Move over JFlow, Juniper is now supporting IPFIX.  Juniper IPFIX exports include some neat stuff that we didn’t see in JFlow.  If you are not aware, JFlow is basically a rename of NetFlow.  IPFIX is the proposed standard for NetFlow and is supported by vendors such as Cisco, Citrix, Extreme, nBox, Plixer and SonicWALL. How do you get IPFIX from your Juniper hardware?

Juniper Mx Series IPFIX Support

First of all, Juniper IPFIX only available on the MX240, MX480, and MX960.  Hopefully this added feature will help Juniper’s Growth.  Other vendors that have added IPFIX support include: Cisco, Citrix, Extreme, Ravica nBox, Nortel, Plixer and SonicWALL.

Support for flow monitoring and sampling services are configured inline in the data path, without the need for a services PIC, on MX Series Modular Port Concentrators (MPCs).

IPFIX Commands
To configure IPFIX inline flow monitoring, include the following inline-jflow statements at the hierarchy level:
[edit forwarding-options sampling instance instance-name family inet output]

IPFIX inline sampling uses UDP as the transport protocol.

When you configure IPFIX inline sampling, you must include the version-ipfix statement at the hierarchy level:
[edit forwarding-options sampling instance instance-name family inet output flow-server address]

The version-ipfix statement must also be included at the hierarchy level:
[edit services flow-monitoring]

The following operational commands include new inline fpc keywords to display inline configuration information:

 * show services accounting errors
 * show services accounting flow
 * show services accounting status

When done, our IPFIX reporting tool will display all of the different elements exported in Juniper IPFIX exports.  Reach out to us if you need any help getting this configured to start your network traffic monitoring.

Jake Bergeron author pic

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related

Leave a Reply