Monitoring Network Traffic on Juniper EX Switches Using sFlow and Opsview
Opsview's Network Analyzer module is a great way to monitor NetFlow, jFlow, and sFlow data. Protocols such as sFlow give more in-depth insight to your network and you can monitor the top hosts, ports, and transfers as well as receive a history and summary of your sources. In this article, we will cover monitoring sFlow on Juniper EX switches with Opsview.
To start, connect to the Juniper switch via SSH or the management port, then switch to the 'edit protocols' mode.
Entering configuration mode
root@jun3200# edit protocols
Once in edit mode, we will specify the sflow collector and the interface. The collector is the server with a sFlow agent that can gather the data and give a visual representation of the network traffic. In this case, the collector will be the IP address of the Opsview server. Setting the port is optional and if one isn't specified, it will use the default 6343.
root@jun3200# set sflow collector 172.16.1.102 udp-port 6343
root@jun3200# set sflow interfaces ge-0/0/1
You can select any interface you want to monitor. In this example, we choose interface ge-0/0/1 which is port 1. If you wanted to use port 3, the interface name would be ge-0/0/3. To see all available interfaces on your device you can run, use this command:
root@jun3200> show interfaces
Next, we can select how frequently we want the interface polled in seconds. This is how often the switch polls internally. For best performance, it is recommended to set this close to the check interval in Opsview, but it shouldn't be longer.
root@jun3200# set sflow polling-interval 20
The last setting on the Juniper switch is the egress and ingress sample rates. Out of each number of packets specified in the sample rate, one packet will be sampled. This means the lower number you set, the more packets will be captured. Since the switch, what we’re testing does not have a lot of traffic and we’re setting it to the highest amount of sampling at 100. For more moderate traffic, a sample rate of 1000 will be more acceptable. You can select any amount between 100 and 1,073,741,823.
root@jun3200# set sflow sample-rate egress 100
root@jun3200# set sflow sample-rate ingress 100
Now that we have configured sFlow, we can verify the configuration and commit the changes.
root@jun3200# commit check
configuration check succeeds
To verify our changes, we can exit configuration mode and use 'show sflow' to see the configuration and 'show sflow collector' to see the number of samples that have been captured.
Exiting configuration mode
root@jun3200> show sflow
sFlow : Enabled
Sample limit : 300 packets/second
Polling interval : 20 second
Sample rate egress : 1:100: Enabled
Sample rate ingress : 1:100: Enabled
Agent ID : 172.16.1.2
Source IP address : 172.16.1.2
root@jun3200> show sflow collector
Collector Udp-port No. of samples
172.16.1.102 6343 145
Now we can make this host a collector in Opsview and configure our dashboards to view the data. First, navigate to the Network Analyzer Settings page:
Next, click "Add New". In this case, we already have a collector configured, so we will choose edit. Both "Add New" and "Edit" will give the same options.
On the "Collectors" tab, we can set the name and adjust the default ports if needed. When adding a new collector, you will be given the option to select the Monitoring Server.
On the "Sources" tab, we can add the Source Type and Host:
Once complete, submit the changes and reload Opsview. To view the NetFlow data, there are 7 dashlets we can use. Here is an example of them: