Knowledge Center Search


 

SRX Getting Started - Configure J-Flow

  [KB16677] Show KB Properties

  [KB16677] Hide KB Properties

Categories:
Knowledge Base ID: KB16677
Last Updated: 13 May 2014
Version: 12.0

Summary:

This article provides an example of configuring J-Flow on an SRX Series device. For other topics, go to the SRX Getting Started main page.

Problem or Goal:

Configure an SRX Series device to send J-Flow data. 

Note: This is the J-Flow configuration guide for SRX Series. For a J-Series device example, refer to KB12512 - Setting up J-Flow on a J-series router.

Cause:

Solution:

This section contains the following:


J-Flow version 5, 8, and 9 are supported on SRX series devices.
    J-Flow version 9 is supported on Junos OS 10.4 for SRX-Branch and 12.1X45-D10 on SRX-HE devices.
    Refer to the Feature Support Reference below for supported versions and platforms, under Diagnostic Tools:

Feature Support Reference


J-Flow does not require a licence on SRX devices.


Configuration example for J-Flow versions 5 and 8:

The following procedure provides an example of the J-Flow configuration for versions 5 and 8 (this procedure should also work with NetFlow versions 5 and 8):

  1. Enable sampling on one or more interfaces and specify the direction:
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling output
  2. Specify the sampling rate:

    Caution: Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, the bigger the impact. It is recommended to not use a sampling input rate of 1.

    user@host# set forwarding-options sampling input rate 100     

  3. Specify the UDP port number of the host that is collecting cflowd packets:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2056
    
  4. Specify the version format: 5, 8, or 500 (ASN 500):
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 5

Configuration example for J-Flow version 9:

The following procedure provides an example of the J-Flow configuration for version 9:

Note:  For more information about this example, refer to the Application Note.

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling input rate 1
    user@host# set forwarding-options sampling input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be simultaneously configured:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow, so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction, on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24

Application Note

Juniper Flow Monitoring (includes diagrams of how J-Flow works and v9 configuration example)

Technical Documentation

Traffic Sampling, Forwarding, and Monitoring Overview


Note: The Juniper Networks STRM (Security Threat Response Manager) product also processes flow information. For more information, refer to the following link:

http://www.juniper.net/us/en/products-services/security/strm-series/#products

Purpose:
Implementation

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.