Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Configure J-Flow

0

0

Article ID: KB16677 KB Last Updated: 26 Jul 2019Version: 20.0
Summary:

This article provides an example of configuring J-Flow on an SRX Series device. For other topics, go to the SRX Getting Started main page.

 

Symptoms:
  • J-Flow versions 5, 8, and 9 are supported on SRX series devices.

  • J-Flow version 9 on stand alone devices is supported as of:

    • SRX Branch devices (SRX1x0, SRX2x0, SRX550, SRX650)

      • Junos 10.4

    • SRX-HE devices (SRX1400, SRX3x00, SRX5x00)

      • Junos 12.1X45-D10

    • SRX3x0 & SRX550M

      • Junos 15.1X49-D30

    • SRX1500, SRX4100, SRX4200, vSRX

      • 15.1X49-D80

    • SRX4600

      • Junos 17.4R1-S1

  • J-Flow version 9 on chassis cluster devices as of:

    • SRX-HE devices (SRX1400, SRX3x00, SRX5x00)

      • Junos 12.1X45-D10

    • SRX1500, SRX4100, SRX4200, vSRX

      • Junos 15.1X49-D80

    • SRX4600

      • Junos 17.4R1-S1

  • Refer to the Feature Support Reference for supported versions and platforms, under Diagnostic Tools.

  • J-Flow does not require a license on SRX devices.

 

Solution:

This section contains the following:

 

Configuration Examples

 

Configuration example for J-Flow versions 5 and 8:

The following procedure provides an example of the J-Flow configuration for versions 5 and 8 (this procedure should also work with NetFlow versions 5 and 8):

  1. Enable sampling on one or more interfaces and specify the direction:
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling output
  2. Specify the sampling rate:

    Caution: Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, the bigger the impact. It is recommended to not use a sampling input rate of 1.

    user@host# set forwarding-options sampling input rate 100     
  3. Specify the UDP port number of the host that is collecting cflowd packets:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2056
    
  4. Specify the version format: 5, 8, or 500 (ASN 500):
    If version 5:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 5
    
    If version 500:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 500
    
    If version 8:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 8
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 aggregation source-destination-prefix caida-compliant
    
  5. Configure the NTP server details:
    user@host# set system ntp server 10.10.10.254
    
 

Configuration example for J-Flow version 9 for SRX-Branch standalone devices (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650)

Note: SRX Branch chassis clusters do not support use of J-flow version 9

The following procedure provides an example of the J-Flow configuration for version 9:

Note:  For more information about this example, refer to the Application Note.

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling input rate 100
    user@host# set forwarding-options sampling input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be simultaneously configured:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow, so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24
 

Configuration example for J-Flow version 9 for SRX DataCenter devices (SRX1400, SRX1500, SRX3400, SRX3600, SRX4100, SRX4200, SRX5400, SRX5600, SRX5800)

Note: SRX DataCenter devices using Jflow9 require use of instance stanza under 'set forwarding-options sampling.'

The following procedure provides an example of the J-Flow configuration for version 9:

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling instance instance1 input rate 100
    user@host# set forwarding-options sampling instance instance1 input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be configured on Junos OS version 12.3X48 and lower, but only one collector is supported on 15.1X49 and later:
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling instance instance1 family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24
 

Application Note

Juniper Flow Monitoring (includes diagrams of how J-Flow works and v9 configuration example)

 

Technical Documentation

Traffic Sampling, Forwarding, and Monitoring Overview

 

Modification History:

2019-03-06: Added clarification in step 3 of Datacenter instructions

2019-07-27: Updated document with current products and versions and removed old product references

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search