Blog :: Configuration :: Network Operations :: Security Operations

Juniper IPFIX Support: DSCP Problems

Juniper IPFIXIt is nice to see calls on Juniper IPFIX support start to roll in. The other day I had a customer call in who was seeing unexpected DSCP values in our netflow network traffic analyzer, many of them were “23456”. This raised the question whether somehow the traffic analysis tool was not deciphering AS numbers correctly or whether it was a Juniper IPFIX problem.

Juniper IPFIX DSCPUsing Wireshark I was able to prove that these values were displayed in the Netflow dashboard exactly the way they came in to the collector.  Apparently, Juniper DSCP reporting is broken because of the hardware vendor.   The screen capture to the left of this paragraph illustrates Wireshark confirming that the Juniper JFlow packets were being sent to the collector with AS numbers already being “23456”. It is nice when the problem isn’t for us to fix.

The customer was monitoring JFlow from MX80(s), MX240, EX, and some SRX; the Wireshark pcap was from the MX80 model, and we saw the same problem with the MX240. He contacted Juniper and they confirmed that they have some issues with DSCP reporting.  I’m not sure if they have the same problem with Juniper NetFlow or JFlow. Hopefully Juniper IPFIX Problems get resolved quickly.

Troubleshooting this issue made me appreciate our network monitoring software more.

Network Traffic Monitoring Dashboard
The NetFlow dashboard in our bandwidth monitor provides a more intuitive traffic analysis interface.  Although most network monitoring software today includes a similar presentation, we feel ours provides the best design for root cause analysis. You not only get credible reporting on NetFlow data, but also an organized, and customizable display of network traffic information such that traffic anomalies are easier to detect.

Please feel free to contact us, if you have any question on how to set up your dashboard in the NetFlow, JFlow, or IPFIX analyzer. I hope you enjoyed this blog.