Knowledge Search


×
 

SRX Getting Started - Configure J-Flow

  [KB16677] Show Article Properties


Summary:

This article provides an example of configuring J-Flow on an SRX Series device. For other topics, go to the SRX Getting Started main page.

Symptoms:

Configure an SRX Series device to send J-Flow data. 

Note: This is the J-Flow configuration guide for SRX Series. For a J-Series device example, refer to KB12512 - Setting up J-Flow on a J-series router.

Solution:

This section contains the following:

J-Flow versions 5, 8, and 9 are supported on SRX series devices.
J-Flow version 9 is supported on Junos OS 10.4 for SRX-Branch and 12.1X45-D10 on SRX-HE devices.
Note: J-Flow version 9 support for chassis clusters is only available for SRX-HE devices.
Refer to the Feature Support Reference for supported versions and platforms, under Diagnostic Tools.
J-Flow does not require a license on SRX devices.

Configuration example for J-Flow versions 5 and 8:

The following procedure provides an example of the J-Flow configuration for versions 5 and 8 (this procedure should also work with NetFlow versions 5 and 8):

  1. Enable sampling on one or more interfaces and specify the direction:
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/0 unit 0 family inet sampling output
  2. Specify the sampling rate:

    Caution: Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, the bigger the impact. It is recommended to not use a sampling input rate of 1.

    user@host# set forwarding-options sampling input rate 100     
  3. Specify the UDP port number of the host that is collecting cflowd packets:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2056
    
  4. Specify the version format: 5, 8, or 500 (ASN 500):
    If version 5:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 5
    
    If version 500:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 500
    
    If version 8:
    
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version 8
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 aggregation source-destination-prefix caida-compliant
    
  5. Configure the NTP server details:
    user@host# set system ntp server 10.10.10.254
    
 

Configuration example for J-Flow version 9 for SRX-Branch standalone devices (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650)

Note: SRX Branch chassis clusters do not support use of J-flow version 9

The following procedure provides an example of the J-Flow configuration for version 9:

Note:  For more information about this example, refer to the Application Note.

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling input rate 100
    user@host# set forwarding-options sampling input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be simultaneously configured:
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow, so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24

Configuration example for J-Flow version 9 for SRX DataCenter devices (SRX1400, SRX1500, SRX3400, SRX3600, SRX4100, SRX4200, SRX5400, SRX5600, SRX5800)
 
Note:
SRX DataCenter devices using Jflow9 require use of instance stanza under 'set forwarding-options sampling.'

The following procedure provides an example of the J-Flow configuration for version 9:

  1. Configure the J-Flow v9 template (as of now, only the IPv4 template is supported):
    user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
  2. Specify the sampling rate and run length:
    user@host# set forwarding-options sampling instance instance1 input rate 100
    user@host# set forwarding-options sampling instance instance1 input run-length 0
  3. Configure the external flow collector and its port address. The J-Flow v9 template is associated with the external flow collector. Up to eight flow collectors can be configured on Junos OS version 12.3X48 and lower, but only one collector is supported on 15.1X49 and later:
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 port 2222
    user@host# set forwarding-options sampling instance instance1 family inet output flow-server 10.10.10.1 version9 template ipv4-test
  4. Configure the inline-jflow so that the sampling and the J-Flow service thread are implemented in the forwarding engine:
    user@host# set forwarding-options sampling instance instance1 family inet output inline-jflow source-address 10.10.10.10
  5. Configure the sampling filter on an interface (or interfaces) in the direction on which the J-Flow service is required:
    user@host# set interfaces ge-0/0/14 unit 0 family inet sampling input
    user@host# set interfaces ge-0/0/14 unit 0 family inet address 2.2.2.1/24
 

Application Note

Juniper Flow Monitoring (includes diagrams of how J-Flow works and v9 configuration example)

 

Technical Documentation

Traffic Sampling, Forwarding, and Monitoring Overview

 

 

Note: The Juniper Networks STRM (Security Threat Response Manager) product also processes flow information. For more information, refer to the following link:

http://www.juniper.net/us/en/products-services/security/strm-series/#products

Modification History:
2019-03-06: Added clarification in step 3 of the Datacenter instructions.
Related Links: