I am having trouble getting flow monitoring to work properly on Juniper MX204. After applying configuration on the router, I can see about 6Mb/s of flow (which is too less) on flow server. It supposes to be Gb/s. I would much appreciate if anyone could help and advise if the following config is correct or not.
set forwarding-options sampling input rate 1024
set forwarding-options sampling instance NFSEN1 input rate 1024
set forwarding-options sampling instance NFSEN1 family inet output flow-server 172.16.1.112 port 2055
set forwarding-options sampling instance NFSEN1 family inet output flow-server 172.16.1.112 version9 template NFSEN1
set forwarding-options sampling instance NFSEN1 family inet output inline-jflow source-address 192.168.1.1set services flow-monitoring version9 template NFSEN1 ipv4-templateset chassis fpc 0 sampling-instance NFSEN1set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 5set interfaces et-0/0/0 unit 0 family inet sampling inputset interfaces et-0/0/0 unit 0 family inet sampling output
Also, from Juniper document, they mention as below
NOTE: Monitoring Services PICs, AS PICs, and Multiservices PICs must be mounted on an Enhanced Flexible PIC Concentrator (FPC) in an M Series or T Series router.
Multiservices DPCs installed in Juniper Networks MX Series 5G Universal Routing Platforms support the same functionality, with the exception of the passive monitoring and flow-tap features.
Does this mean Juniper MX Seriees 5G does not support passive monitoring and flow-tap features?
In this case rate it is configured 1024 which mean 1 out of 1024 packets will be sampled.Rate indicates the sampling rate.
Jflow exports the Flow records to collector. Are you doing high flow scale and the flows are exporting to collector in less rate?
Are you seeing any errors on MX?
Rate 1024 is what I get from our previous router and it was working fine with that value. So you mean if I lower the rate value, more flow would be sent to collector, is that what you suggested?
Here is the output from some show commands
> show services accounting status inline-jflow fpc-slot 0
FPC Slot: 0
IPV4 export format: Version9, IPV6 export format: Not set
VPLS export format: Not set, MPLS export format: Not set
IPv4 Route Record Count: 725062, IPv6 Route Record Count: 0, MPLS Route Record Count: 0
Route Record Count: 725062, AS Record Count: 218394
Route-Records Set: Yes, Config Set: Yes
Service Status: PFE-0: Steady
Using Extended Flow Memory?: PFE-0: No
Flex Flow Sizing ENABLED?: PFE-0: No
IPv4 MAX FLOW Count: 1831940, IPv6 MAX FLOW Count: 1024
VPLS MAX FLOW Count: 1024, MPLS MAX FLOW Count: 1024
> show services accounting flow inline-jflow fpc-slot 0
FPC Slot: 0
Flow Packets: 256950401, Flow Bytes: 189918607240
Active Flows: 36406, Total Flows: 219539779
Flows Exported: 479584424, Flow Packets Exported: 96384248
Flows Inactive Timed Out: 105479689, Flows Active Timed Out: 113646563
Total Flow Insert Count: 105893216
IPv4 Flow Packets: 256950401, IPv4 Flow Bytes: 189918607240
IPv4 Active Flows: 36406, IPv4 Total Flows: 219539779
IPv4 Flows Exported: 479584424, IPv4 Flow Packets exported: 96384248
IPv4 Flows Inactive Timed Out: 105479689, IPv4 Flows Active Timed Out: 113646563
IPv4 Flow Insert Count: 105893216
> show services accounting errors inline-jflow fpc-slot 0
FPC Slot: 0
Flow Creation Failures: 1891898
Route Record Lookup Failures: 344604, AS Lookup Failures: 344604
Export Packet Failures: 1024
Memory Overload: No, Memory Alloc Fail Count: 0
IPv4 Flow Creation Failures: 1891898
IPv4 Route Record Lookup Failures: 344604, IPv4 AS Lookup Failures: 344604
IPv4 Export Packet Failures: 1024
Is there any missing point you could advise?
Thanks and regards,
That throughput for flow packets is reasonable for that sampling rate.
Normally you adjust the sampling rate depending on the flow appliance license limit. So yes, if your flow analysis platform can handle it then you can make the sampling more aggressive.
So in as much as you want to see more flow packets be aware that if the flow rate license is exceeded then those packets would be aggressively dropped as well.
Please see if this helps https://puck.nether.net/pipermail/juniper-nsp/2019-January/036920.html
You have pointed to a link that shows test on an MX960.
Not sure how close MX960 and MX204 are in terms of hardware relevance for jFLOW.
I am also having some issues with flow.
Here is a summary of my hardware:
Hardware inventory:Item Version Part number DescriptionChassis JNP204 [MX204]Routing Engine 0 BUILTIN RE-S-2X00x6CB 0 REV 31 750-069579 JNP204 [MX204]FPC 0 BUILTIN MPCPIC 0 BUILTIN 4XQSFP28 PICPIC 1 BUILTIN 8XSFPP PICPEM 0 REV 03 740-070749 AC AFO 650W PSUPEM 1 REV 03 740-070749 AC AFO 650W PSUFan Tray 0 Fan Tray, Front to Back Airflow - AFOFan Tray 1 Fan Tray, Front to Back Airflow - AFOFan Tray 2 Fan Tray, Front to Back Airflow - AFO
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 4set forwarding-options sampling family inet output flow-server 10.1.1.1 port 2056set forwarding-options sampling family inet output flow-server 10.1.1.1 version 5
However, when I run some show commands, I get the follwoing error:
root@MX204>show services accounting errors inline-jflow fpc-slot 0error: picinfo: connect failed after 5 retries
ANy ideas on how to go about fixing this issue?
Thanks in advance