SFlow with Juniper QFX not working

[bibawa]

Hi,

We got fastnetmon successfully running with our Juniper EX switches. Now we upgraded them to QFX switches but now fastnetmon is no longer working.

Fastnetmon only detects outbound traffic , no incoming and in the error log I see a lot of this:

2020-07-29 12:14:21,728 [ERROR] sflow: very dangerous error from skipBytes function! We try to read from restricted memory region 2020-07-29 12:14:21,728 [ERROR] sflow: we tried to read data in bad place! Fault! 2020-07-29 12:14:21,728 [ERROR] sflow: we tried to read data in bad place! Fault! 2020-07-29 12:14:21,728 [ERROR] sflow: very dangerous error from skipBytes function! We try to read from restricted memory region 2020-07-29 12:14:21,728 [ERROR] sflow: we failed in SFLFLOW_SAMPLE handler

Config on QFX side:

root@switch# show polling-interval 5; sample-rate { ingress 500; egress 500; } collector 185.5.3.4 { udp-port 5600; } collector 185.5.3.5 { udp-port 5678; } interfaces xe-0/0/32.0;

As this was working before with EX, I expect the problem to be related to the new QFX switches however config on sflow protocol seems to be the same.

brg,

[pavel-odintsov]

Hello!

Thank you for reporting it! It looks very dangerous actually. May I ask you to share sFlow as pcap dump, please?

Thank you!

[bibawa]

HI,

Just send them via email to you. Please let me know if you received them in good order.

brg,

[pavel-odintsov]

Thank you! We will check them.

[pavel-odintsov]

Thanks for sharing pcap dump. For some reasons it does not have any sFlow flow samples (they carry ips, ports, packets number and other information) and it has only sFlow counter samples which carry information about packet counters on all interfaces. FastNetMon does not use counter samples at all and it need flow samples.

[pavel-odintsov]

Here you can find all detail from this dump:

sflow_raw_udp_packets_received: 0
sflow_udp_receive_errors: 0
sflow_total_packets: 42
sflow_bad_packets: 0
sflow_flow_samples: 22
sflow_bad_flow_samples: 0
sflow_padding_flow_sample: 0
sflow_with_padding_at_the_end_of_packet: 0
sflow_parse_error_nested_header: 0
sflow_counter_sample: 22
sflow_raw_packet_headers_total: 22
sflow_extended_router_data_records: 0
sflow_extended_switch_data_records: 22
sflow_extended_gateway_data_records: 0

Can you show output from these commands:

show sflow
show sflow interface

[pavel-odintsov]

Also, I can recommend checking our new sFlow parser which has lots of improvements. You can download it here: https://storage.googleapis.com/fastnetmon_community_packages/debian/10/fastnetmon_1.1.7_amd64.deb if you use another distro, just let me know and I'll share correct link.

[pavel-odintsov]

Please reopen this issue if it still happens.

[bibawa]

HI,

Sorry for my delay, I was on holiday and missed this. Please find hereby the requested output of commands:

`{master:0}[edit] root@csw1# run show sflow sFlow : Enabled Adaptive fallback : Disabled Sample limit : 300 packets/second Sample limit Threshold : 0 packets/second Polling interval : 5 second Sample rate egress : 1:500: Enabled Sample rate ingress : 1:500: Enabled Agent ID : No valid agent IP Agent ID IPv6 : No valid agent IPv6 Source IP address : No valid source IP Source IPv6 address : No valid source IPv6

{master:0}[edit] root@csw1.# run show sflow interface Interface Status Sample Adapted Polling rate sample rate interval

           Egress  Ingress     Egress   Ingress      Egress   Ingress

xe-0/0/32.0 Enabled Enabled 500 500 2048000 2048000 5 `

[bibawa]

Please reopen this issue if it still happens.

{master:0}[edit] root@csw1.int# run show sflow sFlow : Enabled Adaptive fallback : Disabled Sample limit : 300 packets/second Sample limit Threshold : 0 packets/second Polling interval : 5 second Sample rate egress : 1:500: Enabled Sample rate ingress : 1:500: Enabled Agent ID : No valid agent IP Agent ID IPv6 : No valid agent IPv6 Source IP address : No valid source IP Source IPv6 address : No valid source IPv6

{master:0}[edit] root@csw1.int# run show sflow interface Interface Status Sample Adapted Polling rate sample rate interval

           Egress  Ingress     Egress   Ingress      Egress   Ingress

xe-0/0/32.0 Enabled Enabled 500 500 2048000 2048000 5

[pavel-odintsov]

Hello!

I suppose that a reason what it does not export traffic:

Agent ID : No valid agent IP Agent ID IPv6 : No valid agent IPv6 Source IP address : No valid source IP Source IPv6 address : No valid source IPv6 Does it have IP configured?

On Thu, 20 Aug 2020 at 08:41, bibawa notifications@github.com wrote:

Please reopen this issue if it still happens.

{master:0}[edit]

root@csw1.int# run show sflow

sFlow : Enabled

Adaptive fallback : Disabled

Sample limit : 300 packets/second

Sample limit Threshold : 0 packets/second

Polling interval : 5 second

Sample rate egress : 1:500: Enabled

Sample rate ingress : 1:500: Enabled

Agent ID : No valid agent IP

Agent ID IPv6 : No valid agent IPv6

Source IP address : No valid source IP

Source IPv6 address : No valid source IPv6

{master:0}[edit]

root@csw1.int# run show sflow interface

Interface Status Sample Adapted Polling

rate sample rate interval

       Egress  Ingress     Egress   Ingress      Egress   Ingress

xe-0/0/32.0 Enabled Enabled 500 500 2048000 2048000 5

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/pavel-odintsov/fastnetmon/issues/829#issuecomment-677430186, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAU56ZQ6H6SXPGVTH674B63SBTHTVANCNFSM4PLOCTYQ .

-- Sincerely yours, Pavel Odintsov

[bibawa]

Okay thanks for that , i configured agent id and agent IP on the switch, now i see only outgoing traffic monitored by fastnetmon_client. And as well I think this data isn't correct at all. At this time no incoming traffic is shown (all 0)

[pavel-odintsov]

Replied via email