JUNIPER M7i CFLOW Sampling for L2 Vlans

Mailman List Mirror (Read Only)
1

People,

Good afternoon,

We have a curious situation in a client's environment.

It has a M7i router with 2 IQ2E (4 GE) PICs.

It wants one of its PICs plugged into a L2 switch (802.1Q Trunk Mode)
and the another one plugged (via 1 giga of 4 ports only) to another L2
switch.

          M7i
        / \
     S1 S2

Both Giga ports are simpled configured like:

nterfaces {
    ge-0/0/0 {
        vlan-tagging;

nterfaces {
    ge-0/1/0 {
        vlan-tagging;

L2 Trunk Ethernet only without L3 configuration.

It is possible to get flow information about the encapsulated vlans
(10,20,30,40, etc) inside the trunk traffic ? ... without configuring ip
(4 or 6) or creating vlan interfaces ?

It is possible to get cflow working in a L2 way ?

Does anyone has configured it before using JUNIPER ? Can you send or
point to me some samples of configuration ?

Thanks a lot,

Giuliano

2

It is possible to get cflow working in a L2 way ?

Hi Giuliano,

The short answer is, unfortunately, no.

NetFlow v5 does not have any fields for Layer 2 information: http://netflow.caligare.com/netflow_v5.htm

Although NetFlow v9 does have such fields, you (a) only get NetFlow v9 functionality on a Juniper if you have a Services PIC installed and (b) are limited by the NetFlow v9 templates that JUNOS implements. See the section titled "Fields Included in Each Template Type" for a description of each NetFlow v9 template at Configuring Flow Aggregation to Use Version 9 Flow Templates - JUNOS 9.5 Services Interfaces Configuration Guide.

Juniper supports sFlow (which would give you L2 info) on their EX switches, but not on their routers. Perhaps when/if IPFIX support comes along, you might be able to get what you are looking for.

You could use port mirroring or an optical tap with various open-source tools running on a Unix host to do the kind of monitoring you are looking for.

Cheers,
-Chris

3

Besides the Juniper specifics on which i do agree.

The fact that NetFlow v5 doesn't carry L2 information doesn't
per-se imply it can't be theorically applied to L2 interfaces
and report on upper layers - making it fair, on a multi-layer
thing. Which is the underlying issue here.

Cheers,
Paolo