Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Incorrect NetFlow data on the Collector after router upgrade

0

0

Article ID: KB37003 KB Last Updated: 18 Jun 2021Version: 2.0
Summary:

NetFlow v9 Template should be the first packet sent to the NetFlow collector from the exporter (MX). Sometimes this is not the case, and if so it may lead to incorrect information on the NetFlow Collector.

Symptoms:

After router or FPC restart, Ukern on FPC starts sending NetFlow v9 Template and Data Records towards NetFlow Collector based on the configuration of the MX router. To parse the received Data Records, the NetFlow Collector should have NetFlow Template where the structure of the fields in Data Records is described. In case the NetFlow Collector has already received Template (before the router/FPC restart), it continues parsing the received records (after the router/FPC restart) based on the previously received Template if the new Template is not received yet. However the router restart can be done to upgrade Junos version and after the upgrade the content of NetFlow Data Records can be different. In this case, the NetFlow Collector may still try to parse the received data based on the old Template with unpredictable results (incorrect data entries for example). 

Cause:

The Ukern on FPC (control plane) starts sending NetFlow Template and Data Records via data plane (TRIO chipset for example) as soon as FPC is up. However the first NetFlow packets can be dropped on the data plane due to the lack of routing information on the data plane as the route towards NetFlow Collector can be added a bit later by the routing engine. When the related routing information is added, the data plane starts sending NetFlow packets but most probably these are going to be Data Records. Eventually the Template will be sent towards the Collector but this will happen only after reaching next refresh interval for the Template.

Solution:

To avoid incorrect values, the NetFlow data export can be disabled before the upgrade and enabled after the upgrade.

Another possible solution in the existing feature implementation is to decrease the Template refresh interval. This does not mitigate the issue completely but it decreases the negative effect. The default refresh interval for the template is 10 minutes and can be decreased to 10 seconds. The refresh interval can be changed using the configuration command template-refresh-rate.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search