Great Product! Works well with Juniper Routers
Just wanted to say "thanks!".
I have sucessfully used this utility to track flows in 7 simultaneous Juniper M-series routers.
Here's my JUNOS 7.3 configuration (as I noticed you don't mention any Juniper-specific information on the website).
First thing to do, is to enable packet sampling and set your output/target for the flows to be sent:
Replace 10.2.1.11 with the IP address you wish to "show up" as being the source of the flows. Replace 172.28.1.14 with the IP address of where NetFlow Analyzer is running.
Next, enable packet sampling on the particular interface(s) you wish to do netflow analysis for:
For example, this enables "sampling" on interface ge-1/3/0.101 (gigabit ethernet 1/3/0 VLAN 101). This will then send a copy of the traffic to the sampling egine, which will then export it in cflowd version 5 format.
____________________________________________________
Feature request:
Is there a way to SORT by AS number? (i.e. "show top 10 AS by traffic"). It seems the current version 4.0.2 does indeed show me all the remote-AS'ses that my traffic is going to, but alas, I cannot sort the list by "top data"; hence making any quick analysis of top-AS-by-traffic very difficult.
Hope this helps!
- R208.
I have sucessfully used this utility to track flows in 7 simultaneous Juniper M-series routers.
Here's my JUNOS 7.3 configuration (as I noticed you don't mention any Juniper-specific information on the website).
First thing to do, is to enable packet sampling and set your output/target for the flows to be sent:
forwarding-options {
sampling {
input {
family inet {
rate 100;
run-length 9;
max-packets-per-second 7000;
}
}
output {
cflowd 172.28.1.14 {
port 9996;
source-address 10.2.1.11;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
Replace 10.2.1.11 with the IP address you wish to "show up" as being the source of the flows. Replace 172.28.1.14 with the IP address of where NetFlow Analyzer is running.
Next, enable packet sampling on the particular interface(s) you wish to do netflow analysis for:
interfaces {
ge-1/3/0 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
sampling {
input;
output;
}
address 206.80.253.26/25
}
}
}
}
For example, this enables "sampling" on interface ge-1/3/0.101 (gigabit ethernet 1/3/0 VLAN 101). This will then send a copy of the traffic to the sampling egine, which will then export it in cflowd version 5 format.
____________________________________________________
Feature request:
Is there a way to SORT by AS number? (i.e. "show top 10 AS by traffic"). It seems the current version 4.0.2 does indeed show me all the remote-AS'ses that my traffic is going to, but alas, I cannot sort the list by "top data"; hence making any quick analysis of top-AS-by-traffic very difficult.
Hope this helps!
- R208.