Recent disruptions to two undersea internet cables in the Baltic Sea have yet again...
5.3 Juniper
Juniper flow v5/v9/ipfix
Template configuration
set services flow-monitoring version-[v5,v9,ipfix] template IPv4 ipv4-template
set services flow-monitoring version-[v5,v9,ipfix] template IPv4 template-refresh-rate seconds 60
set services flow-monitoring version-ipfix template IPv4 option-refresh-rate seconds 60
Sampling instance configuration
set forwarding-options sampling instance $instance_name input rate 1024
set forwarding-options sampling instance $instance_name family inet output flow-server $NFA_IP port $flow_port
set forwarding-options sampling instance $instance_name family inet output flow-server $NFA_IP no-local-dump
set forwarding-options sampling instance $instance_name family inet output flow-server $NFA_IP source-address $ROUTER_IP
set forwarding-options sampling instance $instance_name family inet output flow-server $NFA_IP version-ipfix template IPv4
set forwarding-options sampling instance $instance_name family inet output inline-jflow source-address $ROUTER_IP
Associate a sampling instance with the Forwarding Engine Processor:
– For the MX80: set chassis tfeb slot 0 sampling-instance $instance_name
– For the MX104: set chassis afeb slot 0 sampling-instance $instance_name
– For higher series with multiple FPC’s: set chassis fpc 0 sampling-instance $instance_name (check which FPC’s are present in router chassis: show chassis hardware)
Apply sampling to the interface
set interfaces $INTERFACE unit 0 family inet sampling input
set interfaces $INTERFACE unit 0 family inet sampling output
set interfaces $INTERFACE unit 0 family inet6 sampling input
set interfaces $INTERFACE unit 0 family inet6 sampling output
After above is done, check the flow table size:
start shell pfe network fpc0
sh jnh $slot-number inline-services flow-table-info
If output is as below:
Configured IPv4 Flow Table in Unit: 0
Configured IPv6 Flow Table in Unit: 0
Configured VPLS Flow Table in Unit: 0
Configured MPLS Flow Table in Unit: 0
Programmed IPv4 Flow Table Size: 1024
Programmed IPv6 Flow Table Size: 1024
Programmed VPLS Flow Table Size: 1024
Programmed MPLS Flow Table Size: 1024
then Increase table size with units of 256K – default is 4 (1024) –
for IPv4 up to 10;
for IPv6/MPLS/VPLS/BRIDGE if present up to 5. In order to set up these use the following commands:
set chassis fpc $slot-number inline-services flow-table-size ipv4-flow-table-size 10
set chassis fpc $slot-number inline-services flow-table-size ipv6-flow-table-size 5
Important note: Starting from Junos OS Release 16.1R1 and 15.1F2, any changes in the configured size of the flow table do not require a reboot of the FPC.
After executing the output of the command
sh jnh $slot-number inline-services flow-table-info
Output should be:
Configured IPv4 Flow Table in Unit: 10
Configured IPv6 Flow Table in Unit: 5
Configured VPLS Flow Table in Unit: 0
Configured MPLS Flow Table in Unit: 0
Programmed IPv4 Flow Table Size : 2752580
Programmed IPv6 Flow Table Size : 1376290
Programmed VPLS Flow Table Size : 1024
Programmed MPLS Flow Table Size : 1024
Juniper sFlow
set sflow collector $NFA_IP udp-port 6343
set sflow interfaces $interface_name
set sflow polling-interval 60
set sflow sample-rate egress 1000
set sflow source-ip $source_ip_for_Export
set sflow sample-rate ingress 1000