Recently, we had a customer ask us, “does anyone know if vMX supports NetFlow or IPFIX?” They were trying to configure inline sampling, but nothing was coming from the device. Additionally, their collector was reachable through a VFP interface. With this in mind, our support team went to work to see vMX IPFIX support was possible. In this article, I’d like to provide details about the Juniper vMX and information on enabling IPFIX support.

When I first looked into the Juniper vMX, I honestly wasn’t sure what it was. I knew of the MX series routers but didn’t realize they offered a virtualized option. After further reading, it was apparent that the vMX is designed to work within NFV (Network Function Virtualization) environments or to ensure cost-effective service scale-out

The first question I asked myself when this issue came up was, “is Juniper migrating away from J-Flow and moving toward IPFIX?” While the jury is still out on this one, I did realize that vMX IPFIX support is a reality and is relatively easy to configure (for those that don’t care about the nitty gritty and just want the config, keep scrolling to the next section).Juniper MX Series Routers

Now, before I get into the actual configuration, I’d like to provide a bit of back-story regarding the vMX. According to Juniper’s website, the vMX “is a true MX Series 3D Universal Edge Router that is optimized to run as software on x86 servers. It helps service providers and enterprises quickly and economically address their requirements with carrier-class routing and a DevOps style service-focus to the network.” The vMX control plane is powered by Junos, the same operating system that powers the entire MX Series portfolio, and the forwarding plane is powered by vTrio, Juniper’s programmable Trio chipset microcode optimized for execution in x86 environments. With this in mind, is almost seems as though the vMX is trying to compete with Cisco’s 1000v, as it serves the same capabilities of the other devices in the MX series, but at a virtual level. This allows for easier deployment, similar to the Cisco 1000v (both virtual appliances cater to a similar market and solve similar needs).

With the move from J-Flow to IPFIX in the vMX, users can take full advantage of flow technologies, all without sampling. This means that you gain complete visibility in the areas that you’ve deployed the vMX. Additionally, configuring the Juniper vMX is relatively simple, with many helpful guides available to ease deployment. So not only can you deploy the vMX faster, but you can also gain full visibility using your existing NetFlow and IPFIX collector, like Scrutinizer.

Now that I’ve gone over details about the Juniper vMX, below is a very basic configuration example needed to enable vMX IPFIX support.

Configuring vMX IPFIX Support

interfaces {
    ge-0/0/5 {
        unit 0 {
            family inet {
                sampling {
                    input;
                    output;
                }
                address 10.2.2.2/30;
            }
        }
    }
}
forwarding-options {
    sampling {
        input {
            rate 100;
        }
        family inet {
            output {
                flow-server 192.168.100.10 {
                    port 2055;
                    version 5;
                }
            }
        }
    }
}

There are more complex configurations available, depending on your needs. For more details about configuring the vMX, visit Juniper’s knowledge base on the subject. Below is a video to provide even more clarity:

If you have any questions about configuring Juniper vMX IPFIX support, give our support team a call; they would be happy to help.

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related