Knowledge Search


×
 

[MX] Example - Configuring forwarding-options to send IPFIX to remote flow server inside routing-instance

  [KB28958] Show Article Properties


Summary:

J-Flow version of the Internet Protocol Flow Information Export (IPFIX) configuration is not supported under virtual routing and forwarding (VRF). The flow collector should be reachable through the default routing table (inet.0 or inet6.0). If the flow collector is reachable via a non-default VPN routing and forwarding table (VRF), flow records and templates cannot be exported. This article will provide a workaround to send IPFIX to flow server inside routing-instance.

Symptoms:

 The following setup will demonstrate sample traffic in the routing-instance and send flows to flow server via the same routing-instance.

Routing-instance = INTERNET 
Cause:
 
Solution:

Topology

SERVER ---<ge-1/2/1> VR <ge-1/1/9>---<ge-1/1/11> INTERNET 

<---------------configuration ------------------>

Chassis

set chassis tfeb slot 0 sampling-instance snake

Interfaces

set interfaces ge-1/1/9 unit 0 family inet address 100.101.1.1/30   --> VR interface
set interfaces ge-1/1/11 unit 0 family inet filter input v4-sample
set interfaces ge-1/1/11 unit 0 family inet address 100.101.1.2/30  ---> INTERNET interface
set interfaces ge-1/2/1 unit 0 family inet address 159.10.10.1/30  --> connected to FLOW SERVER in VR instance 
set interfaces lo0 unit 1 family inet address 199.1.1.1/32  ---> INTERNET interface

set firewall family inet filter v4-sample term 1 then count sample-count
set firewall family inet filter v4-sample term 1 then sample
set firewall family inet filter v4-sample term 1 then accept


set services flow-monitoring version-ipfix template ipv4 flow-active-timeout 60
set services flow-monitoring version-ipfix template ipv4 flow-inactive-timeout 60
set services flow-monitoring version-ipfix template ipv4 template-refresh-rate packets 1000
set services flow-monitoring version-ipfix template ipv4 template-refresh-rate seconds 10
set services flow-monitoring version-ipfix template ipv4 option-refresh-rate packets 1000
set services flow-monitoring version-ipfix template ipv4 option-refresh-rate seconds 10
set services flow-monitoring version-ipfix template ipv4 ipv4-template


set forwarding-options sampling instance snake input rate 1
set forwarding-options sampling instance snake family inet output flow-server 159.10.10.2 port 2055  <<<<<<<< server address 
set forwarding-options sampling instance snake family inet output flow-server 159.10.10.2 no-local-dump
set forwarding-options sampling instance snake family inet output flow-server 159.10.10.2 version-ipfix template ipv4
set forwarding-options sampling instance snake family inet output inline-jflow source-address 100.101.1.2 


lab@MX-80# show routing-instances 
INTERNET {
    instance-type vrf;
    interface ge-1/1/11.0;
    interface lo0.1;
    route-distinguisher 100:100;
    vrf-target target:100:100;
    protocols {
        ospf {
            rib-group VRF-to-G;  <<<<<<  exported into Global via rib-groups *** 
            area 0.0.0.0 {
                interface all;
            }
        }
    }
}
VR {
    instance-type virtual-router;
    interface ge-1/1/9.0;
    interface ge-1/2/1.0;  >>>>>>>>> towards flow server 
    protocols {
        ospf {
            area 0.0.0.0 {
                interface all;
            }
        }
    }
}


=================================================

lab# show routing-options
rib-groups {
    VRF-to-G {
        import-rib [ INTERNET.inet.0 inet.0 ];
    }
}

=================================================


lab@MX-80# show routing-instances INTERNET protocols ospf   
rib-group VRF-to-G;
area 0.0.0.0 {
    interface all;
}
=================================================

Note: You can also use a static route for flow server pointing towards routing-instance instead of rib-groups.

Example: set routing-options static route 159.10.10.2/32 next-table INTERNET.inet.0


<--------------- configuration ------------------>


<------------ verification & testing -------------->


lab@MX-80> show route table INTERNET.inet.0 

INTERNET.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

100.101.1.0/30     *[Direct/0] 00:31:53
                    > via ge-1/1/11.0
100.101.1.2/32     *[Local/0] 00:31:53
                      Local via ge-1/1/11.0
159.10.10.0/30     *[OSPF/10] 00:04:48, metric 2
                    > to 100.101.1.1 via ge-1/1/11.0
199.1.1.1/32       *[Direct/0] 00:31:53
                    > via lo0.1
224.0.0.5/32       *[OSPF/10] 00:31:54, metric 1
                      MultiRecv

lab@MX-80> show route table VR.inet.0          

VR.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

100.101.1.0/30     *[Direct/0] 00:31:56
                    > via ge-1/1/9.0
100.101.1.1/32     *[Local/0] 00:31:56
                      Local via ge-1/1/9.0
159.10.10.0/30     *[Direct/0] 00:04:52
                    > via ge-1/2/1.0
159.10.10.1/32     *[Local/0] 00:30:36
                      Local via ge-1/2/1.0
199.1.1.1/32       *[OSPF/10] 00:31:06, metric 1
                    > to 100.101.1.2 via ge-1/1/9.0
224.0.0.5/32       *[OSPF/10] 00:31:57, metric 1
                      MultiRecv

lab@MX-80> show route table inet.0 

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:37:31
                    > to 10.141.227.100 via fxp0.0
10.141.227.0/24    *[Direct/0] 00:37:31
                    > via fxp0.0
10.141.227.80/32   *[Local/0] 22:11:01
                      Local via fxp0.0
159.10.10.0/30     *[OSPF/10] 00:04:58, metric 2  <<<<<<<<<<<<< Flow server route should be present in Global Instance
                    > to 100.101.1.1 via ge-1/1/11.0
                                                            
-

lab@MX-80> ping 199.1.1.1 routing-instance VR rapid count 100 
PING 199.1.1.1 (199.1.1.1): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--- 199.1.1.1 ping statistics ---

lab@MX-80> show firewall 

Filter: __default_bpdu_filter__                                

Filter: v4-sample                                              
Counters:
Name                                                Bytes              Packets
sample-count                                        92492                 1202

<----------- verification & testing -------------->

Related Links: