Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to configure SRX high end chassis cluster J-flow version 9 when traffic interfaces are in a routing instance

0

0

Article ID: KB28116 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:

This article describes how to configure a SRX high end J-flow version 9 in chassis cluster and routing-instance.

Symptoms:

Customer wants to configure SRX high end chassis cluster J-flow version 9 when traffic interfaces are in a routing instance.

Here is the topology:

                                                                                                      Trust: reth0 10.13.1.150/24
Jflow-server(10.11.11.1) ---------------(jflow: reth2 10.11.11.2) SRX3600-node0 SRX3600-node1 
                                                                                                     Untrust: reth1 10.24.1.150/24

Traffic flows from untrust zone to trust zone with src-ip 10.24.1.100 and dst-ip 10.13.1.200.

Cause:

Solution:

SRX high end supports this scenario. The testing version is Junos OS 12.1X45-D10. Here is the configuration:

root@SRX3600-B# show 
## Last changed: 2013-09-10 03:16:15 UTC
version 12.1X45;
interfaces {
    ge-0/0/0 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-0/0/1 {
        gigether-options {
            redundant-parent reth2;
        }
    }
    ge-0/0/2 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    ge-13/0/0 {                         
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-13/0/1 {
        gigether-options {
            redundant-parent reth2;
        }
    }
    ge-13/0/2 {
        gigether-options {
            redundant-parent reth1;
        }
    }
    fab0 {
        fabric-options {
            member-interfaces {
                ge-0/0/6;
                ge-0/0/7;
            }
        }
    }
    fab1 {                              
        fabric-options {
            member-interfaces {
                ge-13/0/6;
                ge-13/0/7;
            }
        }
    }
    reth0 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                sampling {
                    output;
                }
                address 10.13.1.150/24;
            }
        }
    }
    reth1 {
        redundant-ether-options {
            redundancy-group 1;         
        }
        unit 0 {
            family inet {
                address 10.24.1.150/24;
            }
        }
    }
    reth2 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                address 10.11.11.2/24;
            }
        }
    }
}
forwarding-options {
    sampling {
        instance {
            test-instance {
                input {                 
                    rate 1;
                    run-length 0;
                }
                family inet {
                    output {
                        flow-server 10.11.11.1 {
                            port 2222;
                            version9 {
                                template {
                                    test;
                                }
                            }
                        }
                        inline-jflow {
                            source-address 10.11.11.2;
                        }
                    }
                }
            }
        }
    }
}
security {                              
    policies {
        from-zone trust to-zone untrust {
            policy p1 {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }                       
            }
            interfaces {
                reth1.0;
            }
        }
        security-zone untrust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                reth0.0;
            }
        }
        security-zone jflow {
            host-inbound-traffic {
                system-services {
                    all;
                }                       
                protocols {
                    all;
                }
            }
            interfaces {
                reth2.0;
            }
        }
    }
}
routing-instances {
    test {
        instance-type virtual-router;
        interface reth0.0;
        interface reth1.0;
    }
}
services {
    flow-monitoring {
        version9 {
            template test {
                ipv4-template;
            }                           
        }
    }
}

Please note that the interface which is responsible for sending J-flow packets should be in root VR.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search