i can't receive flows from my router

Hello,
i've configured netflow on my router and i've installed and configured a collector on my computer sot that i receive the IP flows from the router.
The collector that i use is flow-tools. But when i run it, i get nothing from the router.
Please help
Thanks

Find more posts tagged with

Comments

Aldur

which router, which version of Junos, and which type of flow collecting? And can you post your config?

bloomingdals

thanks for replying
- router: Juniper MX5
- version: Junios 11.4
- protocol: Jflow sampling
- the configuration i used is the folllowing:

[COLOR=#1F497D]set forwarding-options sampling input rate 100[/COLOR]
 [COLOR=#1F497D]set forwarding-options sampling family inet output flow-server 10.27.1.2 port 9996[/COLOR]
 [COLOR=#1F497D]set forwarding-options sampling family inet output flow-server 10.27.1.2 autonomous-system-type peer[/COLOR]
 [COLOR=#1F497D]set forwarding-options sampling family inet output flow-server 10.27.1.2 source-address 10.53.3.150[/COLOR]
 [COLOR=#1F497D] [/COLOR]
 [COLOR=#1F497D]set firewall filter all term all then sample[/COLOR]
 [COLOR=#1F497D] [/COLOR]
 [COLOR=#1F497D]set interfaces ge-1/1/9 unit 1074 family inet filter input all[/COLOR]

 [COLOR=#1F497D]set interfaces ge-1/1/9 unit 1074 family inet filter output all[/COLOR]

i have used nfdump as a collector in my linux machine. But when i run it i receive nothing.
Thank you again. I hope you can help

Aldur

I don't think you can do standard Jflow sampling (v5, v8, v9) on a mx5. You must do inline Jflow (v10). Review the following docs, they should be of help. Also, know that as far as configuring inline Jflow, you should configure an mx5 like an mx80.

Configuring Inline Flow Monitoring on MX80 Routers - Technical Documentation - Support - Juniper Networks
Configuring Inline Flow Monitoring - Technical Documentation - Support - Juniper Networks

HTH

bloomingdals

It's working, apprently the problem came from the firewall.
I have a question though. Why do juniper use sampling to configure JFlow? Why not export the flows directly whithout sampling int?
I don't understand the importance of sampling IP traffic before sending it to a collecor.

thanks

Aldur

Cool, glad to hear it's working. And to answer your question you sampling just collects the IP header information, that's typically what people want when sending to a collector. You can export the flows directly to the collector without sampling the packets by configure port mirroring. Then the entire packet, not just the header, is sent to the collector.

bloomingdals

Thanks for you explanation. Things are clear now.
While using my collector wich is NFdump by the way, I noticed that the source AS is not correct.
I have only one peer (65030), so in the records captured, obvioulsly, the AS source should be 65030. But it is not.
Howerver, the source IP address is correct (the address of my peer).
When i run show bgp neighbor on the routeur, i get the following result:

Peer: 10.0.5.6+52945 AS 65030  Local: 10.0.5.2+179 AS 65070  // notice that 65030 is my peer as

that's why i don't understand why the src AS is wrong with the collector!!!

thank you

Aldur

huh, I'm at a loss on the collector not showing the correct source AS too. That's some strange behavior there.