Navigation
Example: Configuring Dynamic Flow Capture
The following example includes all parts of a complete dynamic flow capture configuration.
Configure the DFC PIC interface:
[edit interfaces dfc-0/0/0]unit 0 {family inet {filter {output high; #Firewall filter to route control packets# through 'network-control' forwarding class. Control packets# are loss sensitive.}address 10.1.0.0/32 { # DFC PIC addressdestination 10.36.100.1; # DFC PIC address used by# the control source to correspond with the# monitoring platform}}unit 1 { # receive data packets on this logical interfacefamily inet;family inet6;}unit 2 { # send out copies of matched packets on this logical interfacefamily inet;}
Configure the capture group:
services dynamic-flow-capture {capture-group g1 {interfaces dfc-0/0/0;input-packet-rate-threshold 90k;pic-memory-threshold percentage 80;control-source cs1 {source-addresses 10.36.41.1;service-port 2400;notification-targets {10.36.41.1 port 2100;}shared-key "$9$ASxdsYoX7wg4aHk";allowed-destinations cd1;}content-destination cd1 {address 10.36.70.2;ttl 244;}}}
Configur3 filter-based forwarding (FBF) to the DFC PIC interface, logical unit 1.
For more information about configuring passive monitoring interfaces, see Enabling Passive Flow Monitoring.
interfaces so-1/2/0 {encapsulation ppp;unit 0 {passive-monitor-mode;family inet {filter {input catch;}}}}
Configure the firewall filter:
firewall {filter catch {interface-specific;term def {then {count counter;routing-instance fbf_inst;}}}family inet {filter high {term all {then forwarding-class network-control;}}}}
Configure a forwarding routing instance. The next hop points specifically to the logical interface corresponding to unit 1, because only this particular logical unit is expected to relay monitored data to the DFC PIC.
routing-instances fbf_inst {instance-type forwarding;routing-options {static {route 0.0.0.0/0 next-hop dfc-0/0/0.1;}}}
Configure routing table groups:
[edit]routing-options {interface-routes {rib-group inet common;}rib-groups {common {import-rib [ inet.0 fbf_inst.inet.0 ];}}forwarding-table {export pplb;}}
Configure interfaces to the control source and content destination:
interfaces fe-4/1/2 {description "to cs1 from dfc";unit 0 {family inet {address 10.36.41.2/30;}}}interfaces ge-7/0/0 {description "to cd1 from dfc";unit 0 {family inet {address 10.36.70.1/30;}}}
