Written by Brian Masiga27Nov, 2017

Traffic Flow Sampling in Juniper Mx-5 and Mx-480 Routers IPv4 and IPv6

Traffic Analysis is a critical component in network planning, security and troubleshooting. For you to perform traffic analysis, you need to collect network traffic flows from the different aggregation points in your network such as routers and switches.

In Juniper, they take advantage of ‘sampling’ packets and frames going through a switch or router. The sampled flows can used by third party applications such as nfsen and ntop.

This configuration solution was done on a Juniper Mx 5 Router using ipfix .

Create a sampling instance at the chassis level in this case it was named ‘1to1’
set chassis tfeb slot 0 sampling-instance 1to1

Place the flow table size at the chassis level on tfeb for both IPv4 and IPv6
set chassis tfeb slot 0 inline-services flow-table-size ipv4-flow-table-size 5
set chassis tfeb slot 0 inline-services flow-table-size ipv6-flow-table-size 5

Configure ipfix templates for both IPv4 and IPv6
set services flow-monitoring version-ipfix template ipv4 ipv4-template
set services flow-monitoring version-ipfix template ipv6 ipv6-template

Configure the sampling rate under the forwarding-options
set forwarding-options sampling instance 1to1 input rate 1

Configure the flow-server ‘192.168.1.1’ and specify the UDP port ‘9004’
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 port 9004

This option allows capture AS information in the flows
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 autonomous-system-type origin
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 no-local-dump

Specify the version ‘ipfix’ and the template to use ‘template ipv4’
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 version-ipfix template ipv4

Specify the source of the traffic flows ‘172.16.20.1’ – This was a loopback address
set forwarding-options sampling instance 1to1 family inet output inline-jflow source-address 172.16.20.1

This specifies the IPv6 setup – similar to the IPv4 setup – same port and source of the flows but diffrent template
set forwarding-options sampling instance 1to1 family inet6 output flow-server 192.168.1.1 port 9004
set forwarding-options sampling instance 1to1 family inet6 output flow-server 192.168.1.1 version-ipfix template ipv6
set forwarding-options sampling instance 1to1 family inet6 output inline-jflow source-address 172.16.20.1
Configure the router interface to begin sampling the traffic flows
set interfaces ge-1/1/1 unit 0 family inet sampling input
set interfaces ge-1/1/1 unit 0 family inet6 sampling input

===============================================================================
This configuration solution was done on a Juniper Mx 480 Router using ipfix

Create a sampling instance at the chassis level in this case it was named ‘1to1’
set chassis fpc 1 sampling-instance 1to1

Place the flow table size at the chassis level on fpc being used for both IPv4 and IPv6
set chassis fpc 1 inline-services flow-table-size ipv4-flow-table-size 5
set chassis fpc 1 inline-services flow-table-size ipv6-flow-table-size 5

Configure the sampling rate under the forwarding-options
set forwarding-options sampling instance 1to1 input rate 1

Configure the flow-server ‘192.168.1.1’ and specify the UDP port ‘9004’
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 port 9004

This option allows capture AS information in the flows
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 autonomous-system-type origin
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 no-local-dump

Specify the version ‘ipfix’ and the template to use ‘template ipv4’
set forwarding-options sampling instance 1to1 family inet output flow-server 192.168.1.1 version-ipfix template ipv4

Specify the source of the traffic flows ‘172.16.20.1’ – This was a loopback address
set forwarding-options sampling instance 1to1 family inet output inline-jflow source-address 172.16.20.1

This specifies the IPv6 setup – similar to the IPv4 setup – same port and source of the flows but diffrent template
set forwarding-options sampling instance 1to1 family inet6 output flow-server 192.168.1.1 port 9004
set forwarding-options sampling instance 1to1 family inet6 output flow-server 192.168.1.1 version-ipfix template ipv6
set forwarding-options sampling instance 1to1 family inet6 output inline-jflow source-address 172.16.20.1

Configure the router interface to begin sampling the traffic flows
set interfaces ge-1/1/1 unit 0 family inet sampling input
set interfaces ge-1/1/1 unit 0 family inet6 sampling input