SRX

Hi everybody. I'm trying to configure a SRX1400 device in our laboratory to send jflow flow to a collector (nfdump + nfsend in CentOS). This is more or lees the diagram:

Jflow packets have to be sent through fxp0.0 (is this possible?) that's our management network. Below's the configuration that I'm trying to implement:
set forwarding-options sampling input rate 1
set forwarding-options sampling input run-length 0
set forwarding-options sampling family inet output flow-server 10.16.130.205 port 9996
set forwarding-options sampling family inet output flow-server 10.16.130.205 aggregation destination-prefix
set forwarding-options sampling family inet output flow-server 10.16.130.205 source-address 10.16.130.24
set forwarding-options sampling family inet output flow-server 10.16.130.205 version 8
set interfaces ge-0/0/0 unit 1 family inet sampling input
set interfaces ge-0/0/0 unit 1 family inet sampling output

As I'm not receiving any information I've checked traffic in eth0 server's interface. I've run a tcpdump capture with fw source address but I'm only getting ARP requests... I can ping the server from the firewall so end to end connectivity is ok but I'm not receiving the flows.

Could anybody please help me with this? 

Regards,

Luis

Hi Folks,

Please find some pointers in enabling sampling in srx device,

SRX Getting Started - Configure J-Flow

https://kb.juniper.net/InfoCenter/index?page=content&id=kb16677

Hi Python,

Thanks for your answer. I already used the configuration of that knowledge base article but it doesn't work... Do you know if I can "route" netflow traffic on my fxp0.0 interface?

Regards,

Luis

Just for the record now that I've created a new interface on the SRX1400 I can send Jflow traffic with the configuration that Python sent me to check. It seems netflow is not "routable" through fxp0.0 interface so I changed it to another interface and it works. The problem now is that I'm receiving the following error in nfsen:

Dec 20 17:15:25 localhost sfcapd[1853]: SFLOW: unexpected datagram version number#012 (source IP = X.X.X.X) 00-09-00-03-<*>-5A-8D-80-1F-5A-3A-8B-49-00-00-00-07-01#01200-00-00-00-01-00-18-01-00-00-04-00-08-00-01-00#01200-00-23-00-01-00-22-00-04-00-00-01-00-00-0C-02#01200-00-00-64-00-00-00-00-00-00-5C-01-04-00-15-00#01208-00-04-00-0C-00-04-00-05-00-01-00-04-00-01-00#01207-00-02-00-0B-00-02-00-20-00-02-00-0A-00-04-00#01209-00-01-00-0D-00-01-00-10-00-04-00-11-00-04-00#01212-00-04-00-06-00-01-00-0E-00-04-00-0F-00-04-00#01201-00-04-00-02-00-04-00-16-00-04-00-15-00-04-00
Dec 20 17:15:25 localhost sfcapd[1853]: SFLOW: caught exception: 2

Does anyone know why?

I've configured nfsend like this:

%sources = (
    'JuniperSRX'        => { 'port' => '9996', 'IP' => 'X.X.X.X', 'type' => 'sflow', 'col' => '#0000ff' },
    'XR1'               => { 'port' => '9997', 'IP' => 'X.X.X.X', 'type' => 'netflow', 'col' => '#ff0000' },
);

is it sflow or netflow for Juniper???? Does anyone know??? Do i have to export it as version9 or ipfix??

Thanks in advance guys...

 Just for the record if anyone has a similar doubt in the future I leave the final configuration below:

SRX1400

set forwarding-options sampling instance instance1 input rate 100
set forwarding-options sampling instance instance1 input run-length 0
set forwarding-options sampling instance instance1 family inet output flow-server X.X.X.X port 9996
set forwarding-options sampling instance instance1 family inet output flow-server X.X.X.X version9 template ipv4-test
set forwarding-options sampling instance instance1 family inet output inline-jflow source-address X.X.X.X
set services flow-monitoring version9 template ipv4-test ipv4-template

set interfaces ge-0/0/0 unit 1 family inet sampling input
set interfaces ge-0/0/0 unit 1 family inet sampling output

Nfsen

%sources = (
    'JuniperSRX'        => { 'port' => '9996', 'IP' => 'X.X.X.X', 'type' => 'netflow', 'col' => '#0000ff' },
    'ASR1000'               => { 'port' => '9997', 'IP' => 'X.X.X.X', 'type' => 'netflow', 'col' => '#ff0000' },
);

Thanks for your help 

Regards,

Luis