Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure sFlow and NetFlow on Junos OS Devices

This topic describes how to configure sFlow and NetFlow on Juniper switches.

Configure sFlow on a Juniper EX or QFX Switch

To configure sFlow on a Juniper EX or QFX series switch, follow these steps:
  1. Access the switch CLI.
    Connect to your Juniper EX or QFX switch through SSH or a console cable. If you are connecting through SSH, use a tool like PuTTY or the built-in SSH client in your terminal. Then enter the switch's IP address, username, and password to log in.
  2. Enter configuration mode.
  3. Configure the sFlow settings.

    Specify the sampling rate, polling interval, and IP address and port of the remote flow collector. For example:

    • AGENT_IP_ADDRESS: IP address of the sFlow agent (typically the switch's management IP address).

    • x.x.x.x: Apstra Flow collector’s IP address.

    • yyyy: Apstra Flow collector's port number.

    • POLLING_INTERVAL: Enter the desired polling interval in seconds (e.g 30 sec.) and desired SAMPLE_RATE (for example, 1024 for 1 in 1024 packets).

    • INTERFACE_NAME: Name of the interface you want to monitor (for example, ge-0/0/0). You can configure multiple interfaces.

  4. Commit and save your changes.
    commit save
  5. Exit configuration mode.

    Type exit to leave configuration mode and return to the Juniper EX or QFX switch CLI.

  6. Verify your configuration by entering the following commend:
    show sflow

    This command displays the sFlow settings you just configured.

Your Juniper EX or QFX series switch will now start exporting sFlow data to the Apstra Flow collector.

Configure Flow Sampling on Juniper Routers

You can configure Juniper routers to export flow records using Netflow v9. The NetFlow version 9 flow template enables you to define a flow record template suitable for IPv4 traffic, IPv6 traffic, MPLS traffic, a combination of IPv4 and MPLS traffic, or peer AS billing traffic.

Note:

We recommend using Netflow v9, rather than IPFIX, for flow export from Juniper devices. IPFIX records from Juniper include only total counters for bytes and packets, rather than the defacto standard delta counters. Most flow collection solutions work better with delta values, which are provided by Juniper devices using Netflow v9.

You can enable both input (ingress) and output (egress) directions.

To configure flow sampling on a Juniper router:

  1. Create an instance, as shown in the following example.
  2. Configure the size of the flow table.

    Starting with Junos OS Release 15.1F2, by default, the software allocates one 1K IPv4 flow table. If desired, you can allocate up to 15 256K IPv4 flow tables using the following command:

    The maximum supported flow table size for a combination of both IPv4 and IPv6 is 15. For example, you can set the flow table size for IPv4 to 10 and set the size for IPv6 to 5.

    Note:

    The flow table size recommended by Juniper is 4 ( 4 x 256K flows), which equates to 1 million flows. You can configure a larger size, however the system will issue a warning message.

    To simplify the sizing of flow tables, the MX series supports a flex-flow-sizing option that does not require a manual sizing between IPv4 tables and IPv6 tables. Rather than using the flow-table-size command, specify the following configuration:

    You can run the following command to determine if flows are being dropped, and to determine if any adjustments to the flow table sizes are required:
  3. Configure the service to extended flow memory. This service provides more scale in flows for inline services sampling.
  4. Add the template configuration for both IPv4 (ipv4-template) and IPv6 (ipv6-template).
    1. Set the flow-active-timeout and flow-inactive-timeout determine how frequently flow records will be sent for metered flows.
    2. Add the vlan-id to the flow-key to include VLAN IDs in both the ingress and egress directions.
  5. Set the rate at which packets will be sampled.
  6. Specify where the flow records should be sent for both IPv4 and IPv6 templates.

    You must specify both the IP address and port number on which the Apstra Flow collector is listening, as well as the flow record version.

  7. Specify the IP address from which the device will send the packets containing the flow records.
  8. Enable sampling for each interface for which traffic should be observed. You can enable both input and output (ingress and egress) directions.
  9. Commit your configuration.

    The Apstra Flow collector must first receive the template records from the Juniper device, after which it will decode and process the version 9 records. After a few minutes, you'll see data in the data platform to which the collector is configured to send it.