It is nice to see calls on Juniper IPFIX support start to roll in. The other day I had a customer call in who was seeing unexpected DSCP values in our netflow network traffic analyzer, many of them were “23456”. This raised the question whether somehow the traffic analysis tool was not deciphering AS numbers correctly or whether it was a Juniper IPFIX problem.
Using Wireshark I was able to prove that these values were displayed in the Netflow dashboard exactly the way they came in to the collector. Apparently, Juniper DSCP reporting is broken because of the hardware vendor. The screen capture to the left of this paragraph illustrates Wireshark confirming that the Juniper JFlow packets were being sent to the collector with AS numbers already being “23456”. It is nice when the problem isn’t for us to fix.
The customer was monitoring JFlow from MX80(s), MX240, EX, and some SRX; the Wireshark pcap was from the MX80 model, and we saw the same problem with the MX240. He contacted Juniper and they confirmed that they have some issues with DSCP reporting. I’m not sure if they have the same problem with Juniper NetFlow or JFlow. Hopefully Juniper IPFIX Problems get resolved quickly.
Troubleshooting this issue made me appreciate our network monitoring software more.
Please feel free to contact us, if you have any question on how to set up your dashboard in the NetFlow, JFlow, or IPFIX analyzer. I hope you enjoyed this blog.