Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Configuring Inline Sampling

On MX Series routers and EX 9200 switches, you can configure active sampling to be performed on an inline data path without the need for a services Dense Port Concentrator (DPC). To do this, you define a sampling instance with specific properties. One Flexible PIC Concentrator (FPC) can support only one instance; for each instance, either services PIC-based sampling or inline sampling is supported per family. As a result, a particular instance can define PIC-based sampling for one family and inline sampling for a different family. Both IPv4 and IPv6 are supported for inline sampling.

Inline sampling supports version 9 and IPFIX flow collection templates. Support for version 9 template was introduced in Junos OS Release 13.2, and is limited to IPv4 flows. IPFIX template is supported for IPv4, IPv6, and VPLS flows. IPFIX template uses UDP as the transport protocol, whereas version 9 is transport protocol-independent.

The following limitations exist for inline sampling:

• Flow records and templates cannot be exported if the flow collector is reachable through any management interface.
• The flow collector should be reachable through the default routing table (inet.0 or inet6.0). If the flow collector is reachable via a non-default VPN routing and forwarding table (VRF), flow records and templates cannot be exported.
• If the destination of the sampled flow is reachable through multiple paths, the IP_NEXT_HOP (Element ID 15) and OUTPUT_SNMP (Element ID 14) in the IPv4 flow record would be set to the Gateway Address and SNMP Index of the first path seen in the forwarding table.
• If the destination of the sampled flow is reachable through multiple paths, the IP_NEXT_HOP(Element ID 15) and OUTPUT_SNMP (Element ID 14) in the IPv6 flow records would be set to 0.
• The user-defined sampling instance gets precedence over the global instance. When a user-defined sampling instance is attached to the FPC, the global instance is removed from the FPC and the user-defined sampling instance is applied to the FPC.
• The Incoming Interface (IIF) and Outgoing Interface (OIF) should be part of the same VRF. If OIF is in a different VRF, DST_MASK (Element ID 13), DST_AS (Element ID 17), IP_NEXT_HOP (Element ID 15), and OUTPUT_SNMP (Element ID 14) would be set to 0 in the flow records.
• Each Lookup Chip (LU) maintains and exports flows independent of other LUs. Traffic received on a media interface is distributed across all LUs in a multi-LU platform. It is likely that a single flow will be processed by multiple LUs. Therefore, each LU creates a unique flow and exports it to the flow collector. This can cause duplicate flows records to be seen on the flow collector. The flow collector should aggregate PKTS_COUNT and BYTES_COUNT for duplicate flow records to derive a single flow record.

Before you configure inline sampling, you should ensure that you have adequately-sized hash tables for IPv4 and IPv6 flow sampling. These tables can use one to fifteen 256k areas, and each table is assigned a default value of one such area. When anticipated traffic volume requires larger tables, allocate larger tables.

Note: For Junos OS releases earlier than Release 12.1, the following points are applicable for supporting backward compatibility when you configure the IPv4 and IPv6 flow table sizes for inline sampling: If you do not configure the flow-table-size statement at the [edit chassis fpc slot-number inline-services] hierarchy level, fifteen 256K entries are allocated by default for the IPv4 flow table and one 1K entry is allocated by default for the IPv6 flow table on the Packet Forwarding Engine. If you configure the ipv4-flow-table-size size statement at the [edit chassis fpc slot-number inline-services flow-table-size] hierarchy level and if you do not configure the ipv6-flow-table-size size statement at the [edit chassis fpc slot-number inline-services flow-table-size] hierarchy level, the number of units of 256K entries that you configure for the IPv4 flow table is allocated. For the IPv6 flow table, a default size of one 1K entry is allocated on the Packet Forwarding Engine. If you do not configure the ipv4-flow-table-size size statement at the [edit chassis fpc slot-number inline-services flow-table-size] hierarchy level and if you configure the ipv6-flow-table-size size statement at the [edit chassis fpc slot-number inline-services flow-table-size] hierarchy level, the number of units of 256K entries that you configure for the IPv6 flow table is allocated. For the IPv4 flow table, a default size of one 1K entry is allocated on the Packet Forwarding Engine. If you configure the sizes of both the IPv4 and IPv6 flow tables, the flow tables are created on the Packet Forwarding Engine based on the size that you specified.

1. Go to the flow-table-size hierarchy level for inline services on the FPC that processes the monitored flows.
   [edit]user@host# edit chassis fpc 0 inline-services flow-table-size
2. Specify the required sizes for the sampling hash tables.
   [edit chassis fpc 0 inline-services flow-table-size]user@host# set ipv4-flow-table-size 5user@host# set ipv6-flow-table-size 5

   Note: When you set the flow hash table sizes, remember: Any change in the configured size of flow hash table sizes initiates an automatic reboot of the FPC. The total number of units used for both IPv4 and IPv6 cannot exceed 15.

The configuration for inline sampling on MX80 routers is slightly different.

1. Enable inline sampling and specify the source address for the traffic.
   [edit forwarding-options sampling instance instance-name family inet output]user@host# set inline-jflow source address address
2. Specify the IP_FIX output format.
   [edit forwarding-options sampling instance instance-name family inet output flow-server address]user@host# set version-ipfix template ipv4
3. Specify the output properties.
   [edit services flow-monitoring]user@host# set version-ipfix

   The output format properties are common to other output formats and are described in “Configuring Flow Aggregation to Use IPFIX Flow Templates”.

The following is an example of the sampling configuration for an instance that supports inline sampling on family inet and PIC-based sampling on family inet6:

The following example shows the output format configuration:

• Sampling run-length and clip-size are not supported.
• For inline configurations, each family can support only one collector.

Note: Inline sampling instances can handle only up to 65536 AS paths. If the total number of AS paths exceed the maximum limit, the AS paths that have AS index greater than 65536 are discarded and counted as error. Flow records associated with such AS paths show the AS value as 0xFFFFFFFF . However, this limitation does not impact normal forwarding operations.

Note: On routers with Multiservices PICs or Multiservices DPCs, all fragments of a fragmented IPv4 packet other than the first fragment of the packet are processed accurately by the flow monitoring application running on MS-PIC or MS-DPC. The flow monitoring mechanism handles such fragments accurately by setting the layer 4 related fields in the associated flows to zero.