[QFX] Commit error occurs when sflow is enabled on Layer 3 VLAN-tagged interface



Article ID: KB36076 KB Last Updated: 04 Oct 2021Version: 2.0

This article describes the behavior of sflow when it is enabled on Layer 3 VLAN-tagged interface. This is applicable to QFX10k only.


When sflow is enabled on Layer 3 VLAN-tagged interface, the following commit error occurs:

root@QFX10k# show protocols sflow
interfaces et-0/0/2.1;
interfaces et-0/0/2.2;
root@QFX10k# commit
[edit protocols sflow]
'interfaces et-0/0/2.2'
only one ifl is allowed  <---
error: configuration check-out failed

QFX10k is supports sflow on L3 VLAN-tagged interfaces, but does not support enabling sflow on multiple sub interfaces on the same port.


Please configure sflow on one of the sub interfaces for Layer 3 VLAN-tagged interface. Then sflow will be enabled for other sub interfaces as well.

Note: You can enable sflow on any one of the sub interfaces.

Example 1: (resolution to error shown in symptoms above)

root# set protocols sflow interfaces et-0/0/2.1

root# commit
[edit protocols]
    warning: requires 'bgp' license
[edit vlans v10]
    warning: requires 'vxlan' license
commit complete


Example 2:

This example shows the full sflow and interface configuration as a test performed on QFX10002 running Junos 20.4R3.  As shown below, sflow is enabled only on one IFL, perform and collector shows samples for other IFLs as well.

labroot@qfx10002# show protocols sflow | display set
set protocols sflow polling-interval 0
set protocols sflow sample-rate ingress 1
set protocols sflow sample-rate egress 1
set protocols sflow source-ip
set protocols sflow collector
set protocols sflow interfaces et-0/0/1.10 polling-interval 1
labroot@qfx10002# show interfaces et-0/0/1 | display set
set interfaces et-0/0/1 vlan-tagging
set interfaces et-0/0/1 unit 10 vlan-id 10
set interfaces et-0/0/1 unit 10 family inet address
set interfaces et-0/0/1 unit 20 vlan-id 20
set interfaces et-0/0/1 unit 20 family inet address
set interfaces et-0/0/1 unit 30 vlan-id 30
set interfaces et-0/0/1 unit 30 family inet address

Checked the sflow collector and was able to see flow sample for other IFL, et-0/0/1.30.

No.     Time                          Source                Destination           Protocol Length Info
      3 2021-09-15 16:04:50.669752           sFlow    1244   V5, agent, sub-agent ID 0, seq 12225, 6 samples
Frame 3: 1244 bytes on wire (9952 bits), 1244 bytes captured (9952 bits)
Juniper Ethernet
Ethernet II, Src: JuniperN_e8:09:20 (4c:6d:58:e8:09:20), Dst: JuniperN_21:f4:fd (cc:e1:7f:21:f4:fd)
Internet Protocol Version 4, Src:, Dst:
User Datagram Protocol, Src Port: 61550, Dst Port: 6343
InMon sFlow
    Datagram version: 5
    Agent address type: IPv4 (1)
    Agent address:
    Sub-agent ID: 0
    Sequence number: 12225
    SysUptime: 8 days, 4 hours, 22 minutes, 23 seconds (706943708ms)
    NumSamples: 6
    Flow sample, seq 1575
        0000 0000 0000 0000 0000 .... .... .... = Enterprise: standard sFlow (0)
        .... .... .... .... .... 0000 0000 0001 = sFlow sample type: Flow sample (1)
        Sample length (byte): 184
        Sequence number: 1575
        0000 0000 .... .... .... .... .... .... = Source ID class: 0
        .... .... 0000 0000 0000 0010 0000 0001 = Index: 513
        Sampling rate: 1 out of 1 packets
        Sample pool: 1576 total packets
       Dropped packets: 0
        Input interface (ifIndex): 513
        Output interface: 0x00000000
        Flow record: 2
        Raw packet header
            0000 0000 0000 0000 0000 .... .... .... = Enterprise: standard sFlow (0)
            Format: Raw packet header (1)
            Flow data length (byte): 120
            Header protocol: Ethernet (1)
            Frame Length: 106
            Payload removed: 4
            Original packet length: 102
            Header of sampled packet: ec94d599c3e268f38e9cbda08100001e080045000054661d00004001c3790a0a1efe0a0a…
        Extended switch data
            0000 0000 0000 0000 0000 .... .... .... = Enterprise: standard sFlow (0)
            Format: Extended switch data (1001)
            Flow data length (byte): 16
            Incoming 802.1Q VLAN: 30
            Incoming 802.1p priority: 0
            Outgoing 802.1Q VLAN: 0
            Outgoing 802.1p priority: 0
Modification History:
2021-10-04: Updated solution with example 2.

