Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] The command 'show services accounting flow' returns no output for RE based jflow (v5 and v8)

0

0

Article ID: KB31573 KB Last Updated: 27 Apr 2017Version: 1.0
Summary:

It is expected behavior for 'show services accounting flow' to not return any output when using routing engine (RE) based jflow (v5 and v8). The MS-PIC based jflow (v5 and v8) will not be affected.

Symptoms:

Example output of MS-PIC based jflow (v5 and v8):

user@host>show services accounting flow
Service Accounting interface: rsp0, Local interface index: 171
Service name: (default sampling)
Interface state: Accounting
  Flow information
    Flow packets: 87168293, Flow bytes: 5578770752
    Flow packets 10-second rate: 45762, Flow bytes 10-second rate: 2928962
    Active flows: 1000, Total flows: 2000
    Flows exported: 19960, Flows packets exported: 582
    Flows inactive timed out: 1000, Flows active timed out: 29000
The output of RE based jflow(v5 and v8):
user@host> show services accounting flow
<<<<<<< no output >>>>>>>
Cause:

The function of obtaining 'show services accounting flow' output is provided by MS-PIC. RE based flow does not use MX-PIC to do sampling, so this command can not get any output

Solution:

Although we cannot get 'show services accounting flow' output when using RE based flow, we can get the flow record by using monitor traffic interface.

Example:

lab@mx480-re0> show firewall
Filter: IPv4-sample
Counters:
Name Packets
flowv5                     7323 <--- flow packets increasing

lab@mx480-re0> monitor traffic interface ge-2/0/5.0 no-resolve size 1500 matching "port 2055" extensive <--- we can see flow record below                                      
Address resolution is OFF.
Listening on ge-2/0/5.0, capture size 1500 bytes
09:42:22.129714 Out
        Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
          Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
          Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
          Device Interface Index Extension TLV #1, length 2, value: 185
          Logical Interface Index Extension TLV #4, length 4, value: 141073
        -----original packet-----
        0c:86:10:23:13:99 > 00:14:f6:26:e0:1f, ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl  64, id 46827, offset 0, flags [none], proto: UDP (17), length: 100) 2.2.2.2.54685 > 200.0.0.2.2055: [udp sum ok] UDP, length 72

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search