Configure Juniper SFlow for HP IMC

I’ve been really interested and excited with what HP has done with the IMC (Intelligent Management Center) over the last couple of years. I’m sure it was a great product before then, but I’ve only been following it for the last 2.

This month, HP released IMC version 5.1, which has alot of new features that I wanted to check out, including 802.1x auditing. After I installed the demo version, I decided, to export some Juniper SFlow to the Network Traffic Analyzer (NTA). Not a new feature, but, c’mon, how cool is flow data?

First and foremost, gotta get the device added to IMC. Now that the obvious is out of the way, let’s configure the Juniper. On my Juniper EX4200:

  set protocols sflow collector 1.2.3.4
  set protocols sflow interfaces ge-0/0/7.0


Seriously, how easy is that? I set the IMC as the collector, then I identify the interface(s) to collect from. I’m using the default polling-interval of 20 seconds and the default sampling-rate of 1:2000. Now that we are exporting flows, let’s get dirty in IMC. This is a bit more comprehensive. If it wasn’t for @netmanchris screencast, I probably would not have done it (Number 4 will really get ya!)

  1. Service —> Traffic Analysis and Audit —> Settings
  2. Device Management —> Find your device and add it (you did add the device as a managed device in IMC, right?)
  3. Back to Settings —> Server Management —> Modify
  4. Select the checkbox beside your device and choose “Deploy”.
  5. Back to Settings —> Traffic Analysis Task Management —> Add
  6. Choose Interface —> Add a task name, and choose the roles that can view this analysis.
  7. Finally, at the bottom of the Task Analysis, choose the interface that is exporting (in my case, ge-0/0/7.0).

Now you are done. You will see your data by going to “Interface Traffic Analysis Task” and choosing the task you just created. You can verify that the Juniper is exporting by going into the CLI and typing:

  show sflow
  show sflow interface


You will definately need to give it some time. I waited between 30 minutes and an hour before I started seeing data. Even the “NTA traffic speed” will show 0bps, which is what really frustrated me. I was troubleshooting forever (even started packet captures, and verified the port was actually opened using netstat), and then VIOLA…. data.

One caveat….. make sure you are running JUNOS 10.4 or later. I’m still running 10.0 and I could not figure out why I was only seeing ingress and not egress data.

 

 

 

Share This Page : Share on TwitterShare on FacebookShare on GooglePlusShare on PinterestShare on Linkedin