SRX Getting Started - Configure J-Flow

  [KB16677] Show Article Properties


Summary:

This article provides an example of configuring J-Flow on an SRX Series device. For other topics, go to the SRX Getting Started main page.

 

Symptoms:
  • J-Flow versions 5, 8, and 9 are supported on SRX series devices.

  • J-Flow version 9 on stand alone devices is supported as of:

    • SRX Branch devices (SRX1x0, SRX2x0, SRX550, SRX650)

      • Junos 10.4

    • SRX-HE devices (SRX1400, SRX3x00, SRX5x00)

      • Junos 12.1X45-D10

    • SRX3x0 & SRX550M

      • Junos 15.1X49-D30

    • SRX1500, SRX4100, SRX4200, vSRX

      • 15.1X49-D80

    • SRX4600

      • Junos 17.4R1-S1

  • J-Flow version 9 on chassis cluster devices as of:

    • SRX-HE devices (SRX1400, SRX3x00, SRX5x00)

      • Junos 12.1X45-D10

    • SRX1500, SRX4100, SRX4200, vSRX

      • Junos 15.1X49-D80

    • SRX4600

      • Junos 17.4R1-S1

  • Refer to the Feature Support Reference for supported versions and platforms, under Diagnostic Tools.

  • J-Flow does not require a license on SRX devices.

 

Solution:

This section contains the following:

 

Configuration Examples

 

Configuration example for J-Flow versions 5 and 8:

The following procedure provides an example of the J-Flow configuration for versions 5 and 8 (this procedure should also work with NetFlow versions 5 and 8):

  1. Enable sampling on one or more interfaces and specify the direction:
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling output
  2. Specify the sampling rate:

    Caution: Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, the bigger the impact. It is recommended to not use a sampling input rate of 1.

    user@host# set forwarding-options sampling input rate 100     
  3. Specify the UDP port number of the host that is collecting cflowd packets:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2056
    
  4. Specify the version format: 5, 8, or 500 (ASN 500):
    If version 5:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 5
    
    If version 500:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 500
    
    If version 8:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 8
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 aggregation source-destination-prefix caida-compliant
    
  5. Configure the NTP server details:
    user@host# set system ntp server 10.10.10.254
    
 

Configuration example for J-Flow version 9 for SRX-Branch standalone devices (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650)

Note: SRX Branch chassis clusters do not support use of J-flow version 9

The following procedure provides an example of the J-Flow configuration for version 9:

Note:  For more information about this example, refer to the Application Note.

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling input rate 100
    user@host# set forwarding-options sampling input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be simultaneously configured:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow, so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24
 

Configuration example for J-Flow version 9 for SRX DataCenter devices (SRX1400, SRX1500, SRX3400, SRX3600, SRX4100, SRX4200, SRX5400, SRX5600, SRX5800)

Note: SRX DataCenter devices using Jflow9 require use of instance stanza under 'set forwarding-options sampling.'

The following procedure provides an example of the J-Flow configuration for version 9:

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling instance instance1 input rate 100
    user@host# set forwarding-options sampling instance instance1 input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be configured on Junos OS version 12.3X48 and lower, but only one collector is supported on 15.1X49 and later:
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling instance instance1 family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24
 

Application Note

Juniper Flow Monitoring (includes diagrams of how J-Flow works and v9 configuration example)

 

Technical Documentation

Traffic Sampling, Forwarding, and Monitoring Overview

 

Modification History:

2019-03-06: Added clarification in step 3 of Datacenter instructions

2019-07-27: Updated document with current products and versions and removed old product references

 

Related Links: