the MS PICs can be found here: http://www.juniper.net/us/en/local/pdf/datasheets/1000199-en.pdf

With regards to licencing you will need a licence (S-ACCT) for use with AS or MS PICs.

 

Published Wednesday, July 15, 2009 3:42 PM by jahil

Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
required 
(required)