Are you looking for Juniper SRX100H NetFlow support and how to configure your SRX series device to export flows? In today’s blog, I’ll be going through a sample JFlow configuration for Juniper SRX series devices.
How to configure Juniper SRX100H JFlow
For starters, let’s begin with a sample JFlow configuration –
###########################################################
forwarding-options
sampling {
input {
rate 1;
run-length 0;
max-packets-per-second 50000;
}
family inet {
output {
flow-active-timeout 60;
flow-server 192.168.33.38 {
port 9996;
}
flow-server 192.168.33.96 {
port 9996;
version 500;
}
}
}
}
}
###########################################################
What do all of those commands mean?
Well, let’s go through each command one by one and define them.
- forwarding-options – This starts the inline JFlow configuration, so that the sampling and the JFlow service thread are implemented in the forwarding engine.
- sampling – Configure the JFlow packet sampling options
- input – If you do not include the input statement, sampling is disabled.
- rate 1 – The rate statement specifies the ratio of packets to be sampled. For example, if you configure a rate of 10, x number of packets out of every 10 is sampled, where x=run-length+1. By default, the rate is 0, which means that no traffic is sampled. A sample rate of 1 provides 1:1 packet sampling, which will log every packet.
- run-length 0 – The run-length statement specifies the number of matching packets to sample following the initial one-packet trigger event. By default, the run-length is 0, which means that no more traffic is sampled after the trigger event. The range is from 0 through 20. Configuring a run length greater than 0 allows you to sample packets following those already being sampled.
- max-packets-per-second 50000 – Threshold of samples per second before dropping. The range is from 0 through 65,535. A value of 0 instructs the Packet Forwarding Engine not to sample any packets. The default value is 1000.
- family inet – IP version 4 (IPv4), options are (inet | inet6 | mpls)
- output – Configure the export of JFlow
- flow-active-timeout 60 – Used to configure the period of time before an active flow is exported, in seconds.
- flow-server 192.168.33.38 – Used to configure the IP address of flow collector server (up to 8 flow collectors can be configured simultaneously)
- port 9996 – UDP port for exporting flows
- version 500 – Specify the version format: 5, 8 or 500 (ASN 500)
What does the JFlow configuration look like in the SRX CLI?
The following image is an excerpt from the JFlow configuration from the SRX100H CLI Editor.
SRX100H NetFlow Support
Now that the JFlow configuration is in place and we can do some reporting and analyzing of the data, here is an anomaly that I noticed.
While reporting on the JFlow exports, I saw that the egress interface (i.e. destination interface) was 0 in the flows that I examined from the device. Basically, the traffic coming in on interface 7 had a destination interface of 0. The traffic coming in on interface 9 had a destination interface of 0. I only had two active interfaces. For this reason, I had to surmise that what came in on interface 7 probably went out interface 9 and what came in interface 9 probably went out interface 7. This may be a bit confusing for the end user but it’s better than no NetFlow reporting at all.
Packet sampling is available with the SRX JFlow configuration, including a 1:1 ratio which we have used in this example. The 1:1 ratio will export every packet, providing the most detailed reporting and flow analytics possible. Our blog on packet sampling will give you more insight into pros and cons of flow sampling technologies.
Other Juniper Flow support
As a side note, the Juniper MX240, MX480, and MX960 devices also now have Juniper IPFIX support, providing even more flexibility in your flow reporting, analytics and troubleshooting options.
So, to get the most out of your Juniper SRX100H NetFlow support (and Juniper MX IPFIX support!), check out our JFlow analyzer for full JFlow reporting and analyzing features.