close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Getting Started
- Get Started
- Log in to Apstra GUI
- Reset Apstra GUI Admin Password
play_arrow Blueprints
- Blueprints Summaries
- Blueprints Dashboard
- Blueprint-Wide Search
- Create Blueprint
- Delete Blueprint
- play_arrow Tags
play_arrow Blueprint Analytics
- What are Blueprint Analytics
- play_arrow Dashboards
- play_arrow Anomalies
  - Anomalies (Analytics)
- play_arrow Probes
- play_arrow Predefined Reports
- play_arrow Root Causes
  - Root Causes
play_arrow Staged Datacenter Blueprints
- play_arrow Physical
  - play_arrow Build
  - play_arrow Topology
    - Topology (Datacenter)
  - play_arrow Nodes
  - play_arrow Links
    - Links (Datacenter)
    - play_arrow Add Links
    - play_arrow Cabling Map
    - play_arrow Link Speeds
    - play_arrow LAG
    - Change Assigned Link IP Addresses (Datacenter)
    - Update Link Properties
    - Fetch LLDP Data (Datacenter)
    - Delete Link (Datacenter)
  - play_arrow Interfaces
  - play_arrow Racks
  - play_arrow Pods
  - play_arrow Planes
- play_arrow Virtual
  - play_arrow Virtual Networks
  - play_arrow Routing Zones
  - play_arrow Static Routes
    - Static Routes (Virtual)
  - play_arrow Protocol Sessions
    - Protocol Sessions (Virtual)
  - play_arrow Virtual Infrastructure
- play_arrow Policies
  - play_arrow Endpoints
  - play_arrow Security Policies
    - Security Policies
  - play_arrow Interface Policies
    - Interface Policies
  - play_arrow Routing Policies
  - play_arrow Routing Zone Constraints
    - Routing Zone (VRF) Constraints
  - play_arrow Tenants
- play_arrow Data Center Interconnect (DCI)
  - play_arrow Integrated Interconnect
    - Integrated DCI (VXLAN Stitching)
  - play_arrow Over the Top or External Gateways
    - Data Center Interconnect Introduction
    - Data Center Interconnect (DCI) / Remote EVPN Gateways
  - play_arrow Settings
  - Update ESI MAC msb
- play_arrow Catalog
  - play_arrow Logical Devices
    - Export Logical Device
  - play_arrow Interface Maps
    - Import Interface Map
    - Delete Interface Map (Blueprint)
  - play_arrow Property Sets
  - play_arrow Configlets
  - play_arrow AAA Servers
    - AAA Servers (Datacenter Blueprint)
  - play_arrow Tags
- play_arrow Tasks
  - Tasks (Datacenter) Staged
- play_arrow Connectivity Templates
- play_arrow Fabric Settings
  - play_arrow Fabric Policy
  - play_arrow Severity Preferences
    - Update Severity Preferences
play_arrow Staged Freeform Blueprints
- Freeform Introduction
- play_arrow Blueprints
  - Export Freeform Blueprint
- play_arrow Physical
- play_arrow Resource Management
  - Resource Management Introduction (Freeform)
  - play_arrow Blueprint Resources
  - play_arrow Allocation Groups
    - Create Allocation Group (Freeform)
  - play_arrow Local Pools
    - Create Local Pool (Freeform)
    - Create Local Pool Generator (Freeform)
- play_arrow Catalog (Freeform)
  - play_arrow Config Templates
  - play_arrow Device Profiles
    - Import Device Profile (Freeform)
    - Delete Device Profile (Freeform)
  - play_arrow Property Sets
  - play_arrow Tags
- play_arrow Tasks
  - Tasks - Staged (Freeform)
play_arrow Uncommitted Blueprints
- Uncommitted Introduction
- Commit / Revert Changes to Blueprint
play_arrow Active Datacenter Blueprints
- Active (Datacenter Blueprint)
- play_arrow Topology (Active)
- Nodes (Active)
- Links (Active)
- Racks (Active)
- Pods (Active)
- Query
- Anomalies (Service)
play_arrow Time Voyager (Blueprints)
- Time Voyager Introduction
- Roll Back Blueprint Revision
- Keep Blueprint Revision
- Change Number of Saved Blueprint Revisions
- Update Blueprint Revision Description
- Delete Blueprint Revision
play_arrow Devices
- Device Configuration Lifecycle
- What are Managed Devices
- Add Managed Device
- Drain Device Traffic
- Upgrade Device NOS
- Device AAA
- play_arrow Device
- play_arrow Agent
  - What are System Agents
  - Create Onbox Agent
  - Create Offbox Agent
  - Update Agent
  - Uninstall Agent
  - Delete Agent
  - play_arrow Agent Profiles
  - Packages (Devices)
- play_arrow Pristine Config
  - Edit Pristine Config
  - Update Pristine Config from Device
- play_arrow Telemetry
  - Device Telemetry Services
- play_arrow Apstra ZTP
- play_arrow Device Profiles
play_arrow Design
- play_arrow Logical Devices
- play_arrow Interface Maps
- play_arrow Rack Types
- play_arrow Templates
- play_arrow Config Templates (Freeform)
  - Config Templates (Freeform Design)
- play_arrow Configlets (Datacenter)
- play_arrow Property Sets (Datacenter)
- play_arrow TCP/UDP Ports
- play_arrow Tags
play_arrow Resources
- What are Resources
- ASNs
- VNIs
- Integers
- IPv4 Addresses
- IPv6 Addresses
play_arrow Telemetry Analytics
- Analytics Telemetry Services
- Analytics Telemetry Service Registry
- Create Telemetry Service Schema
- Telemetry Collection Statistics
- Telemetry Streaming
- Apstra Telemetry Streaming Plugin for Telegraf
- Route Anomalies for a Host - Example
- Juniper Telemetry Commands
- Cisco Telemetry Commands
- Arista Telemetry Commands
- Linux Server Telemetry Command
- Debugging Telemetry
play_arrow Flow Analytics
- play_arrow Apstra Flow Overview
  - Apstra Flow Introduction
  - System Requirements
- play_arrow Dashboards
  - Apstra Flow Dashboards
- play_arrow Supported Flow Records
- play_arrow Flow Enrichment
- play_arrow Monitor Apstra Flow
  - Metrics
- play_arrow Configuration Reference
- play_arrow API
  - API Endpoints Options
- play_arrow Additional Documentation
- play_arrow Knowledge Base
play_arrow Exploratory Analytics
- QBA Exporatory Interface
play_arrow External Systems
- play_arrow Providers (Not SSO)
- play_arrow SSO Providers
  - SSO Providers (SAML 2.0)
  - Configure SAML 2.0 SSO
- play_arrow Provider Role Mapping
play_arrow Platform
- play_arrow User Management
  - User / Role Management Introduction
  - Platform RBAC
  - play_arrow Users
  - play_arrow Roles
- play_arrow Security
- play_arrow External Services
  - Syslog Configuration (Platform)
- play_arrow Streaming
  - Receivers (Platform)
  - Global Statistics (Platform)
- Event Log (Audit Log)
- Licenses
- play_arrow Apstra Edge
  - Launch Juniper Apstra Cloud Services Edge Docker Containers in Apstra
  - Upgrade to the Auto-updating Edge in Juniper Apstra 5.1
- play_arrow Apstra VM Clusters
- play_arrow Developers
- play_arrow Technical Support
- Check Apstra Versions and Patent Numbers
play_arrow Favorites & User
- Favorites & User
play_arrow Apstra Server Management
- Apstra Server Introduction
- Monitor Apstra Server via CLI
- Restart Apstra Server
- Reset Apstra Server VM Password
- Reinstall Apstra Server
- Apstra Database Overview
- Back up Apstra Database
- Restore Apstra Database
- Reset Apstra Database
- Migrate Apstra Database
- Replace SSL Certificate on Apstra Server with Signed One
- Replace SSL Certificate on Apstra Server with Self-Signed One
- Change Apstra Server Hostname
- FIPS 140-2 Support
play_arrow Apstra CLI Utility
- Install Apstra CLI Utility
- Apstra CLI Commands
play_arrow Guides
- 5-Stage Clos Architecture
- Juniper EVPN Support
- Extensible Telemetry Guide
- Intent-Based Analytics with apstra-cli Utility
- Apstra Streaming Guide
play_arrow References
- play_arrow Feature Matrix
  - Apstra 5.1.0 Feature Matrix
- play_arrow Devices
- Configlet Examples (Design)
- Apstra EVPN Support Addendum
- Apstra Server Configuration File
- Graph
- Juniper Apstra Tech Previews

list Table of Contents

English

Configure sFlow and NetFlow on Junos OS Devices

Release: Juniper Apstra 5.1

date_range 21-Mar-25

arrow_backward

arrow_forward

This topic describes how to configure sFlow and NetFlow on Juniper switches.

Configure sFlow on a Juniper EX or QFX Switch

To configure sFlow on a Juniper EX or QFX series switch, follow these steps:

Access the switch CLI.
Connect to your Juniper EX or QFX switch through SSH or a console cable. If you are connecting through SSH, use a tool like PuTTY or the built-in SSH client in your terminal. Then enter the switch's IP address, username, and password to log in.
Enter configuration mode.
```
configure
```
Configure the sFlow settings.
```
set protocols sflow agent-id AGENT_IP_ADDRESS 
set protocols sflow collector x.x.x.x udp-port yyyy
set protocols sflow polling-interval POLLING_INTERVAL
set protocols sflow sample-rate SAMPLE_RATE
set protocols sflow interfaces INTERFACE_NAME
```
Specify the sampling rate, polling interval, and IP address and port of the remote flow collector. For example:
- AGENT_IP_ADDRESS: IP address of the sFlow agent (typically the switch's management IP address).
- x.x.x.x: Apstra Flow collector’s IP address.
- yyyy: Apstra Flow collector's port number.
- POLLING_INTERVAL: Enter the desired polling interval in seconds (e.g 30 sec.) and desired SAMPLE_RATE (for example, 1024 for 1 in 1024 packets).
- INTERFACE_NAME: Name of the interface you want to monitor (for example, ge-0/0/0). You can configure multiple interfaces.
Commit and save your changes.
commit save
Exit configuration mode.
Type exit to leave configuration mode and return to the Juniper EX or QFX switch CLI.
Verify your configuration by entering the following commend:
show sflow
This command displays the sFlow settings you just configured.

Your Juniper EX or QFX series switch will now start exportinging Apstra Flow to the Apstra Flow collector.

Configure Flow Sampling on Juniper Routers

You can configure Juniper routers to export flow records using Netflow v9. The NetFlow version 9 flow template enables you to define a flow record template suitable for IPv4 traffic, IPv6 traffic, MPLS traffic, a combination of IPv4 and MPLS traffic, or peer AS billing traffic.

Note:

We recommend using Netflow v9, rather than IPFIX, for flow export from Juniper devices. IPFIX records from Juniper include only total counters for bytes and packets, rather than the defacto standard delta counters. Most flow collection solutions work better with delta values, which are provided by Juniper devices using Netflow v9.

You can enable both input (ingress) and output (egress) directions.

To configure flow sampling on a Juniper router:

Create an instance, as shown in the following example.
```
user@router# set chassis fpc 0 sampling-instance FLOWDATA
```
Configure the size of the flow table.
Starting with Junos OS Release 15.1F2, by default, the software allocates one 1K IPv4 flow table. If desired, you can allocate up to 15 256K IPv4 flow tables using the following command:
```
user@router# set chassis fpc inline-services flow-table-size ipv4-flow-table-size 15
```
The maximum supported flow table size for a combination of both IPv4 and IPv6 is 15. For example, you can set the flow table size for IPv4 to 10 and set the size for IPv6 to 5.
```
user@router# set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 10
user@router# set chassis fpc 0 inline-services flow-table-size ipv6-flow-table-size 5
```
Note:
The flow table size recommended by Juniper is 4 ( 4 x 256K flows), which equates to 1 million flows. You can configure a larger size, however the system will issue a warning message.
To simplify the sizing of flow tables, the MX series supports a flex-flow-sizing option that does not require a manual sizing between IPv4 tables and IPv6 tables. Rather than using the flow-table-size command, specify the following configuration:
```
user@router# set chassis fpc 0 inline-services flex-flow-sizing
```
You can run the following command to determine if flows are being dropped, and to determine if any adjustments to the flow table sizes are required:
```
user@router# show services accounting errors inline-jflow fpc-slot 0 | match "Flow Creation Failures"    
    Flow Creation Failures: 1146233714
    IPv4 Flow Creation Failures: 1111175982
    IPv6 Flow Creation Failures: 35057732

user@router# show services accounting errors inline-jflow fpc-slot 0 | match "Flow Creation Failures"    
    Flow Creation Failures: 1146234132
    IPv4 Flow Creation Failures: 1111176365
    IPv6 Flow Creation Failures: 35057767
```
Configure the service to extended flow memory. This service provides more scale in flows for inline services sampling.
```
user@router# set chassis fpc 0 inline-services use-extended-flow-memory
```

Add the template configuration for both IPv4 (ipv4-template) and IPv6 (ipv6-template).

content_copy zoom_out_map
user@router# set services flow-monitoring version9 template ipv4 ipv4-template
user@router# set services flow-monitoring version9 template ipv6 ipv6-template

Set the flow-active-timeout and flow-inactive-timeout determine how frequently flow records will be sent for metered flows.

content_copy zoom_out_map
user@router# set services flow-monitoring version9 template ipv4 flow-active-timeout 60
user@router# set services flow-monitoring version9 template ipv4 flow-inactive-timeout 60
user@router# set services flow-monitoring version9 template ipv6 flow-active-timeout 60
user@router# set services flow-monitoring version9 template ipv6 flow-inactive-timeout 60

Add the vlan-id to the flow-key to include VLAN IDs in both the ingress and egress directions.

content_copy zoom_out_map
user@router# set services flow-monitoring version9 template ipv4 flow-key vlan-id
user@router# set services flow-monitoring version9 template ipv6 flow-key vlan-id

Set the rate at which packets will be sampled.

content_copy zoom_out_map
user@router# set forwarding-options sampling instance FLOWDATA input rate 128

Specify where the flow records should be sent for both IPv4 and IPv6 templates.

You must specify both the IP address and port number on which the Apstra Flow collector is listening, as well as the flow record version.

content_copy zoom_out_map
ser@router# set forwarding-options sampling instance FLOWDATA family inet output flow-server 192.0.2.11 port 9995
user@router# set forwarding-options sampling instance FLOWDATA family inet output flow-server 192.0.2.11 version9 template ipv4
user@router# set forwarding-options sampling instance FLOWDATA family inet6 output flow-server 192.0.2.11 port 9995
user@router# set forwarding-options sampling instance FLOWDATA family inet6 output flow-server 192.0.2.11 version9 template ipv6

Specify the IP address from which the device will send the packets containing the flow records.

content_copy zoom_out_map
user@router# set forwarding-options sampling instance FLOWDATA family inet output inline-jflow source-address 192.0.2.222
user@router# set forwarding-options sampling instance FLOWDATA family inet6 output inline-jflow source-address 192.0.2.222

Enable sampling for each interface for which traffic should be observed. You can enable both input and output (ingress and egress) directions.
```
user@router# set interfaces xe-0/1/1 unit 110 family inet sampling input
user@router# set interfaces xe-0/1/1 unit 110 family inet sampling output
```
Commit your configuration.
```
user@router# commit
commit complete
```
The Apstra Flow collector must first receive the template records from the Juniper device, after which it will decode and process the version 9 records. After a few minutes, you'll see data in the data platform to which the collector is configured to send it.

arrow_backward PREVIOUS API Endpoints Options

NEXT arrow_forward Configure the hsflowd sFlow Agent

Juniper Apstra 5.1.0 User Guide

ON THIS PAGE

Configure sFlow and NetFlow on Junos OS Devices

Configure sFlow on a Juniper EX or QFX Switch

Configure Flow Sampling on Juniper Routers

Stay in touch

Helped me install or use the product
Accelerated my deployment

Discuss the product with a co-worker
Make a purchase inquiry