Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] The IPFIX/JFLOW v9 collector reports 'missed export packets' error

0

0

Article ID: KB33253 KB Last Updated: 08 Nov 2018Version: 1.0
Summary:

An IPFIX/JFLOW v9 collector can raise a false positive 'missed export packets from the exporter' alarm (the exact alarm wording and appearance may vary) for an MX-based exporter once it performs inline IPFIX/JFLOW v9 sampling.

This article does NOT apply to the following scenarios:

  • When the exporter collector packet drops in transit for real, then the collector raises a 'missed export packets from the exporter' alarm.
  • When a non-MX JUNIPER router (e.g. PTX) acts as an inline IPFIX/JFLOW v9 exporter.
 
This article is only applicable when:
  • There is no export packets loss
  • There is no packets reordering along the path and the packets take from an MX router acting as inline IPFIX/JFLOW v9 exporter to a collector, but still raises 'missed export packets from the exporter' alarms.
Symptoms:

The following explanation is for JFLOW v9 and also applies to IPFIX.

According to RFC-3954, 'Cisco Systems NetFlow Services Export Version 9' dictates that:

"5.  Export Packet Format
 5.1.  Header Format

 [...]

    Sequence Number
         Incremental sequence counter of all Export Packets sent from
         the current Observation Domain by the Exporter.  This value
         MUST be cumulative, and SHOULD be used by the Collector to
         identify whether any Export Packets have been missed."


Since Options Template and Options Data are both Export Packets, the above RFC statement implies that their sequence numbers should be from the same sequence number 'space' as Data and Data Template for the same Observation Domain. This means that the sequence field values for the Export Packets exported by the same Exporter for the same Observation Domain must strictly increase once the Export Packets are being issued by the Exporter.

However, MX inline JFLOW v9 implementation does not fully support this sequencing requirement since it uses different Sequence Number spaces for Flow Data and Options Export Packets. This can cause the collector to report a false positive 'missed export packets from the exporter' alarm.

An IPFIX/JFLOW v9 collector reports false positive 'missed export packets from the exporter' alarms when:
  • The exporter is an MX performing inline IPFIX or JFLOW v9

  • The Sequence Number in Flow Data packets increment monotonically as +1 in every packet the MX issues

  • Options Template/Options Data packets the MX issues have the Sequence Number from another space, e.g. the export packets flow can look like this:

    • * Frames 1...8, Data: sequences 49639...49646, expected;

    • * Frame 9, Data Template: sequence 49647, expected;

    • * Frame 10, Options Template: sequence 6985 instead of expected 49648;

    • * Frame 11, Options Data: sequence 6985 instead of expected 49649;

    • * Frame 12, Data: sequence 49647 instead of expected 49650;

    • * Frames 13...20: Data, sequences 49648...49654;

    • * Frame 21, Options Template: sequence 6986.

    • * Etc.

  • A PTX router equipped with the hardware which supports inline IPFIX or JFLOW v9 does not expose this out of Sequence problem once it's sampling the same data and configured just as the MX is.

Cause:

A day-1 limitation of MX inline sampling implementation. PTX does not expose this problem due to a different inline sampling implementation.

Solution:

There is no intent to address this limitation at the flow exporter side (JUNIPER MX). Usually, a flow collector can cope with this Sequence Numbers issue once it is configured for that. It is recommended to use the respective flow collector vendor supporting resources to configure the collector to handle this limitation properly.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search