Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] How to use the contrail-flows utility script from a Contrail analytics node

0

0

Article ID: KB31141 KB Last Updated: 12 Sep 2016Version: 1.0
Summary:

This article explains how to use the contrail-flows utility script on a Contrail analytics node to obtain flow information from a Contrail vrouter.

Solution:

When a virtual machine sends or receives IP traffic, the forward and reverse flow entries are setup in the respective vrouter compute nodes.

Contrail-flows is a command line utility that can be executed on a Contrail analytics node. This is used to obtain flow record information generated on a Contrail vrouter (compute node). This utility helps with troubleshooting Contrail user issues related to service chaining, virtual machine to virtual machine communication issues, one virtual network to another virtual network communication issues, etc.

Contrail-flows examples that can be used to check the flows from contrail-analytics node for troubleshooting:
  1. View all active flows over the default period [last 10 minutes]

    contrail-flows

    root@amrut:~# contrail-flows
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.172692 -- Active) UDP default-domain:admin:one:1.1.1.6:54877 ---> default-domain:admin:one:1.1.1.2:53 [DST-VR:10.204.74.23] <1 P (78 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 04fe6c76-d187-4da8-a111-7144e9fdcf88
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.171513 -- Active) UDP default-domain:admin:one:1.1.1.2:53 ---> default-domain:admin:one:1.1.1.6:45245 [DST-VR:10.204.74.23] <0 P (0 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 172a600d-2851-4474-9819-be3648b50794
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:50.445196 -- Active) ICMP default-domain:admin:one:1.1.1.5:48640 ---> default-domain:admin:one:1.1.1.152:0 [DST-VR:10.219.27.5] <4 P (392 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 318fd8a7-9cfd-45bf-8513-cb242cbb11e8
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.171504 -- Active) UDP default-domain:admin:one:1.1.1.6:45245 ---> default-domain:admin:one:1.1.1.2:53 [DST-VR:10.204.74.23] <1 P (79 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 6b822ace-776f-4637-b718-55d798b90188
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:18:03.711668 -- Active) ICMP default-domain:admin:one:1.1.1.5:49152 ---> default-domain:admin:one:1.1.1.152:0 [DST-VR:10.219.27.5] <5 P (490 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 c4b8235f-fb14-4027-a452-8b794d312368
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.172700 -- Active) UDP default-domain:admin:one:1.1.1.2:53 ---> default-domain:admin:one:1.1.1.6:54877 [DST-VR:10.204.74.23] <0 P (0 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 ec7122bf-185f-4230-950c-747d6e9e0cee
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:18:47.637081 -- Active) ICMP default-domain:admin:one:1.1.1.6:49664 ---> default-domain:admin:one:1.1.1.5:0 [DST-VR:10.204.74.23] <29 P (2842 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 0449a43c-ed66-4937-b297-45ecfac7826c

  2. View all the active flows for the last 1 hour

    contrail-flows --last 1h

    root@amrut:~# contrail-flows --last 1h
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:18:47.637081 -- 2016 Sep 05 12:22:15.743083) ICMP default-domain:admin:one:1.1.1.6:49664 ---> default-domain:admin:one:1.1.1.5:0 [DST-VR:10.204.74.23] <29 P (2842 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 0449a43c-ed66-4937-b297-45ecfac7826c
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.172692 -- 2016 Sep 05 12:19:04.698875) UDP default-domain:admin:one:1.1.1.6:54877 ---> default-domain:admin:one:1.1.1.2:53 [DST-VR:10.204.74.23] <1 P (78 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 04fe6c76-d187-4da8-a111-7144e9fdcf88
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.171513 -- 2016 Sep 05 12:19:04.698705) UDP default-domain:admin:one:1.1.1.2:53 ---> default-domain:admin:one:1.1.1.6:45245 [DST-VR:10.204.74.23] <0 P (0 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 172a600d-2851-4474-9819-be3648b50794
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:05.199434 -- 2016 Sep 05 12:16:05.653787) TCP default-domain:admin:one:1.1.1.6:52240 ---> __UNKNOWN__:91.189.88.161:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 19073d8b-6a7b-48bf-a66f-225cb1b1c4d1
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:11.211493 -- 2016 Sep 05 12:16:11.655490) TCP default-domain:admin:one:1.1.1.6:52240 ---> __UNKNOWN__:91.189.88.161:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 2ff17f3e-9b1b-46cb-8239-c2205b35fe87
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:05.199240 -- 2016 Sep 05 12:16:05.653608) TCP default-domain:admin:one:1.1.1.6:48210 ---> __UNKNOWN__:91.189.88.149:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 30715fe0-80b1-416d-8970-cdf7cca6c8ca
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:50.445196 -- 2016 Sep 05 12:19:53.711300) ICMP default-domain:admin:one:1.1.1.5:48640 ---> default-domain:admin:one:1.1.1.152:0 [DST-VR:10.219.27.5] <4 P (392 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 318fd8a7-9cfd-45bf-8513-cb242cbb11e8
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:07.203337 -- 2016 Sep 05 12:16:07.654316) TCP default-domain:admin:one:1.1.1.6:48210 ---> __UNKNOWN__:91.189.88.149:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 45f8ba95-738f-4688-9c84-97354587fd24

  3. View all active flows from a particular source-vn and a particular source-ip, in the last 1h

    contrail-flows --source-vn default-domain:admin:vn1 --source-ip 1.1.1.11 --last 1h

    root@amrut:~# contrail-flows --source-vn default-domain:admin:one --source-ip 1.1.1.6 --last 1h
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:18:47.637081 -- 2016 Sep 05 12:22:15.743083) ICMP default-domain:admin:one:1.1.1.6:49664 ---> default-domain:admin:one:1.1.1.5:0 [DST-VR:10.204.74.23] <29 P (2842 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 0449a43c-ed66-4937-b297-45ecfac7826c
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:16:04.172692 -- 2016 Sep 05 12:19:04.698875) UDP default-domain:admin:one:1.1.1.6:54877 ---> default-domain:admin:one:1.1.1.2:53 [DST-VR:10.204.74.23] <1 P (78 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 04fe6c76-d187-4da8-a111-7144e9fdcf88
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:05.199434 -- 2016 Sep 05 12:16:05.653787) TCP default-domain:admin:one:1.1.1.6:52240 ---> __UNKNOWN__:91.189.88.161:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 19073d8b-6a7b-48bf-a66f-225cb1b1c4d1
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:11.211493 -- 2016 Sep 05 12:16:11.655490) TCP default-domain:admin:one:1.1.1.6:52240 ---> __UNKNOWN__:91.189.88.161:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 2ff17f3e-9b1b-46cb-8239-c2205b35fe87
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:05.199240 -- 2016 Sep 05 12:16:05.653608) TCP default-domain:admin:one:1.1.1.6:48210 ---> __UNKNOWN__:91.189.88.149:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 30715fe0-80b1-416d-8970-cdf7cca6c8ca
    [SRC-VR:chivas/10.204.74.23] ingress drop (2016 Sep 05 12:16:07.203337 -- 2016 Sep 05 12:16:07.654316) TCP default-domain:admin:one:1.1.1.6:48210 ---> __UNKNOWN__:91.189.88.149:80 <1 P (74 B)> : SG:00000000-0000-0000-0000-000000000001 ACL:00000000-0000-0000-0000-000000000001 45f8ba95-738f-4688-9c84-97354587fd24

  4. View all active flows from a particular vrouter compute node

    contrail-flows --vrouter-ip VROUTER_IP
    (Flow records from vrouter IP address )

    root@amrut:~# contrail-flows --vrouter-ip 10.204.74.23
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:37:10.611686 -- 2016 Sep 05 12:40:23.000167) ICMP default-domain:admin:one:1.1.1.5:50688 ---> default-domain:admin:one:1.1.1.152:0 [DST-VR:10.219.27.5] <13 P (1274 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 1b13daf9-9003-4081-a481-9905dedf1152
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:37:33.878217 -- 2016 Sep 05 12:40:36.004198) ICMP default-domain:admin:one:1.1.1.5:51456 ---> default-domain:admin:one:1.1.1.152:0 [DST-VR:10.219.27.5] <3 P (294 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 3a14b73d-89c7-47f1-8cb5-fe39738ea9f6
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:38:11.121842 -- Active) ICMP default-domain:admin:one:1.1.1.5:51968 ---> default-domain:admin:one:1.1.1.152:0 [DST-VR:10.219.27.5] <166 P (16268 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 4986f092-4b0e-4b8c-89f2-8ac1452dfe00
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:37:26.220340 -- 2016 Sep 05 12:40:31.002495) ICMP default-domain:admin:one:1.1.1.6:50944 ---> default-domain:admin:one:1.1.1.5:0 [DST-VR:10.204.74.23] <5 P (490 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 4a9e39d5-8e2b-4607-a5df-8b71097e00cf
    [SRC-VR:chivas/10.204.74.23] ingress pass (2016 Sep 05 12:37:26.220331 -- 2016 Sep 05 12:40:31.002495) ICMP default-domain:admin:one:1.1.1.5:50944 ---> default-domain:admin:one:1.1.1.6:0 [DST-VR:10.204.74.23] <5 P (490 B)> : SG:09db0b48-43c9-4d4f-9762-a96044355ed2 ACL:00000000-0000-0000-0000-000000000001 6de62fe6-b665-4e04-923d-1586e4ab5595

  5. contrail-flows --help provides all possible commands that can be used along with contrail-flows utility

    root@amrut:~# contrail-flows --help
    usage: contrail-flows [-h] [--analytics-api-ip ANALYTICS_API_IP]
    [--analytics-api-port ANALYTICS_API_PORT]
    [--start-time START_TIME] [--end-time END_TIME]
    [--last LAST] [--vrouter VROUTER]
    [--source-vn SOURCE_VN]
    [--destination-vn DESTINATION_VN]
    [--source-ip SOURCE_IP]
    [--destination-ip DESTINATION_IP] [--protocol PROTOCOL]
    [--source-port SOURCE_PORT]
    [--destination-port DESTINATION_PORT] [--action ACTION]
    [--direction {ingress,egress}] [--vrouter-ip VROUTER_IP]
    [--other-vrouter-ip OTHER_VROUTER_IP] [--tunnel-info]
    [--verbose]

Optional arguments:
  • -h, --help show this help message and exit
  • --analytics-api-ip ANALYTICS_API_IP
    IP address of Analytics API Server (default:127.0.0.1)
  • --analytics-api-port ANALYTICS_API_PORT
    Port of Analytics API Server (default: 8081)
  • --start-time START_TIME
    Flow record start time (format now-10m, now-1h) (default: now-10m)
  • --end-time END_TIME Flow record end time (default: now)
  • --last LAST Flow records from last time period (format 10m, 1d) (default: None)
  • --vrouter VROUTER Flow records from vrouter (default: None)
  • --source-vn SOURCE_VN
    Flow records with source virtual network (default: None)
  • --destination-vn DESTINATION_VN
    Flow records with destination virtual network (default: None)
  • --source-ip SOURCE_IP
    Flow records with source IP address (default: None)
  • --destination-ip DESTINATION_IP
    Flow records with destination IP address (default: None)
  • --protocol PROTOCOL Flow records with protocol (default: None)
  • --source-port SOURCE_PORT
    Flow records with source port (default: None)
  • --destination-port DESTINATION_PORT
    Flow records with destination port (default: None)
  • --action ACTION Flow records with action (default: None)
  • --direction {ingress,egress}
    Flow direction (default: ingress)
  • --vrouter-ip VROUTER_IP
    Flow records from vrouter IP address (default: None)
  • --other-vrouter-ip OTHER_VROUTER_IP
    Flow records to vrouter IP address (default: None)
  • --tunnel-info Show flow tunnel information (default: False)
  • --verbose Show internal information (default: False)
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search