Using Junos 15.1X49-D75.5
Hardware Model SRX 340
We are going to configure referenced SRX box to send a sampling traffic data to its collector. Bear in mind that the above assumptions are indicating that the following steps might not be suitable for other SRX hardware or JunOS versions. In Junos OS Release 8.3 and later, you can collect a record of sampled flows using the version 9 format as defined in RFC 3954, Cisco Systems NetFlow Services Export Version 9. Version 9 uses templates to collect a set of sampled flows and send the record to a specified host.
Traffic sampling and forwarding are supported only on routers equipped with an Internet Processor II application-specific integrated circuit (ASIC).
To determine whether a routing platform has an Internet Processor II ASIC, use the show chassis hardware command.
So prior to starting configuring, lets understand what is going on behind the seen. PFE and RE are the Packet forwarding engine and the routing engine respectively. As depicted in the diagram, for any packet entering any interface, the sampling logic will trigger only for the marked packets and that will happen if the proper sampling filter is in place.
So, let us proceed with the configuration steps:-
Execute the following command to create the v9 template required in later configuration steps.
Configuring the sampling rate, Junos using two parameter to configure sampling rate, x is the run-length, which indicate the number of packets to be sampled after the sampling trigger and y is the input rate, which indicates the total number of packets, so that x+1 packets will be sampled out of y. So if rate is 100 and run-length is 0, the sampling rate will be 0+1 out of 100 = 1/100 = 1%
# set forwarding-options sampling input run-length 0
|rate (y)||run-length (x)||Percent (x+1)/y (%)|
|10||0||1/10 = 10%|
|10||1||2/10 = 20%|
|10||2||3/10 = 30%|
|10||3||4/10 = 40%|
|10||4||5/10 = 50%|
|100||0||1/100 = 1%|
|100||19||20/100 = 20%|
|100||29||30/100 = 30%. (Recommended)|
|100||39||40/100 = 40% (Recommended)|
|100||49||50/100 = 50% (Recommended)|
Activation of flow collection can have a significant impact on the performance of the SRX Series device. The smaller the sample rate, the bigger the impact. It is recommended to not use a sampling input rate of 1.
According to juniper performance test data @2011 (reference #3), well it is outdated; however, this is what the best shot we got about the affect of sampling rate on throughput for the SRX series. So, From the digram, we could conclude the following: -
Throughput get impacted starting at 10% sampling rate.
v.9.0 performance is better in compare to the other versions.
Throughput get impacted, when the sampling rate reaches 1:1, which is equivalent to rate value = 1 and run-length = 0 (default)
Hence, we do recommend values of 30%-50% sampling rate according to the above table.
In this step, we are configuring the ip address of the monitoring software - (external flow collector) , which is assumed to ip address of 10.0.0.x and its UDP port is 9996 (the default NetFlow port is 2055 ) and attach the flow template defined earlier in step 1.
# set forwarding-options sampling family inet output flow-server 10.0.0.x version9 template IPV4-JFLOW-TEMPLATE
Here is a trick part, as in this step you need to configure the inline-jflow, so that sampling mechanism and the J-Flow are executed in the forwarding engine. The source address indicates the internal address to use when generating monitored packets. it is also known as the Exporter IP address.
Here is the sampling filters that we talked about earlier, this is what tells the input interface if sampling to be taken into account, in which direction, and for which packets as well.
Traffic Sampling, Forwarding, and Monitoring Feature Guide
Collecting Traffic Sampling Output in the Cisco Systems NetFlow Services Export Version 9 Format
Juniper Flow Monitoring
Configuring J-Flow v9.0 for monitoring Juniper SRX