Hello
Today we will break down how to configure your Juniper router to export Netflow (jFlow). At the end of the article is the configuration using IPFIX (Netflow v10).
Here we have the Network topology and the Netflow Server information
These are the steps needed to configure a Juniper Router to export Netflow v5
- Configure the NTP Server
- Configuring Forwarding Options with Sampling Rate
- Configure the Host that will receive the Flows coming from the Router
- Configure the interface to enable Netflow on the interface
Let’s go to the step-by-step configuration
- Configure the NTP Server
It is important to configure an NTP Server because the Flows data uses timestamp according to the router’s time. If the router has a different time than the server, the data will not agree with the time, generating a mismatch of information.
It is important that you configure at least 2 NTP servers and also your router’s timezone.
## Using the Servers of the a.ntp.br and b.ntp.br
set system ntp server 200.160.0.8
set system ntp server 200.189.40.8
## Setting the Time-Zone
set system time-zone America/Sao_Paulo
## Default way to view the Juniper configuration
guilherme@vMX-BGP> show configuration system
system {
time-zone America/Sao_Paulo;
ntp {
server 200.160.0.8;
server 200.189.40.8;
}
}
2. Configure Forwarding Options with the Sampling Rate
The sampling rate to avoid overloading the CPU of your Routing Engine, it creates a sample of the traffic and exports it, so the Netflow system can receive the data and apply a multiplication factor to make the data real numbers.
To configure, use the commands. The ideal value of the rate depends on how much traffic you use, a tip is important is to use values above 200 and analyze the CPU of your router.
## Applying the Rate value to 500
set forwarding-options sampling input rate 500
## Juniper display form without display-set
forwarding-options {
sampling {
input {
rate 500;
}
3. Configure the Host that will receive the Flows coming from the Router
To configure your router to export Netflow it is necessary to inform it which IP address the server will receive the flows and which UDP port it will receive this traffic on.
To do this use the commands:
## Exporting to IP 192.168.210.47 on port 2055 and using netflow version 5
set forwarding-options sampling family inet output flow-server 192.168.210.47 port 2055
set forwarding-options sampling family inet output flow-server 192.168.210.47 version 5
## Show Preview without display set
guilherme@vMX-BGP> show configuration forwarding-options
sampling {
family inet {
output {
flow-server 192.168.210.47 {
port 2055;
version 5;
}
}
}
}
4. Configure the interface to enable Netflow on the interface
After setting the sampling rate and the flow server it is still necessary to activate Netflow on the interfaces where it will generate the data. Remember that it is necessary to configure the command inside each unit.
To do this, configure the interfaces inside each unit with the following command:
### Apply the sampling input command
set interfaces ge-0/0/1 unit 0 family inet sampling input
The complete configuration looks like this:
guilherme@vMX-BGP> show configuration | display set
set system time-zone America/Sao_Paulo
set system ntp server 200.160.0.8
set system ntp server 200.189.40.8
set interfaces ge-0/0/0 description "Talk to Netflow
set interfaces ge-0/0/0 unit 0 family inet address 192.168.210.49/24
set interfaces ge-0/0/1 description "WAN INTERFACE - IP TRANSIT
set interfaces ge-0/0/1 unit 0 family inet sampling input
set interfaces ge-0/0/1 unit 0 family inet address 200.200.200.1/30
set forwarding-options sampling input rate 500
set forwarding-options sampling family inet output flow-server 192.168.210.47 port 2055
set forwarding-options sampling family inet output flow-server 192.168.210.47 version 5
## Juniper Show Shape
guilherme@vMX-BGP> show configuration
Last commit: 2019-01-30 13:30:01 BRST by guilherme
version 17.1R2.7;
system {
host-name vMX-BGP;
time-zone America/Sao_Paulo;
ntp {
server 200.160.0.8;
server 200.189.40.8;
}
}
interfaces {
ge-0/0/0 {
description "Talk to Netflow";
unit 0 {
family inet {
address 192.168.210.49/24;
}
}
}
ge-0/0/1 {
description "WAN INTERFACE - IP TRANSIT";
unit 0 {
family inet {
sampling {
input;
}
address 200.200.200.1/30;
}
}
}
}
forwarding-options {
sampling {
input {
rate 500;
}
family inet {
output {
flow-server 192.168.210.47 {
port 2055;
version 5;
}
}
}
}
}
To make it even easier we have the video demonstrating the configuration of each command applied in this tutorial
As a bonus we will post the IPFIX configuration for some types of routers
Juniper MX204
The configuration for routers like the MX204, you can use IPFIX (Netflow v10). To configure on MX204 use the commands, changing the Flow-server and source address IP’s.
set services flow-monitoring version-ipfix template MADE4FLOW flow-active-timeout 60
set services flow-monitoring version-ipfix template MADE4FLOW flow-inactive-timeout 15
set services flow-monitoring version-ipfix template MADE4FLOW template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW ipv4-template
set services flow-monitoring version-ipfix template MADE4FLOW-v6 flow-active-timeout 60
set services flow-monitoring version-ipfix template MADE4FLOW-v6 flow-inactive-timeout 15
set services flow-monitoring version-ipfix template MADE4FLOW-v6 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW-v6 option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW-v6 ipv6-template
set chassis fpc 0 sampling-instance MADE4FLOW
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 10
set chassis fpc 0 inline-services flow-table-size ipv6-flow-table-size 5
set forwarding-options sampling instance MADE4FLOW input rate 1000
set forwarding-options sampling instance MADE4FLOW input run-length 0
set forwarding-options sampling instance MADE4FLOW input max-packets-per-second 10000
set forwarding-options sampling instance MADE4FLOW family inet output flow-inactive-timeout 15
set forwarding-options sampling instance MADE4FLOW family inet output flow-active-timeout 60
set forwarding-options sampling instance MADE4FLOW family inet output flow-server 10.1.1.1 port 2055
set forwarding-options sampling instance MADE4FLOW family inet output flow-server 10.1.1.1 autonomous-system-type origin
set forwarding-options sampling instance MADE4FLOW family inet output flow-server 10.1.1.1 version-ipfix template MADE4FLOW
set forwarding-options sampling instance MADE4FLOW family inet output inline-jflow source-address 10.1.1.2
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-inactive-timeout 15
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-active-timeout 60
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-server 10.1.1.1 port 2055
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-server 10.1.1.1 autonomous-system-type origin
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-server 10.1.1.1 version-ipfix template MADE4FLOW-v6
set forwarding-options sampling instance MADE4FLOW family inet6 output inline-jflow source-address 10.1.1.2
### On each interface and each unit add the commands
set interfaces xe-2/0/0 unit 151 family inet sampling input
set interfaces xe-2/0/0 unit 151 family inet6 sampling input
Juniper MX104
To configure the Juniper MX104 use the commands below. Remember that MX104 only supports exporting to 1 Netflow Server with IPFIX.
set services flow-monitoring version-ipfix template MADE4FLOW flow-active-timeout 60
set services flow-monitoring version-ipfix template MADE4FLOW flow-inactive-timeout 30
set services flow-monitoring version-ipfix template MADE4FLOW template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW ipv4-template
set services flow-monitoring version-ipfix template MADE4FLOW-v6 flow-active-timeout 60
set services flow-monitoring version-ipfix template MADE4FLOW-v6 flow-inactive-timeout 30
set services flow-monitoring version-ipfix template MADE4FLOW-v6 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW-v6 option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template MADE4FLOW-v6 ipv6-template
set forwarding-options sampling instance MADE4FLOW input rate 500
set forwarding-options sampling instance MADE4FLOW input run-length 0
set forwarding-options sampling instance MADE4FLOW family inet output flow-inactive-timeout 15
set forwarding-options sampling instance MADE4FLOW family inet output flow-active-timeout 60
set forwarding-options sampling instance MADE4FLOW family inet output flow-server 10.1.1.1 port 2055
set forwarding-options sampling instance MADE4FLOW family inet output flow-server 10.1.1.1 version-ipfix template MADE4FLOW
set forwarding-options sampling instance MADE4FLOW family inet output inline-jflow source-address 10.1.1.2
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-inactive-timeout 15
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-active-timeout 60
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-server 10.1.1.1 port 2055
set forwarding-options sampling instance MADE4FLOW family inet6 output flow-server 10.1.1.1 version-ipfix template MADE4FLOW-v6
set forwarding-options sampling instance MADE4FLOW family inet6 output inline-jflow source-address 10.1.1.2
set chassis afeb slot 0 sampling-instance MADE4FLOW
## On each interface of your router use the commands
set interfaces xe-2/0/0 unit 151 family inet sampling input
set interfaces xe-2/0/0 unit 151 family inet6 sampling input
If you have a router not mentioned here, please send an email to comercial@made4it.com.br and we will send you the settings.
I hope I have helped you and until next time.
Big hug.
