I’d almost say this is an IPFIX era as almost all the enterprise-level routing and switching device vendors have started adopting Internet Protocol Flow Information Export (IPFIX) technology. Juniper, with its own standard J-Flow, now supports IPFIX on most of its major devices. This means IPFIX is going to make a very big revolution in traffic monitoring technology in days to come.
What is IPFIX?
IPFIX is similar to NetFlow v9 Export, which is of course the base for IPFIX. IPFIX exports IP flow information from the routers and switch interfaces. The IPFIX protocol allows network administrators to analyze their traffic patterns.
IPFIX on Juniper devices
We have quite a lot of customers with Juniper devices in their networks, and this blog may help them configure the devices that are capable of exporting IPFIX packets.
We heard that some Juniper MX Series routers support IPFIX. We found related configurations through some research, and one of our beloved customers helped us obtain the actual working configurations.
Configurations
Flow monitor template configuration
services {
flow-monitoring {
version-ipfix {
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
template-refresh-rate {
packets 480000;
seconds 60;
}
option-refresh-rate {
packets 480000;
seconds 60;
}
ipv4-template;
Sampling rate configuration
inst2 {
input {
rate 100;
run-length 0;
max-packets-per-second 10000;
Interface level configuration
forwarding-options {
sampling {
instance {
sample-ipfix {
input {
rate 100;
}
family inet {
output {
flow-server xxx.xxx.xxx.xxx {
port 9996;
autonomous-system-type origin;
no-local-dump;
version-ipfix {
template {
ipv4;
}
}
}
inline-jflow {
source-address xxx.xxx.xxx.xxx;
The most important part follows. Once the routers and interfaces are configured for inline J-Flow, you will also need to apply sampling to a firewall rule and then attach it to the interfaces that you want to sample.
Firewall configuration
interfaces {
xe-0/0/0 {
unit 0 {
family inet {
filter {
input Sample-FILTER;
output sample-FILTER;
firewall {
filter Sample-FILTER {
term ALLOW-ANY {
then {
sample;
accept;
You need to set a firewall rule for each Layer 3 interface, for which you also need to enable inline J-Flow to get correct stats in NetFlow Analyzer.
Hope this one helps.
