SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX branch - simple real-time bandwidth interfaces viewer/analyzer?

    Posted 03-10-2012 08:08

    I need just a simple way to watch bandwidth on my SRX interfaces. In J-web it's ok but I want to use some extra software for this purpose.

    I tried SolarWinds NetFlow Analyzer and used some configs from http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Branch-Series-amp-J-Flow/m-p/27279#M685 and it's working but I need something like CACTI where I can have a way to add users for example and web interface for remote access.

    If I use Netflow/J-Flow for this on few interfaces with great amount of traffic with sampling input rate 1 (SRX 650) will I have some issues with firewall performance?

    So just a simple way to have web interface viewer for my interfaces bandwith (it would be great in real-time:-) ).

    Thanks.



  • 2.  RE: SRX branch - simple real-time bandwidth interfaces viewer/analyzer?

    Posted 03-10-2012 08:51

    Juniper recommends a sampling rate of 1/100 packets and prefers even 1/1000.  Depending on your traffic volumes you may be able to reduce this but 1:1 sampling would not be recommended on any sort of busy device.



  • 3.  RE: SRX branch - simple real-time bandwidth interfaces viewer/analyzer?

    Posted 03-10-2012 12:54

    If I put

     

    interfaces {
        ge-0/0/0 {
            unit 0 {
                family inet {
                    filter {
                        input cflow;
                        output cflow;
                    }
                    address 192.168.1.196/24;
                }
            }
        }

     

    forwarding-options {
        sampling {
            input {
                rate 1;
                run-length 0;
                max-packets-per-second 1000;
            }
            family inet {
                output {
                    flow-server 192.168.1.60 {
                        port 2055;
                        version 5;

    filter cflow {
            term 1 {
                then {
                    sample;
                    accept;
                }
            }
        }
    }

     

    what in fact means             rate 1;   run-length 0;  max-packets-per-second 1000;

     

    Is this ok if I put this on multiple interfaces?

    MMcD @i-conX do you have working and tested config for netlow ?

    Why using just SNMP  in my monitoring software I don't get relevant data for example for bandwidth? Do I need SNMP v2 or 3 to use?

    Thanks for help.



  • 4.  RE: SRX branch - simple real-time bandwidth interfaces viewer/analyzer?
    Best Answer

    Posted 03-11-2012 07:55

    Hi,

     

    This KB should answer all your questions:

     

    http://www.juniper.net/techpubs/en_US/junos10.1/topics/usage-guidelines/policy-configuring-traffic-sampling.html



  • 5.  RE: SRX branch - simple real-time bandwidth interfaces viewer/analyzer?

    Posted 03-11-2012 13:37

    So if I use on multiple interfaces with rate 100 it will be ok?

    forwarding-options {
        sampling {
            input {
                rate 100;
                run-length 0;
                max-packets-per-second 1000;

     

    And still Why using just SNMP  in my monitoring software I don't get relevant data for for interface bandwidth?