J-Flow

J-Flow is a proprietary accounting technology used by Juniper Networks that allows you to collect IP traffic flow statistics.

J-Flow enables you to export data to a UDP port on a J-Flow collector. You can also enable J-Flow on a router or network interface to collect network statistics for specific locations on your network.

J-Flow uses a connection-less protocol (UDP). When data is sent from a switch or router, the J-Flow record is purged. UDP doesn't guarantee delivery of the data. As such, inaccurate presentations of both traffic volumes and bidirectional flows, and reduced alerting capabilities, might result when using a J-Flow flow source. J-Flow traffic is based on sampled data and, therefore, might not represent all network traffic.

For more information about J-Flow, see the Juniper Networks website (www.juniper.net).

J-Flow flow source configuration

When you configure an external flow source for J-Flow, you must do the following tasks:
  • Ensure that the appropriate firewall rules are configured.
  • Ensure that the appropriate ports are configured for your IBM® QRadar® Flow Collector.

Supported VLAN fields

The following VLAN fields are supported for J-Flow:
  • vlanId
  • postVlanId
  • dot1qVlanId
  • dot1qPriority
  • dot1qCustomerVlanId
  • dot1qCustomerPriority
  • dot1qDEI
  • dot1qCustomerDEI
  • postDot1qVlanId
  • postDotqCustomerVlanId