Junos OS

hardware model:

MPC-3D-16XGE-SFPP

RE-S-X6-64G-S

Junos: 17.3R3-S2.2

show services accounting errors inline-jflow fpc-slot 0
Error information
FPC Slot: 0
Flow Creation Failures: 1857779144
Route Record Lookup Failures: 0, AS Lookup Failures: 0
Export Packet Failures: 12664198
Memory Overload: No, Memory Alloc Fail Count: 0

IPv4:
IPv4 Flow Creation Failures: 1857779144
IPv4 Route Record Lookup Failures: 0, IPv4 AS Lookup Failures: 0
IPv4 Export Packet Failures: 12664198

{master}

 

show configuration services flow-monitoring
version9 {
template template-v4 {
flow-active-timeout 60;
flow-inactive-timeout 120;
template-refresh-rate {
packets 200000;
seconds 10;
}
ipv4-template;
}
}

{master}

 

set chassis fpc 0 sampling-instance instance-1
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 8

 

set forwarding-options sampling instance instance-1 input rate 1
set forwarding-options sampling instance instance-1 family inet output flow-server 192.168.1.1 port 20200
set forwarding-options sampling instance instance-1 family inet output flow-server 192.168.1.1 version9 template template-v4
set forwarding-options sampling instance instance-1 family inet output inline-jflow source-address 192.168.1.2
set forwarding-options sampling instance instance-1 family inet output inline-jflow flow-export-rate 10

Hi xinhui ,


Are you reffering to the increased number of flow creation failures in the below output ? if yes, can you try to increase the flow table size from 8 to maybe 15 and see if you still see the counter increase.

set chassis fpc inline-services flow-table-size ipv4-flow-table-size <>

///

show services accounting errors inline-jflow fpc-slot 0
Error information
FPC Slot: 0
Flow Creation Failures: 1857779144
Route Record Lookup Failures: 0, AS Lookup Failures: 0
Export Packet Failures: 12664198
Memory Overload: No, Memory Alloc Fail Count: 0

IPv4:
IPv4 Flow Creation Failures: 1857779144
IPv4 Route Record Lookup Failures: 0, IPv4 AS Lookup Failures: 0
IPv4 Export Packet Failures: 12664198



Also can you get the below output from fpc 0 shell
start shell pfe network fpc0
# show jnh 0 inline-services flow-table-info


Regards,
Jibu

Hi Xinhui,

 

The following KB talks about the said counter to increment:- "Flow Creation Failures"

   https://kb.juniper.net/KB24393

 

Regards,

Rahul

Hi,

 

Further to the same:-

In MX, PFE performs functions such as creating flows, updating flows, and exporting flow records to a flow collector.

Flow creation failure and Export packet failure are causes of an aggressive inout rate of 1 set in the configuration.

 

For Example:- IF the box recieved DOS packets and the sampling rate is set to 1. Those packets will not be sampled and would be listed under Flow creation failure and hence export failures.

 

-Rahul

I increase rate 1 to 10. then this issue has been fixed. by the way, what's the performance of inline jflow? I also set ipv4 flow table size to 14. thanks so much

Hi Xinhui,

 

Glad you do not see the said behavior now.

Well, I would not term the same as issue but a behavior (working as per design).

 

Further for the ipv4 flow table, thats dependent upon the junos version.

You may check following Knowledge base for more details:-

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30819

 

Regards,

 

Rahul

 

Hi,

 

To add here, usually a typical value of sampling-rate adopted my many customers is 1000, which means every 1000th packet sample is sent for sampling and record creation purpose. A value of 1 or 10 is an agressive one.

 

Thanks

Nischal 

what I mean is, for example, if the sampling rate 1 greater 2g bandwith or 2m pps, then will cause NetFlow to create failed. what's this performance of inline jflow. thanks so much

Hi XInhui,

 

The failure does not point to a performance degrade for netflow.

In a way Sample rate of 1 is not recommended.

 

Try to think :- with sample rate of let us say 1, if the box recieves a 2nd packet which matches the 1st packet (Hence duplicate or a DOS) This 2nd packet will not be sampled and hence the flow create failures.

 

-Rahul