How to configure sflow for Juniper routers and switches
Although Juniper uses the JunOS there are different ways to configure a device to export flow data. Juniper uses the sflow protocol post 2010. Previously juniper used jflow (similar to sflow) to export the flow data. sFlow uses udp and default port of 6343 to send the sampled data. Each datagram provides the version, origination IP, sequence number and number of samples. sFlow is a good way to get an average network traffic (based on sample rate). You should not sample every packet - this could lead to network stability issues, as sampling data happens in the control plain.
MX 80/router configuration
There are a steps in configuring sflow on an MX80. These are outlined below
First we need to configure the forwarding-options to define a sample rate (1 packet out of x), destination and port of the flow-server.
start by setting sample rate. The following rate will sample 1 out of 20000 packets. It is important to watch the interface counters for a while. If it takes a day to transmit 20000 packets 1 out of 20000 is not going to provide a good sample. If you have an interface that transmits 2 million packets per second, 20000 would be an aggressive poller.
set forwarding-options sampling input rate 20000
Then we will define a sflow destination server
set forwarding-options sampling family inet output flow-server 127.0.0.1
If you need to change the port (I use the same port as netflow to use only one collector) you would issue the following
set forwarding-options sampling family inet output flow-server 127.0.0.1 port 2055
Configuring firewall filter
We need to build the following firewall filter to sample the data and then accept it. You can add additional options such as count. I will use the name inet_SAMPLE_FW_FILTER and the term named SAMPLE. The term can be a name or number.
set firewall family inet filter inet_SAMPLE_FW_FILTER term SAMPLE then sample
After we sample the data we need to let it pass
set firewall family inet filter inet_SAMPLE_FW_FILTER term SAMPLE then accept
The last step in the process is to add the filter to an interface. I will add this to incoming (you can add to outgoing as well)
set interface ge-0/0/0.0 family inet filter input inet_SAMPLE_FW_FILTER
To set this in the direction of output add or change input to output as in
set interface ge-0/0/0.0 family inet filter output inet_SAMPLE_FW_FILTER
All said and done, run a commit check and a commit. wait 15 mintues and verify you have sampled data
commit check commit
Configuration for EX switches
Sflow on an EX switch is a little easier to configure. One thing to keep in mind is you need to have a virtual layer 3 interface for it to work. It will not work on a mgmt interface. Set an interface via l3-interface in the vlan stanza.
Start the configuration by working in the sflow stanza
edit protocols sflow
In this stanza we need to configure a polling-interval, sample-rate (how many packets out of n to collect), collector and interfaces to sample data from
set polling-interval 15
Set sample rate for ingress. This will sample one packet out of every 20000
set sample-rate ingress 20000
If you want to sample egress, the configuration is a little different. Again this will sample one out of every 20000 packets
set sample-rate egress 20000
Set the sflow collector ip address
set collector 127.0.0.0.1
If you need to change the port you would change it under the collectors address
set collector 127.0.0.1 udp-port 2055
Set the interface that you would like to sample from.
set interfaces ge-3/1/1.0
All said and done, run a commit check and a commit. wait 15 minutes and verify you have sampled data
commit check commit