Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
Expand all | Collapse all

sflow mx204 mgmt_junos

  • 1.  sflow mx204 mgmt_junos

    Posted 03-08-2022 13:05
    Hi

    I've been trying to get sflow going (unsuccesssfully for a while now on our mx204s.

    I would really like to be able to stream from my fxp0 interfaces which is within an mgmt_junos vrf.

    For the purposes of RPKI I can set up a peering session by importing my loopback interface route into mgmt_junos and the route to the RPKI validator into main  (via instance-import referencing policy statements)

    But importing the sflow collector address into main doesn't seem to work. 

    Any suggestions? Or is it is that I can only source sflow from an address on my fpc and out of an fpc interface?

    Thanks in advance,
    Ben

    ------------------------------
    BEN BIGGIE
    ------------------------------


  • 2.  RE: sflow mx204 mgmt_junos

    Posted 03-10-2022 13:15
    I'm trying to do the same thing on an MX by leaking the sFlow subnet route from inet.0 to the mgmt.junos.inet.0 VR with an import RIB-group. However, I keep getting error that I need to create the mgmt.junos routing-instance again. This may be a limitation of using RIB-groups with the management RI. Going to look at FBF and any other methods to accomplish this.


  • 3.  RE: sflow mx204 mgmt_junos

    Posted 03-19-2022 08:18
    I got this working finally. Tried RIB-groups, instance-import and neither seem to work with mgmt.junos.inet.0. I ended up using a next-table static route:
    set routing-instances mgmt_junos routing-options static route <sFlowServerSubnet> next-table inet.0
    Only caveat is that you can't leak a route from mgmt.junos.inet.0 into inet.0 or it will cause a loop.


  • 4.  RE: sflow mx204 mgmt_junos

    Posted 03-22-2022 09:49
    Thanks for that, but I´m confused. 
    If my sflow collector is routeable via my fxp0 interface, which is assigned to the mgmt_junos routing instance, then  surely I need to put a static in the master instance with a next-table of mgmt_junos? (That's the way I got my rpki session working)

    ------------------------------
    BEN BIGGIE
    ------------------------------



  • 5.  RE: sflow mx204 mgmt_junos

    Posted 03-23-2022 10:46
    The  difference on my router is that I'm not running RPKI so no need for the reverse static route. You could try it and see if a loop is created - I was just pointing it out because that is something to be aware of.


  • 6.  RE: sflow mx204 mgmt_junos

    Posted 03-23-2022 15:18
    Sorry, I was confusing the issue; my point was that I got one direction sorted by using a route pointing to the the mgmt_junos.inet.0 table

    So if my RPKI/ rouinator session is running at a.b.c.e and my router's loopback is w.x.y.z

    I have this for my routing-options in the mgmt_junos routing instance:

    routing-options {
        static {
            route 0.0.0.0/0 next-hop a.b.c.254;
            route 10.0.96.13/32 next-hop a.b.c.254;
            route 10.0.96.102/32 next-hop a.b.c.254; 
        }
        instance-import RPKI-BAK;
    }
    description "Management vrf";

    (host specific routes there as I was doing an instance import on the other side initially)

    Policy statemement PRKI-BAK is:
    term rpkibk-yes {
        from {
            instance master;
            route-filter (address of loopback if)/32 exact;
        }
        then accept;
    }
    term rpkibk-no {
        then reject;
    }

    So that gets routers loopback into mgmt_junos OK 

    two lines in master vrf's routing options to point at rpki and sflow collector's address:

        route a.b.c.e/32 next-table mgmt_junos.inet.0;
        route a.b.c.d/32 next-table mgmt_junos.inet.0;

    RPKI works fine. Sflow doesn't

    I can ping a.b.c.d with source address of loopback just fine.

    Thanks for your suggestions



     

     

    Ben Biggie
    Network Architect | GIBFIBRE

    P: +350 22500000

    M: 
    E:  bbiggie@gibfibre.com

     

    Unit 5, Waterport Terraces, North Mole Road, Gibraltar






  • 7.  RE: sflow mx204 mgmt_junos

    Posted 04-05-2022 05:28
    Junos will not allow to do static route to next table in both direction in order to prevent loop.Instead you can so static route in one direction and rib group in the other.

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 8.  RE: sflow mx204 mgmt_junos

    Posted 04-05-2022 18:47
    Wouldnt it the other way round tho ? Should you be leaking the sflow server subnet which is FXPO living in junos_mgmt  into inet ?

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 9.  RE: sflow mx204 mgmt_junos

    Posted 04-06-2022 05:41
    Yes, that is what I'm doing:
    inet.0: 886098 destinations, 1228703 routes (886098 active, 0 holddown, 23 hidden)
    + = Active Route, - = Last Active, * = Both

    10.x.y.z/32 *[Static/5] 2w0d 21:11:57
    to table mgmt_junos.inet.0

    (I think I can share the 1st octect of the sflow server address without requiring an NDA :-)

    ------------------------------
    BEN BIGGIE
    ------------------------------



  • 10.  RE: sflow mx204 mgmt_junos

    Posted 04-06-2022 09:48
    Yea i got the route leaked in the inet with next table junos mgmt .But the traffic is not making out to the collector yet.Would we need to do rib group and leak default route  from inet to mgmt  im thinking.

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 11.  RE: sflow mx204 mgmt_junos

    Posted 04-06-2022 16:37
    i think we need to use rib group  to send default in the mgmt. VRF

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 12.  RE: sflow mx204 mgmt_junos

    Posted 04-05-2022 09:55
    Thanks for the response

    As far as I can see, however, I only need (for sflow purposes) routing in one direction - sflow agent --> Collector.

    I'm wondering whether the issue is that sflowd can only bind to an address on the FPC?


    Ben Biggie
    Network Architect | GIBFIBRE


    P: [ callto:+350%2022500000 | +350 22500000 ]

    M: [ callto:+350%2022500000 ]
    E: [ mailto:bbiggie@gibfibre.com | bbiggie@gibfibre.com ]



    Unit 5, Waterport Terraces, North Mole Road, Gibraltar

    ----- Mensaje original -----
    De: "Ben Biggie" <bbiggie@gibfibre.com>
    Para: JUNIPER-junosos@ConnectedCommunity.org
    Asunto: Re: Junos OS : sflow mx204 mgmt_junos




  • 13.  RE: sflow mx204 mgmt_junos

    Posted 04-05-2022 18:47
    Yes i see what you are saying. I tried to and got my collector route in inet but traffic not making out to the collector

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 14.  RE: sflow mx204 mgmt_junos

    Posted 04-06-2022 16:39
    The Mgmt VRF needs a default route .Rib-Group can be used to achieve that .

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 15.  RE: sflow mx204 mgmt_junos

    Posted 04-06-2022 19:00
    This works for me for fxp0 IP = 10.10.10.5/29 and gateway to management network = 10.10.10.1:
    set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.10.10.1
    No need for RIB-group
    and for Collector IP = 64.64.64.64/24:
    set routing-instances mgmt_junos routing-options static route 64.64.64.0/24 next-table inet.0
    and of course active route to Collector in inet.0


  • 16.  RE: sflow mx204 mgmt_junos

    Posted 04-07-2022 05:42
    Oh i see , Your collector Ip is Public and resides in inet.0

    ------------------------------
    QURAITUL AIN
    ------------------------------



  • 17.  RE: sflow mx204 mgmt_junos

    Posted 04-07-2022 05:42
    Hi,

    So 64.6.4.64.64 from your example is actually routeable via fxp0?  And I'll see traffic going via fxp0?

    If that's the case I must have *totally* misunderstood the use of next-table, in which case thanks for putting me right! I'll start reading.


    ------------------------------
    BEN BIGGIE
    ------------------------------



  • 18.  RE: sflow mx204 mgmt_junos

    Posted 04-07-2022 18:31

    Yes it is routable via fxp0, However, the monitor traffic and traceoptions commands did not show any sFlow packets [not sure if it's a bug with 19.4R3], but my Collector is definitely getting flows from fxp0.

     

    Graphical user interface  Description automatically generated