Configuring Jflow on Juniper SRX

Configuring Jflow on Juniper SRX

 show interfaces ge-0/0/0
unit 0 {
    family inet {
        sampling {
            input;
            output;
        }
        address 192.168.1.1/24;
    }
}
show forwarding-options
sampling {
    input {
        rate 200;
    }
    family inet {
        output {
            flow-server 192.168.1.101 {
                port 2056;
                version 5;
            }
        }
    }
}

Basically Jflow and Netflow are almost identical. Major difference is that Netflow records whole conversation (flow) between hosts. Flow is identified by Source Address, Destination Address, Source Port, Destination Port, IP Protocol, Ingress Interface and IP ToS. If all of these are matched, conversation is identified as flow. This method gives detailed view of network traffic and services.
Unlike Netflow, Jflow samples traffic and sends to collector. It means that it takes every N-th packet, not whole session, thus provided statistics are not accurate. Setting sampling rate correctly is another problem. If your devices are operating under heavy load, setting sampling rate at 1 is bad idea. I have changed sampling rate multiple times to get closer with real statistics.. but, still inaccurate. Keep in mind that configuring sampling rate depends on how much pps and traffic do you have on the device.

This entry was posted in Juniper. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s