Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » NetFlow » Sample Netflow configuration for Juniper MX routers
Trace: Sample Netflow configuration for Juniper MX routers
netflow:junipermx

Table of Contents

Sample Netflow configuration for Juniper MX routers

Here is a minimal configuration for Juniper MX Netflow/J-Flow

The setup

  • Trisul Network Analytics is installed on IP 10.10.100.100
  • The router IP is 20.20.200.200
  • We want to enable IPFIX , alternately you can use Netflow-v9
  • Sample rate is 1024
  • Enable ingress/egress netflow on ge-0/0/0

Step 1: Attach sampler trisul_sampling to FPC

FPC(Flexible PIC Concentrator) is a part of the packet forwarding engine. Previously you needed a dedicated MS-MIC or MS-PIC cards. 

set chassis fpc 0 sampling-instance trisul_sampling

Step 2: Configure sampler trisul_sampling

Create a sampler named trisul_sampling and set it to 1024, add the flow server IP 

set forwarding-options sampling instance trisul_sampling input rate 1024
set forwarding-options sampling instance trisul_sampling family inet output flow-server 10.10.100.100 port 2055
set forwarding-options sampling instance trisul_sampling family inet output flow-server 10.10.100.100 version-ipfix template trisul_template 
set forwarding-options sampling instance trisul_sampling family inet output inline-jflow source-address 20.20.200.200

Step 3: Configure the Template

Name of template is trisul_template, specify timeouts and IPv4 IPv6 here 

set services flow-monitoring version-ipfix template trisul_template flow-active-timeout 300
set services flow-monitoring version-ipfix template trisul_template flow-inactive-timeout 60
set services flow-monitoring version-ipfix template trisul_template template-refresh-rate seconds 60
set services flow-monitoring version-ipfix template trisul_template option-refresh-rate seconds 120
set services flow-monitoring version-ipfix template trisul_template ipv4-template

Step 4: Enable each interface

This samples directly on interface 

set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output

Default Flow table size

By default MX has a very small flow table size of 1K, this can be observed by Trisul as a very slow netflow records / second rate. Go to “Netflow > Flow Sources” then see the Flow records /sec. This happens usually when you are configuring JFlow on a Juniper MX for the first time and are using the default 1K flow table size. Juniper recommends configuring the ipv4-flow-table-size to 4 that means 1M for most cases 1)

Use the following command 

set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 4
set chassis fpc 0 inline-services flow-table-size ipv6-flow-table-size 1

The flow table is used by the FPC to do JFlow (Netflow), due to the low default limit of 1K, the table fills up quickly and most of the new flows are not able to be counted. This results in very low JFlow/Netflow rate because in large networks long lived flows never leave the table and are only subject to active flow timeout.

You can also try to use flex-flow-sizing , this is supposed to automatically scale the flow table. But there are some reports online it does not work as expected on MX204 2)

Perhaps at some point Juniper MX will release with sensible default for ipv4-flow-table-size parameter

Useful debugging

Use the flow errors status commands 

run show services accounting flow inline-jflow fpc-slot 0
run show services accounting errors inline-jflow fpc-slot 0
run show services accounting status inline-jflow fpc-slot 0

References

Active Monitoring - Juniper Docs

MX 204 Configuration Template

Setup Inline JFlow on Juniper MX

1)
https://www.juniper.net/documentation/us/en/software/junos/flow-monitoring/topics/ref/statement/ipv4-flow-table-size.html
2)
https://phabricator.wikimedia.org/T248394
netflow/junipermx.txt · Last modified: 2023/06/21 16:50 by veera