Knowledge Search


×
 

SRX Getting Started - Configure J-Flow

  [KB16677] Show Article Properties


Summary:

This article provides an example of configuring J-Flow on an SRX Series device. For other topics, go to the SRX Getting Started main page.

Symptoms:

Configure an SRX Series device to send J-Flow data. 

Note: This is the J-Flow configuration guide for SRX Series. For a J-Series device example, refer to KB12512 - Setting up J-Flow on a J-series router.

Solution:

This section contains the following:

J-Flow versions 5, 8, and 9 are supported on SRX series devices.
J-Flow version 9 is supported on Junos OS 10.4 for SRX-Branch and 12.1X45-D10 on SRX-HE devices.
    Note: J-Flow version 9 support for chassis clusters is only available for SRX-HE devices.

Refer to the Feature Support Reference for supported versions and platforms, under Diagnostic Tools.

J-Flow does not require a license on SRX devices.

Configuration example for J-Flow versions 5 and 8:

The following procedure provides an example of the J-Flow configuration for versions 5 and 8 (this procedure should also work with NetFlow versions 5 and 8):

  1. Enable sampling on one or more interfaces and specify the direction:
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling output
  2. Specify the sampling rate:

    Caution: Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, the bigger the impact. It is recommended to not use a sampling input rate of 1.

    user@host# set forwarding-options sampling input rate 100     

  3. Specify the UDP port number of the host that is collecting cflowd packets:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2056
    
  4. Specify the version format: 5, 8, or 500 (ASN 500):
    If version 5:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 5
    
    If version 500:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 500
    
    If version 8:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 8
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 aggregation source-destination-prefix caida-compliant
    
  5. Configure the NTP server details:
    user@host# set system ntp server 10.10.10.254
    

Configuration example for J-Flow version 9 for SRX-Branch standalone devices (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650)

Note: SRX Branch chassis clusters do not support use of J-flow version 9

The following procedure provides an example of the J-Flow configuration for version 9:

Note:  For more information about this example, refer to the Application Note.

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling input rate 100
    user@host# set forwarding-options sampling input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be simultaneously configured:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow, so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24

Configuration example for J-Flow version 9 for SRX DataCenter devices (SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800)
 
Note:
SRX DataCenter devices using Jflow9 require use of instance stanza under 'set forwarding-options sampling.'

The following procedure provides an example of the J-Flow configuration for version 9:

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling instance instance1 input rate 100
    user@host# set forwarding-options sampling instance instance1 input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be configured simultaneously:
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling instance instance1 family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24

Application Note

Juniper Flow Monitoring (includes diagrams of how J-Flow works and v9 configuration example)


Technical Documentation

Traffic Sampling, Forwarding, and Monitoring Overview


Note: The Juniper Networks STRM (Security Threat Response Manager) product also processes flow information. For more information, refer to the following link:

http://www.juniper.net/us/en/products-services/security/strm-series/#products

Related Links: