帮助我们改善您的体验。

让我们了解您的想法。

您是否能抽出两分钟的时间完成一份问卷调查?

close
keyboard_arrow_left
list Table of Contents
keyboard_arrow_right

机器翻译对您有帮助吗?

starstarstarstarstar
Go to English page
免责声明:

我们将使用第三方机器翻译软件翻译本页面。瞻博网络虽已做出相当大的努力提供高质量译文,但无法保证其准确性。如果对译文信息的准确性有任何疑问,请参阅英文版本. 可下载的 PDF 仅提供英文版.

示例:在 MX 系列和 T4000 路由器上配置内联主动流监控

date_range 16-Dec-22

配置

CLI 快速配置

要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到 [edit] 层次结构级别的 CLI 中。

配置模板属性

content_copy zoom_out_map
set services flow-monitoring version9 template template1 flow-active-timeout 120
set services flow-monitoring version9 template template1 flow-inactive-timeout 60
set services flow-monitoring version9 template template1 template-refresh-rate packets 100
set services flow-monitoring version9 template template1 template-refresh-rate seconds 600
set services flow-monitoring version9 template template1 option-refresh-rate packets 100
set services flow-monitoring version9 template template1 option-refresh-rate seconds 600
set services flow-monitoring version9 template template1 ipv4-template
set services flow-monitoring version-ipfix template template-v61 flow-active-timeout 150
set services flow-monitoring version-ipfix template template-v61 flow-inactive-timeout 100
set services flow-monitoring version-ipfix template template-v61 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template template-v61 ipv6-template

配置采样实例

content_copy zoom_out_map
set forwarding-options sampling instance instance-1 input rate 1
set forwarding-options sampling instance instance-1 family inet output flow-server 10.50.1.2 port 2055
set forwarding-options sampling instance instance-1 family inet output flow-server 10.50.1.2 version9 template template1
set forwarding-options sampling instance instance-1 family inet output inline-jflow source-address 10.50.1.100
set forwarding-options sampling instance instance-1 family inet output inline-jflow flow-export-rate 10
set forwarding-options sampling instance instance-1 family inet6 output flow-server 10.50.1.2 port 2055
set forwarding-options sampling instance instance-1 family inet6 output flow-server 10.50.1.2 version-ipfix template template-v61
set forwarding-options sampling instance instance-1 family inet6 output inline-jflow source-address 10.50.1.110
set forwarding-options sampling instance instance-1 family inet6 output inline-jflow flow-export-rate 6

配置 FPC 参数

content_copy zoom_out_map
set chassis fpc 0 sampling-instance instance-1
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 8
set chassis fpc 0 inline-services flow-table-size ipv6-flow-table-size 7

配置防火墙过滤器

content_copy zoom_out_map
set firewall family inet filter inet-sample term t1 then sample
set firewall family inet filter inet-sample term t1 then accept
set firewall family inet6 filter inet6-sample term t1 then sample
set firewall family inet6 filter inet6-sample term t1 then accept

配置接口属性

content_copy zoom_out_map
set interfaces ge-0/0/4 unit 0 family inet filter input inet-sample
set interfaces ge-0/0/4 unit 0 family inet address 10.150.1.1/24
set interfaces ge-0/1/6 unit 0 family inet6 filter input inet6-sample
set interfaces ge-0/1/6 unit 0 family inet6 address 2001:db8:0:2::1/64

逐步过程

以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅 CLI 用户指南中的在配置模式下使用 CLI 编辑器。

  1. 为内联活动流监控配置模板属性。

    content_copy zoom_out_map
    [edit services flow-monitoring]
    user@router1# set version9 template template1 ipv4-template
    user@router1# set version9 template template1 flow-active-timeout 120
    user@router1# set version9 template template1 flow-inactive-timeout 60
    user@router1# set version9 template template1 template-refresh-rate packets 100
    user@router1# set version9 template template1 option-refresh-rate packets 100
    user@router1# set version-ipfix template template-v61 ipv6-template
    user@router1# set version-ipfix template template-v61 flow-active-timeout 150
    user@router1# set version-ipfix template template-v61 flow-inactive-timeout 100
    user@router1# set version-ipfix template template-v61 template-refresh-rate seconds 30
    user@router1# set version-ipfix template template-v61 option-refresh-rate seconds 30
    
  2. 配置采样实例以实现内联主动流监控。

    content_copy zoom_out_map
    [edit forwarding-options sampling]
    user@router1# set instance instance-1 input rate 1
    user@router1# set instance instance-1 family inet output flow-server 10.50.1.2 port 2055
    user@router1# set instance instance-1 family inet output flow-server 10.50.1.2 version9 template template1
    user@router1# set instance instance-1 family inet output inline-jflow source-address 10.50.1.100
    user@router1# set instance instance-1 family inet output inline-jflow flow-export-rate 10
    user@router1# set instance instance-1 family inet6 output flow-server 10.50.1.2 port 2055
    user@router1# set instance instance-1 family inet6 output flow-server 10.50.1.2 version-ipfix template template-v61
    user@router1# set instance instance-1 family inet6 output inline-jflow source-address 10.50.1.110
    user@router1# set instance instance-1 family inet6 output inline-jflow flow-export-rate 6
    
    注意:

    在您完成下一步将采样实例与 FPC 关联之前,实例将保持非活动状态,并在配置中被标记 inactive

  3. 将采样实例与要对其实施内联主动流监控的 FPC 相关联,同时配置哈希表大小。

    注意:

    在早于 12.1 的 Junos OS 版本中,当您为内联活动流监控配置 IPv4 和 IPv6 流表大小时,以下条件适用于支持向后兼容性:

    • 如果不在[edit chassis fpc slot-number inline-services] 层次结构级别配置flow-table-size语句,则默认为 IPv4 流表分配 11 个 256K 条目,默认情况下,为数据包转发引擎上的 IPv6 流表分配 1 个 1K 条目。

    • 如果在层次结构级别配置ipv4-flow-table-size size语句[edit chassis fpc slot-number inline-services flow-table-size],而未在[edit chassis fpc slot-number inline-services flow-table-size]层次结构级别配置ipv6-flow-table-size size语句,则会分配您为 IPv4 流表配置的 256K 条目的单元数。对于 IPv6 流表,数据包转发引擎上分配一个 1K 条目的默认大小。

    • 如果不在ipv4-flow-table-size size[edit chassis fpc slot-number inline-services flow-table-size]层次结构级别配置语句并在层次结构级别配置ipv6-flow-table-size size语句[edit chassis fpc slot-number inline-services flow-table-size],则会分配您为 IPv6 流表配置的 256K 条目单元数。对于 IPv4 流表,数据包转发引擎上分配一个 1K 条目的默认大小。

    • 如果同时配置 IPv4 和 IPv6 流表的大小,将根据您指定的大小在数据包转发引擎上创建流表。

    注意:

    为 VPLS 流配置内联活动流监控时,请添加语句 vpls-flow-table-size

    content_copy zoom_out_map
    [edit chassis]
    user@router1# set fpc 0 sampling-instance instance-1
    user@router1# set fpc 0 inline-services flow-table-size ipv4-flow-table-size 8
    user@router1# set fpc 0 inline-services flow-table-size ipv6-flow-table-size 7
    
  4. 配置防火墙过滤器。

    content_copy zoom_out_map
    [edit firewall]
    user@router1# set family inet filter inet-sample term t1 then sample
    user@router1# set family inet filter inet-sample term t1 then accept
    user@router1# set family inet6 filter inet6-sample term t1 then sample
    user@router1# set family inet6 filter inet6-sample term t1 then accept
    
  5. 将上一步中配置的防火墙过滤器与要设置内联主动流监控的接口相关联。

    content_copy zoom_out_map
    [edit interfaces]
    user@router1# set ge-0/0/4 unit 0 family inet filter input inet-sample
    user@router1# set ge-0/0/4 unit 0 family inet address 10.150.1.1/24
    user@router1# set ge-0/1/6 unit 0 family inet6 filter input inet6-sample
    user@router1# set ge-0/1/6 unit 0 family inet6 address 2001:db8:0:2::1/64
    
  6. 提交配置。

    content_copy zoom_out_map
    [edit]
    user@router1# commit
    

结果

在配置模式下,输入 show services flow-monitoring、 、 show forwarding-options samplingshow chassis fpc 0show firewallshow interfaces命令,以确认您的配置。如果输出未显示预期的配置,请重复示例中的说明,以更正配置。

  • show services flow-monitoring

    content_copy zoom_out_map
    version9 {
        template template1 {
            flow-active-timeout 120;
            flow-inactive-timeout 60;
            template-refresh-rate {
                packets 100;
                seconds 600;
            }
            option-refresh-rate {
                packets 100;
                seconds 600;
            }
            ipv4-template;
        }
    }
        version-ipfix {
            template template-v61 {
                flow-active-timeout 150;
                flow-inactive-timeout 100;
                template-refresh-rate {
                    seconds 30;
                }
                ipv6-template;
            }
        }
    
  • show forwarding-options sampling

    content_copy zoom_out_map
    instance {
        instance-1 {
            input {
                rate 1;
            }
            family inet {
                output {
                    flow-server 10.50.1.2 {
                        port 2055;
                        version9 {
                            template {
                                template1;
                            }
                        }
                    }
                    inline-jflow {
                        source-address 10.50.1.100;
                        flow-export-rate 10;
                    }
                }
            }
            family inet6 {
                output {
                    flow-server 10.50.1.2 {
                        port 2055;
                        version-ipfix {
                            template {
                                template-v61;
                            }
                        }
                    }
                    inline-jflow {
                        source-address 10.50.1.110;
                        flow-export-rate 6;
                    }
                }
            }
        }
    }
    
  • show chassis fpc 0

    content_copy zoom_out_map
    sampling-instance instance-1;
        inline-services {
            flow-table-size {
                ipv4-flow-table-size 8;
                ipv6-flow-table-size 7;
            }
        }
    
  • show firewall

    content_copy zoom_out_map
    family inet {
        filter inet-sample {
            term t1 {
                then {
                    sample;
                    accept;
                }
            }
        }
    }
        family inet6 {
            filter inet6-sample {
                term t1 {
                    then {
                        sample;
                        accept;
                    }
                }
            }
        }
    
  • show interfaces

    content_copy zoom_out_map
    ...
    ge-0/1/6 {
        vlan-tagging;
        unit 0 {
            family inet6 {
                filter {
                    input inet6-sample;
                }
                address 2001:db8:0:2::1/64;
            }
        }
        }
    
        ge-0/0/4 {
            vlan-tagging;
            unit 0 {
                family inet {
                    filter {
                        input inet-sample;
                    }
                    address 10.150.1.1/24;
                }
            }
        }
    ...
    

软件和硬件要求

  • MX80 以外的 MX 系列路由器

  • Junos OS 13.2 或更高版本。

    注意:
    • 早于 13.2 的 Junos OS 版本还支持内联主动流监控。但是,此示例中讨论的部分功能在先前版本中不受支持。

    • 您需要在具有 5 类 FPC 的 T4000 路由器上配置 Junos OS 14.2 或更高版本。

概述

借助内联主动流监控,您可以在不使用服务 DPC 的情况下配置主动采样。本主题介绍为 IPv4 和 IPv6 流启用内联活动流监控的基本配置。您还可以为 VPLS 流配置内联主动流监控。要为 VPLS 流配置内联活动流监控,必须在层次结构级别上指定familyvpls和包括vpls-template[edit services flow-monitoring version-ipfix template template-name]

external-footer-nav