Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
4

Junos and Solarwinds

Hi,

I'm trying to get the ipfix on my mx480 and mx960 routers to send this flow to our Solarwinds. Also, I have ex and qfx switches that are configured with sflow.

The mx routers have multiple virtual-router (vrf-lite) instances. The goal is to send this ipfix data via the oob interface (fxp0). The fxp0 is on the master inet.0 table and the tenants has their own route table and interfaces.

Our Solarwinds is reachable via the oob network. At this point, the Solarwinds is not receiving the ipfix and sflow data. However, when I check the sflow and ipfix, it says the sampling is being sent to the Solarwinds server.

Also, do I need to create a forwarding-options for ipfix for each tenant (virtual-router/vrf-lite) to get their interfaces info?

Thanks

13 comments
67% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1

Any way to tcpdump for flows on the solarwinds server interface? Go from there

level 2
CCNA1 point · 2 months ago

i got it!

thanks mate!

level 2
Original Poster1 point · 2 months ago

I did run Wireshark on the server. The sflow is showing up in the capture, but not the ipfix. Even though Wireshark sees the sflow, Solarwinds doesn't.

level 1

Show your config... Are you using inline sampling or a filter?

If you're using inline sampling, you can't export the flow records via fxp0 since the IPFIX packets are generated directly on the PFE, which doesn't have any access to fxp0 (it can only be accessed by the RE). You'll need an in-band route.

See here:

Flow records and templates cannot be exported if the flow collector is reachable through any management interface.

level 2
Original Poster1 point · 2 months ago

I think the config that I have is inline sampling. So it seems like I am stuck with re-based sampling if I wanted to export the flow records via fxp0, is that correct?

What is the advantages and disadvantages of re-based sampling and inline sampling?

level 3

I think the config that I have is inline sampling. So it seems like I am stuck with re-based sampling if I wanted to export the flow records via fxp0, is that correct?

Yes, or you can provide an in-band path to your management network. In recent JunOS, a target routing instance can be specified so it can still remain isolated.

What is the advantages and disadvantages of re-based sampling and inline sampling?

Inline is 1:1 and done on the PFE ('in hardware') so it can support full line-rate traffic and has little CPU overhead. RE sampling punts all sampled packets (1/10000 or whatever factor you choose) to the RE, which then generates the IPFIX. So it's dependent on the RE CPU and will cause additional CPU load there as well as be limited in performance. TBH unless it's for a one-off, I would probably avoid RE sampling entirely.

level 4
Original Poster1 point · 2 months ago

I have multiple virtual-router instances. Do I need to put these config under routing-instance or keep the single config on the default configuration mode?

level 5

None of this config goes under routing-instances even if you're sampling an interface that is inside one. You apply it in the global context (forwarding-options etc.) and in the interface context.

If your collector isn't in inet.0 (as you might want to do if you use an in-band connection to your management network), you set the correct routing-instance in there:

set forwarding-options sampling instance inline family inet output flow-server 1.2.3.4 routing-instance MGMT-VR

level 6
Original Poster1 point · 2 months ago

I am just wondering. Why in Junos would allow you to put this under the routing instance? This is what confusing me.

I would try to implement the re-based for now and keep an eye on it if it will tax the re on my 480 and 960 routers.

Now, on the Solarwinds part. Since the sflow is reaching the Windows server where Solarwinds is installed, Solarwinds is not processing it. I tried port 2055, 6343, 9995 and 9996.

level 7

I am just wondering. Why in Junos would allow you to put this under the routing instance? This is what confusing me.

It won't. That doesn't really make sense, because it's not a routing-related feature.

All it lets you do is use a routing instance to do the route lookup when sending the IPFIX packets.

level 8
Original Poster1 point · 2 months ago

I got the re based working. The thing now is if I need to put an firewall filter on the same interface where the sampling firewall filter is. How do I accomplish this?

level 9

You can accept and sample the same traffic.

level 10
Original Poster1 point · 2 months ago

I realized I can put a then statement with "next term" at the very top on the firewall filter. Do I need to put a sample to the interface output?

Community Details

131k

Subscribers

1.3k

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.