Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  IPFIX Sampling via Firewall Filter vs. IPFIX Sampling via Interface - Is there any difference?

    Posted 01-17-2017 07:29

    Hello,

     

    I have configured IPFIX on my MX960 via this guide:

    https://www.juniper.net/techpubs/en_US/junos15.1/topics/task/configuration/services-ipfix-flow-template-flow-aggregation-configuring.html

     

    And I have a question:

    What is the difference between "applying" sampling to an interface and sampling via a firewall filter and then applying that filter to an interface?

    Example:

     

    set interfaces ae0 unit 0 family inet sampling input
set interfaces ae0 unit 0 family inet sampling output

    vs.

     

    set firewall family inet filter SAMPLE-ALL term 1 then sample
    set firewall family inet filter SAMPLE-ALL term 1 then accept
set interfaces ae0 unit 0 family inet filter input SAMPLE-ALL
set interfaces ae0 unit 0 family inet filter output SAMPLE-ALL

    Is there any difference between those two configurations?

     

    The offical docs state the following:

    https://www.juniper.net/techpubs/en_US/junos14.2/topics/usage-guidelines/services-configuring-traffic-sampling.html

     

    • On the Routing Engine, using the sampled process. To select this method, use a filter (input or output) with a matching term that contains the then sample statement.
    • On the Monitoring Services, Adaptive Services, or Multiservices PIC.
    • On an inline data path without the need for a services Dense Port Concentrator (DPC). To do this inline active sampling, you define a sampling instance with specific properties. One Flexible PIC Concentrator (FPC) can support only one instance; for each instance, either services PIC-based sampling or inline sampling is supported per family. Inline sampling supports version 9 and IPFIX flow collection templates.

     

    However, this explanation does not make any sense to me since in both cases ("firewall filter" and "family inet sampling") the sampled process on my routing engine seems to be very active.



  • 2.  RE: IPFIX Sampling via Firewall Filter vs. IPFIX Sampling via Interface - Is there any difference?
    Best Answer

    Posted 01-17-2017 18:28

    Hi,

     

    There is no difference in both the configurations that you have shown below. The usage of the two configurations differ:

     

    1. For example, if you want to sample every family inet packet on the interface, you can just use "family inet sampling input/output" on the interface. It will mark every packet for sampling irrespective of the flow.

     

    2. If you want to sample only specific type of IP traffic, for example, you want to sample traffic coming from specific source IP or from specific destination IP you can create a customized firewall filter and match that specific traffic type for sampling.

     

    Hope this helps.

     

    If this post was helpful, please mark this post as an "Accepted Solution".
    Kudos are always appreciated!

     

    Thanks