How to configure sflow for Juniper routers and switches

From networkloafers wiki
Jump to: navigation, search


Background

Although Juniper uses the JunOS there are different ways to configure a device to export flow data. Juniper uses the sflow protocol post 2010. Previously juniper used jflow (similar to sflow) to export the flow data. sFlow uses udp and default port of 6343 to send the sampled data. Each datagram provides the version, origination IP, sequence number and number of samples. sFlow is a good way to get an average network traffic (based on sample rate). You should not sample every packet - this could lead to network stability issues, as sampling data happens in the control plain.


MX 80/router configuration

There are a steps in configuring sflow on an MX80. These are outlined below


Configuring sampling


First we need to configure the forwarding-options to define a sample rate (1 packet out of x), destination and port of the flow-server.

start by setting sample rate. The following rate will sample 1 out of 20000 packets. It is important to watch the interface counters for a while. If it takes a day to transmit 20000 packets 1 out of 20000 is not going to provide a good sample. If you have an interface that transmits 2 million packets per second, 20000 would be an aggressive poller.

set forwarding-options sampling input rate 20000


Then we will define a sflow destination server

set forwarding-options sampling family inet output flow-server 127.0.0.1

If you need to change the port (I use the same port as netflow to use only one collector) you would issue the following

set forwarding-options sampling family inet output flow-server 127.0.0.1 port 2055


Configuring firewall filter

We need to build the following firewall filter to sample the data and then accept it. You can add additional options such as count. I will use the name inet_SAMPLE_FW_FILTER and the term named SAMPLE. The term can be a name or number.

set firewall family inet filter inet_SAMPLE_FW_FILTER term SAMPLE then sample


After we sample the data we need to let it pass

set firewall family inet filter inet_SAMPLE_FW_FILTER term SAMPLE then accept


Configuring Interface

The last step in the process is to add the filter to an interface. I will add this to incoming (you can add to outgoing as well)

set interface ge-0/0/0.0 family inet filter input inet_SAMPLE_FW_FILTER


To set this in the direction of output add or change input to output as in

set interface ge-0/0/0.0 family inet filter output inet_SAMPLE_FW_FILTER


All said and done, run a commit check and a commit. wait 15 mintues and verify you have sampled data

commit check
commit


Configuration for EX switches

Sflow on an EX switch is a little easier to configure. One thing to keep in mind is you need to have a virtual layer 3 interface for it to work. It will not work on a mgmt interface. Set an interface via l3-interface in the vlan stanza.

Start the configuration by working in the sflow stanza

edit protocols sflow


In this stanza we need to configure a polling-interval, sample-rate (how many packets out of n to collect), collector and interfaces to sample data from

set polling-interval 15


Set sample rate for ingress. This will sample one packet out of every 20000

set sample-rate ingress 20000


If you want to sample egress, the configuration is a little different. Again this will sample one out of every 20000 packets

set sample-rate egress 20000


Set the sflow collector ip address

set collector 127.0.0.0.1


If you need to change the port you would change it under the collectors address

set collector 127.0.0.1 udp-port 2055 


Set the interface that you would like to sample from.

set interfaces ge-3/1/1.0


All said and done, run a commit check and a commit. wait 15 minutes and verify you have sampled data

commit check
commit
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox