在Juniper网络设备上配置flow包导出
对于NetFlow 分析,您需要将设备配置为将flow包导出到 Site24x7 本地轮询器,即 NetFlow 收集器。本地部署轮询器将监听特定端口以接收flows。了解如何查找本地部署轮询器的端口号。
jFlow v5 和 v8 配置
要启用采样并将flow记录 (cflowd/JFlow) 导出到特定目标地址,请执行以下命令:
forwarding-options {
sampling {
input {
family inet {
rate 100;
run-length 9;
max-packets-per-second 7000;
}
}
{
cflowd <destination address>{
port <port number>;
source-address <source address>;
version <version number>;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
sampling {
input {
family inet {
rate 100;
run-length 9;
max-packets-per-second 7000;
}
}
{
cflowd <destination address>{
port <port number>;
source-address <source address>;
version <version number>;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
要在特定接口上启用数据包采样,请执行以下步骤:
interfaces {
ge-1/3/0 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
sampling {
input;
output;
}
address 206.80.253.26/25
}
}
}
}
ge-1/3/0 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
sampling {
input;
output;
}
address 206.80.253.26/25
}
}
}
}
有关详细信息和 v9 配置,请参阅Juniper网络官方文档。
sFlow 配置
使用以下命令在Juniper网络设备上配置 sFlow:
protocols {
sflow {
polling-interval 30;
sample-rate 500;
collector 10.1.2.5 {
udp-port 9996;
}
interfaces ge-0/0/0.0;
interfaces ge-0/0/1.0;
interfaces ge-0/0/2.0;
interfaces ge-0/0/3.0;
interfaces ge-0/0/11.0;
}
}
sflow {
polling-interval 30;
sample-rate 500;
collector 10.1.2.5 {
udp-port 9996;
}
interfaces ge-0/0/0.0;
interfaces ge-0/0/1.0;
interfaces ge-0/0/2.0;
interfaces ge-0/0/3.0;
interfaces ge-0/0/11.0;
}
}