Manufacturer:  Juniper

Model(s):  Juniper SRX Series

Version(s):

URL:  https://supportportal.juniper.net/s/article/SRX-Getting-Started-Configure-J-Flow?language=en_US

Notes:

  • This article provides an example of configuring J-Flow on an SRX Series device.
  • Symptoms
    • J-Flow versions 5, 8, and 9 are supported on SRX series devices.
    • J-Flow version 9 on standalone devices is supported as of:
      • SRX Branch devices (SRX1x0, SRX2x0, SRX550, SRX650)
        • Junos 10.4
      • SRX-HE devices (SRX1400, SRX3x00, SRX5x00)
        • Junos 12.1X45-D10
      • SRX3x0 & SRX550M
        • Junos 15.1X49-D30
      • SRX1500, SRX4100, SRX4200, vSRX
        • 1X49-D80
      • SRX4600
        • Junos 17.4R1-S1
      • J-Flow version 9 on chassis cluster devices as of:
        • SRX Branch devices (SRX-300/320/340/345/380/550HM)
          • Junos 20.1R1
        • SRX-HE devices (SRX1400, SRX3x00, SRX5x00)
          • Junos 12.1X45-D10
        • SRX1500, SRX4100, SRX4200, vSRX
          • Junos 15.1X49-D80
        • SRX4600
          • Junos 17.4R1-S1

Configuration steps

  1. Enable sampling on one or more interfaces and specify the direction:
user@host# set interfaces ge-0/0/0 unit 0 family inet sampling input
user@host# set interfaces ge-0/0/0 unit 0 family inet sampling output
  1. Specify the sampling rate:

Caution : Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, bigger the impact. It is recommended to not use a sampling input rate of 1.

user@host# set forwarding-options sampling input rate 100
  1. Specify the UDP port number of the host that is collecting cflowd packets:
user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2056
  1. Specify the version format: 5, 8, or 500 (ASN 500):

If version 5:

user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 5

If version 500:

user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 500

If version 8:

user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 8
user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 aggregation source-destination-prefix caida-compliant
  1. Configure the NTP server details:
user@host# set system ntp server 10.10.10.254

Configuration for J-Flow version 9 for SRX-Branch standalone devices (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650)

Note: SRX Branch chassis clusters do not support the use of J-flow version 9.

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  1. Specify the sampling rate and run length:
user@host# set forwarding-options sampling input rate 100
user@host# set forwarding-options sampling input run-length 0
  1. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be simultaneously configured:
user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2222
user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version9 template ipv4-test
  1. Configure the inline-jflow, so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
user@host# set forwarding-options sampling family inet output inline-jflow source-address 10.10.10.10
  1. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24

Configuration for J-Flow version 9 for SRX DataCenter devices (SRX1400, SRX1500, SRX3400, SRX3600, SRX4100, SRX4200, SRX5400, SRX5600, SRX5800)

 

Note: SRX DataCenter devices using Jflow9 require use of instance stanza under ‘set forwarding-options sampling.’

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  1. Specify the sampling rate and run length:
user@host# set forwarding-options sampling instance instance1 input rate 100
user@host# set forwarding-options sampling instance instance1 input run-length 0
  1. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be configured on Junos OS version 12.3X48 and lower, but only one collector is supported on 15.1X49 and later:
user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 port 2222
user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 version9 template ipv4-test
  1. Configure the inline-jflow so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
user@host# set forwarding-options sampling instance instance1 family inet output inline-jflow source-address 10.10.10.10
  1. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24