Table of Contents - JUNOS 9.5 Services Interfaces Configuration Guide

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

About This Guide

JUNOS Documentation and Release Notes

Objectives

Audience

Supported Platforms

Using the Indexes

Using the Examples in This Manual

Documentation Conventions

Documentation Feedback

Requesting Technical Support

Overview

Services Interfaces Overview

Services PIC Types
Supported Platforms

Services Interfaces Configuration Statements

[edit applications] Hierarchy Level
[edit forwarding-options] Hierarchy Level
[edit interfaces] Hierarchy Level
[edit logical-systems] Hierarchy Level
[edit protocols] Hierarchy Level
[edit services] Hierarchy Level

Adaptive Services

Adaptive Services Overview

Enabling Service Packages

Layer 2 Service Package Capabilities and Interfaces

Services Configuration Procedure

Packet Flow Through the Adaptive Services or MultiServices PIC

Stateful Firewall Overview

Stateful Firewall Support for Application Protocols
Stateful Firewall Anomaly Checking

Network Address Translation Overview

Traditional NAT
Twice NAT

IPsec Overview

IPsec
Security Associations
IKE
Comparison of IPsec Services and ES Interface Configuration

Layer 2 Tunneling Protocol Overview

Voice Services Overview

Class of Service Overview

Examples: Services Interfaces Configuration

Applications Configuration Guidelines

Configuring Application Protocol Properties

Configuring an Application Protocol
Configuring the Network Protocol
Configuring the ICMP Code and Type
Configuring Source and Destination Ports
Configuring the Inactivity Timeout Period
Configuring SIP
Configuring an SNMP Command for Packet Matching
Configuring an RPC Program Number
Configuring the TTL Threshold
Configuring a Universal Unique Identifier

Configuring Application Sets

ALG Descriptions

Basic TCP ALG
Basic UDP ALG
BOOTP
DCE RPC Services
FTP
H323
ICMP
IIOP
NetShow
RealAudio
RPC and RPC Portmap Services
RTSP
SMB
SNMP
SQLNet
TFTP
Traceroute
UNIX Remote-Shell Services
WinFrame

Verifying the Output of ALG Sessions

FTP Example

Sample Output

FTP System Log Messages

Analysis

Control Flows
Data Flows

Troubleshooting Questions

RTSP ALG Example

Sample Output
Analysis
Troubleshooting Questions

System Log Messages

System Log Configuration
System Log Output

JUNOS Default Groups

Examples: Referencing the Preset Statement from the JUNOS Default Group

Examples: Configuring Application Protocols

Summary of Applications Configuration Statements

application
application-protocol
application-set
applications
destination-port
icmp-code
icmp-type
inactivity-timeout
learn-sip-register
protocol
rpc-program-number
sip-call-hold-timeout
snmp-command
source-port
ttl-threshold
uuid

Stateful Firewall Services Configuration Guidelines

Configuring Stateful Firewall Rules

Configuring Match Direction for Stateful Firewall Rules

Configuring Match Conditions in Stateful Firewall Rules

Configuring Actions in Stateful Firewall Rules

Configuring IP Option Handling

Configuring Stateful Firewall Rule Sets

Examples: Configuring Stateful Firewall Rules

Summary of Stateful Firewall Configuration Statements

allow-ip-options
application-sets
applications
destination-address
destination-address-range
destination-prefix-list
from
match-direction
rule
rule-set
services
source-address
source-address-range
source-prefix-list
syslog
term
then

Network Address Translation Services Configuration Guidelines

Configuring Addresses and Ports for Use in NAT Rules

Configuring Pools of Addresses and Ports
Specifying Destination and Source Prefixes when Pools Are Not Used
Requirements for NAT Addresses
Configuring IPv6 Multicast Filters

Configuring NAT Rules

Configuring Match Direction for NAT Rules
Configuring NAT Type for Terms in NAT Rules
Configuring Match Conditions in NAT Rules
Configuring Actions in NAT Rules

Configuring NAT Rule Sets

Examples: Configuring NAT Rules

Example: Configuring Dynamic Source Translation

Example: Configuring Static Source Translation

Example: Configuring Dynamic and Static Source Translation

Example: Configuring an Oversubscribed Pool with No Fallback

Example: Configuring an Oversubscribed Pool with Fallback to NAPT

Example: Configuring Static Source Translation with Multiple Prefixes and Address Ranges

Example: Assigning Addresses from a Dynamic Pool for Static Use

Example: Configuring NAT Rules Without Defining a Pool

Example: Preventing Translation of Specific Addresses

Example: Configuring NAT for Multicast Traffic

Rendezvous Point Configuration
Router 1 Configuration

Example: Configuring Twice NAT

Example: Configuring Full-Cone NAT

Summary of Network Address Translation Configuration Statements

destination-address

destination-address-range

destination-pool

destination-prefix

destination-prefix-list

from

hint

ipv6-multicast-interfaces

ports-per-session

remotely-controlled

source-address-range

source-pool

source-prefix

source-prefix-list

translation-type (Traditional NAT)
translation-type (Twice NAT)

transport

Intrusion Detection Service Configuration Guidelines

Configuring IDS Rules

Configuring Match Direction for IDS Rules
Configuring Match Conditions in IDS Rules
Configuring Actions in IDS Rules

Configuring IDS Rule Sets

Examples: Configuring IDS Rules

Summary of Intrusion Detection Service Configuration Statements

aggregation
application-sets
applications
by-destination
by-pair
by-source
destination-address
destination-address-range
destination-prefix
destination-prefix-ipv6
destination-prefix-list
force-entry
from
ignore-entry
logging
match-direction
mss
rule
rule-set
services
session-limit
source-address
source-address-range
source-prefix
source-prefix-ipv6
source-prefix-list
syn-cookie
syslog
term
then
threshold

IPsec Services Configuration Guidelines

Minimum Security Association Configurations

Minimum Manual SA Configuration
Minimum Dynamic SA Configuration

Configuring Security Associations

Configuring Manual Security Associations

Configuring the Direction for IPsec Processing

Example: Using Different Configuration for the Inbound and Outbound Directions
Example: Using the Same Configuration for the Inbound and Outbound Directions

Configuring the Protocol for a Manual IPsec SA

Configuring the Security Parameter Index

Configuring the Auxiliary Security Parameter Index

Configuring Authentication for a Manual IPsec SA

Configuring Encryption for a Manual IPSec SA

Configuring Dynamic Security Associations

Clearing Security Associations

Configuring IKE Proposals

Configuring the Authentication Algorithm for an IKE Proposal
Configuring the Authentication Method for an IKE Proposal
Configuring the Diffie-Hellman Group for an IKE Proposal
Configuring the Encryption Algorithm for an IKE Proposal
Configuring the Lifetime for an IKE SA
Example: Configuring an IKE Proposal

Configuring IKE Policies

Configuring the Mode for an IKE Policy

Configuring the Proposals in an IKE Policy

Configuring the Preshared Key for an IKE Policy

Configuring the Local Certificate for an IKE Policy

Configuring a Certificate Revocation List

Configuring the Description for an IKE Policy

Configuring Local and Remote IDs for IKE Phase 1 Negotiation

Example: Configuring an IKE Policy

Configuring IPsec Proposals

Configuring the Authentication Algorithm for an IPsec Proposal
Configuring the Description for an IPsec Proposal
Configuring the Encryption Algorithm for an IPsec Proposal
Configuring the Lifetime for an IPsec SA
Configuring the Protocol for a Dynamic SA

Configuring IPsec Policies

Configuring the Description for an IPsec Policy
Configuring Perfect Forward Secrecy
Configuring the Proposals in an IPsec Policy
Example: Configuring an IPsec Policy

Configuring IPsec Rules

Configuring Match Direction for IPsec Rules

Configuring Match Conditions in IPsec Rules

Configuring Actions in IPsec Rules

Enabling IPsec Packet Fragmentation
Configuring Destination Addresses for Dead Peer Detection
Disabling IPSec Anti-Replay
Enabling System Log Messages
Specifying the MTU for IPsec Tunnels

Configuring IPsec Rule Sets

Configuring Dynamic Endpoints for IPsec Tunnels

Authentication Process
Implicit Dynamic Rules
Reverse Route Insertion
Configuring an IKE Access Profile
Referencing the IKE Access Profile in a Service Set
Configuring the Interface Identifier
Default IKE and IPsec Proposals

Tracing IPsec Operations

Examples: Configuring IPsec Services

Example: Configuring Statically Assigned Tunnels
Example: Configuring Dynamically Assigned Tunnels

Summary of IPsec Services Configuration Statements

authentication

authentication-algorithm

authentication-algorithm (IKE)
authentication-algorithm (IPsec)

authentication-method

auxiliary-spi

backup-remote-gateway

clear-dont-fragment-bit

clear-ike-sas-on-pic-restart

clear-ipsec-sas-on-pic-restart

description

destination-address

encryption-algorithm

from

ike

initiate-dead-peer-detection

ipsec

ipsec-inside-interface

lifetime-seconds

local-certificate

perfect-forward-secrecy

policy

policy (IKE)
policy (IPsec)

pre-shared-key

proposal

proposal (IKE)
proposal (IPsec)

Layer 2 Tunneling Protocol Services Configuration Guidelines

L2TP Services Configuration Overview

L2TP Minimum Configuration

Configuring L2TP Tunnel Groups

Configuring Access Profiles for L2TP Tunnel Groups
Configuring the Local Gateway Address and PIC
Configuring Window Size for L2TP Tunnels
Configuring Timers for L2TP Tunnels
Hiding Attribute-Value Pairs for L2TP Tunnels
Configuring System Logging of L2TP Tunnel Activity

Configuring the Identifier for Logical Interfaces that Provide L2TP Services

Example: Configuring Multilink PPP on a Shared Logical Interface

AS PIC Redundancy for L2TP Services

Tracing L2TP Operations

Examples: Configuring L2TP Services

Summary of Layer 2 Tunneling Protocol Configuration Statements

facility-override

hello-interval

hide-avps

host

l2tp-access-profile

local-gateway address

log-prefix

maximum-send-window

ppp-access-profile

receive-window

retransmit-interval

service-interface

services

services (Hierarchy)
services (L2TP System Logging)

Link Services IQ Interfaces Configuration Guidelines

Layer 2 Service Package Capabilities and Interfaces

Configuring LSQ Interface Redundancy Across Multiple Routers Using SONET APS

Configuring the Association between LSQ and SONET Interfaces
Configuring SONET APS Interoperability with Cisco Systems FRF.16
Restrictions on APS Redundancy for LSQ Interfaces

Configuring LSQ Interface Redundancy in a Single Router Using SONET APS

Configuring LSQ Interface Redundancy in a Single Router Using Virtual Interfaces

Configuring Redundant Paired LSQ Interfaces
Restrictions on Redundant LSQ Interfaces
Configuring Link State Replication for Redundant Link PICs
Examples: Configuring Redundant LSQ Interfaces for Failure Recovery

Configuring CoS Scheduling Queues on Logical LSQ Interfaces

Configuring Scheduler Buffer Size
Configuring Scheduler Priority
Configuring Scheduler Shaping Rate
Configuring Drop Profiles

Configuring CoS Fragmentation by Forwarding Class on LSQ Interfaces

Reserving Bundle Bandwidth for Link-Layer Overhead on LSQ Interfaces

Configuring Multiclass MLPPP on LSQ Interfaces

Oversubscribing Interface Bandwidth on LSQ Interfaces

Example: Oversubscribing an LSQ Interface

Configuring Guaranteed Minimum Rate on LSQ Interfaces

Example: Configuring Guaranteed Minimum Rate

Configuring Link Services and CoS on Services PICs

Configuring Link Services and CoS on J-series Services Routers

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using MLPPP

Example: Configuring an LSQ Interface as an NxT1 Bundle Using MLPPP

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using FRF.16

Example: Configuring an LSQ Interface as an NxT1 Bundle Using FRF.16

Configuring LSQ Interfaces for Single Fractional T1 or E1 Interfaces Using MLPPP and LFI

Example: Configuring an LSQ Interface for a Fractional T1 Interface Using MLPPP and LFI

Configuring LSQ Interfaces for Single Fractional T1 or E1 Interfaces Using FRF.12

Examples: Configuring an LSQ Interface for a Fractional T1 Interface Using FRF.12

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using FRF.15

Configuring LSQ Interfaces for T3 Links Configured for Compressed RTP over MLPPP

Configuring LSQ Interfaces as T3 or OC3 Bundles Using FRF.12

Configuring LSQ Interfaces for ATM2 IQ Interfaces Using MLPPP

Summary of Link Services IQ Configuration Statements

cisco-interoperability
forwarding-class
fragment-threshold
fragmentation-map
fragmentation-maps
hot-standby
link-layer-overhead
lsq-failure-options
multilink-class
multilink-max-classes
no-fragmentation
no-termination-request
per-unit-scheduler
preserve-interface
primary
redundancy-options
secondary
trigger-link-failure
warm-standby

Voice Services Configuration Guidelines

Configuring Services Interfaces for Voice Services

Configuring the Logical Interface Address for the MLPPP Bundle
Configuring Compression of Voice Traffic
Configuring Delay-Sensitive Packet Interleaving
Example: Configuring Compression of Voice Traffic

Configuring Encapsulation for Voice Services

Configuring Network Interfaces for Voice Services

Configuring Voice Services Bundles with MLPPP Encapsulation
Configuring the Compression Interface with PPP Encapsulation

Configuring VoIP Routing on J-series Services Routers

Functional Components
Configuring the VoIP Interface
Configuring the Media Gateway Controller List
Configuring Dynamic Call Admission Control

Examples: Configuring Voice Services

Summary of Voice Services Configuration Statements

activation-priority
address
bearer-bandwidth-limit
bundle
compression
compression-device
dynamic-call-admission-control
encapsulation
f-max-period
family
fragment-threshold
interfaces
maximum-contexts
port
queues
rtp
unit

Class-of-Service Configuration Guidelines

Restrictions and Cautions for CoS Configuration on Services Interfaces

Configuring CoS Rules

Configuring Match Direction for CoS Rules

Configuring Match Conditions In CoS Rules

Configuring Actions in CoS Rules

Configuring Application Profiles for Use as CoS Rule Actions
Configuring Reflexive and Reverse CoS Rule Actions

Example: Configuring CoS Rules

Configuring CoS Rule Sets

Examples: Configuring CoS on Services Interfaces

Summary of Class-of-Service Configuration Statements

application-profile
application-sets
applications
destination-address
destination-prefix-list
dscp
forwarding-class
from
match-direction
(reflexive | reverse)
rule
rule-set
services
sip-text
sip-video
sip-voice
source-address
source-prefix-list
syslog
term
then

Service Set Configuration Guidelines

Configuring Service Sets to be Applied to Services Interfaces

Configuring Interface Service Sets

Configuring Next-Hop Service Sets

Determining Traffic Direction

Interface Style Service Sets
Next-Hop Style Service Sets

Configuring Service Rules

Configuring IPsec Service Sets

Configuring the Local Gateway Address for IPsec Service Sets

IKE Addresses in VRF Instances

Configuring IKE Access Profiles for IPsec Service Sets

Configuring Certification Authorities for IPsec Service Sets

Configuring Service Set Limitations

Configuring System Logging for Service Sets

Enabling Services PICs to Accept Multicast Traffic

Tracing Services PIC Operations

Configuring the Adaptive Services Log Filename
Configuring the Number and Size of Adaptive Services Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Trace Operations

Example: Configuring Service Sets

Summary of Service Set Configuration Statements

adaptive-services-pics

allow-multicast

facility-override

host

ids-rules

ike-access-profile

interface-service

ipsec-vpn-options

service-interface

service-set

services

services (Hierarchy)
services (System Logging)

stateful-firewall-rules

Service Interface Configuration Guidelines

Services Interface Naming Overview

Configuring the Address and Domain for Services Interfaces

Configuring Default Timeout Settings for Services Interfaces

Configuring System Logging for Services Interfaces

Enabling Fragmentation on GRE Tunnels

Applying Filters and Services to Interfaces

Configuring Service Filters

Configuring AS or MultiServices PIC Redundancy

Examples: Configuring Services Interfaces

Summary of Service Interface Configuration Statements

address
clear-dont-fragment-bit
dial-options
facility-override
family
host
inactivity-timeout
input
interfaces
log-prefix
open-timeout
output
post-service-filter
primary
redundancy-options
secondary
service
service-domain
service-filter
service-set
services
services-options
syslog
unit

PGCP Configuration Guidelines for the BGF Feature

Summary of PGCP Configuration Statements

administrative

administrative (Control Association)
administrative (Virtual Interface)

algorithm

application-data-inactivity-detection

audit-observed-events-returns

base-root

bgf-core

cancel-graceful

cancel-graceful (Control Association)
cancel-graceful (Virtual Interface)

cleanup-timeout

context-indications

control-association-indications

controller-address

controller-failure

controller-port

data-inactivity-detection

default

delivery-function

destination-address

destination-port

detect

diffserv

disable-session-mirroring

event-timestamp-notification

failover-cold

failover-warm

failure

failure (Control Association)
failure (Virtual Interface)

fast-update-filters

gateway-controller

gateway-port

graceful

graceful (Control Association)
graceful (Virtual Interface)

hanging-termination-detection

inactivity-delay

inactivity-duration

inactivity-timer

inactivity-timeout

initial-average-ack-delay

interface

interim-ah-scheme

ip-flow-stop-detection

latch-deadlock-delay

link-loss

max-burst-size

max-burst-size (All Streams)
max-burst-size (RTCP Streams)

max-concurrent-calls

maximum-fuf-percentage

maximum-inactivity-time

maximum-net-propagation-delay

maximum-synchronization-mismatches

maximum-synchronization-time

maximum-terms

maximum-waiting-delay

media

media-service

mg-maximum-pdu-size

mg-originated-pending-limit

mg-provisional-response-timer-value

mg-segmentation-timer

mgc-maximum-pdu-size

mgc-originated-pending-limit

mgc-provisional-response-timer-value

mgc-segmentation-timer

monitor

nat-pool

network-operator-id

no-rtcp-check

normal-mg-execution-time

normal-mgc-execution-time

notification-behavior

notification-rate-limit

notification-regulation

no-dscp-bit-mirroring

overload-control

peak-data-rate

peak-data-rate (All Streams)
peak-data-rate (RTCP)

queue-limit-percentage

reconnect

reject-all-commands-threshold

reject-new-calls-threshold

report-service-change

request-timestamp

send-notification-on-delay

service-change

service-change-type

service-interface

service-state

service-state (Virtual BGF)
service-state (Virtual Interface)

services

session-mirroring

source-address

source-port

state-loss

stop-detection-on-drop

sustained-data-rate

sustained-data-rate
sustained-data-rate (RTCP Streams)

timerx

tmax-retransmission-delay

traceoptions

traffic-management

up

use-lower-case

use-wildcard-response

virtual-interface

virtual-interface-down

virtual-interface-indications

virtual-interface-up

warm

Service Interface Pools Configuration Guidelines

Configuring Service Interface Pools

Summary of Service Interface Pools Statements

interface
pool
service-interface-pools

Border Signaling Gateway Configuration Guidelines

Summary of Border Signaling Gateway Configuration Statements

admission-control

admission-control (Border Signaling Gateway)
admission-control (New Call Usage Policy)

committed-burst-size

committed-information-rate

datastore

dialogs

dscp

egress-service-point

from (New Call Usage Policy)
from (New Transaction Policy)
from (Service Class)

new-call-usage-policies

new-call-usage-policy

new-call-usage-policy-set

new-transaction-policies

new-transaction-policy

new-transaction-policy-set

service-interface

service-interface (Gateway)
service-interface (Service Point)

service-point

service-point-type

term (New Call Usage Policy)
term (New Transaction Policy)
term (Service Class)

then

then (New Call Usage Policy)
then (New Transaction Policy)
then (Service Class)

transport-details

Dynamic Application Awareness

Dynamic Application Awareness Overview

IDP Overview
APPID Overview
AACL Overview
L-PDF Overview

Application Identification Configuration Guidelines

Defining an Application Identification

Configuring APPID Rules

Configuring Application Profiles

Configuring Application Groups

Configuring Global APPID Properties

Configuring Automatic Download of Software Updates

Tracing APPID Operations

Configuring the APPID Log Filename
Configuring the Number and Size of APPID Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Tracing Flags

Examples: Configuring Application Identification Properties

Summary of Application Identification Configuration Statements

address

application

application (Defining)
application (Including in Rule)

application-group

application-groups

application-system-cache-timeout

disable (APPID Application)
disable (APPID Application Group)
disable (APPID Port Mapping)

max-checked-bytes

min-checked-bytes

no-application-identification

no-application-system-cache

no-clear-application-system-cache

no-signature-based

rule (Configuring)
rule (Including in Rule Set)

Application-Aware Access List Configuration Guidelines

Configuring AACL Rules

Configuring Match Direction for AACL Rules
Configuring Match Conditions in AACL Rules
Configuring Actions in AACL Rules

Configuring AACL Rule Sets

Example: Configuring AACL Rules

Summary of AACL Configuration Statements

applications
application-groups
application-group-any
destination-address
destination-address-range
destination-prefix-list
from
match-direction
rule
rule-set
services
source-address
source-address-range
source-prefix-list
term
then

Local Policy Decision Function Configuration Guidelines

Configuring L-PDF Profiles
Applying L-PDF Profiles to Service Sets
Tracing L-PDF Operations

Summary of L-PDF Configuration Statements

aacl-fields
policy-decision-statistics-profile
traceoptions

Data Link Switching

Data Link Switching Overview

Overview
DLSw Standards

Data Link Switching Configuration Guidelines

Configuring DLSw

Minimum DLSw Configuration

Configuring the Remote Peer

Configuring Load Balancing

Configuring DLSw Timers

Configuring the Local Peer

Examples: Configuring DLSw Peers

Configuring the Initial Pacing Window

Configuring the Idle Timeout

Configuring the Multicast Address

Configuring Class of Service

Example: Configuring CoS for a DLSw Connection

Tracing DLSw Protocol Traffic

Configuring Logical Link Control on Interfaces

Example: Configuring LLC Options on an Interface

Configuring DLSw Ethernet Redundancy Using LLC2 Properties

Example: Configuring DLSw Ethernet Redundancy

Summary of Data Link Switching Configuration Statements

advertise-interval
circuit-weight
connection-idle-timeout
cost
destination
destination-interface
dlsw
dlsw-cos
explorer-wait-time
hold-time
interface
load-balance
local-mac
local-peer
map
multicast-address
no-preempt
peer
preempt
priority
promiscuous
protocols
reachability-cache-timeout
receive-initial-pacing
redundancy-group
remote-mac
remote-peer
traceoptions
track
type-of-service

Encryption Services

Encryption Overview

Encryption Interfaces Configuration Guidelines

Configuring Encryption Interfaces

Specifying the Security Association Name for Encryption Interfaces
Configuring the MTU for Encryption Interfaces
Example: Configuring an Encryption Interface

Configuring Filters for Traffic Transiting the ES PIC

Traffic Overview

Configuring the Security Association

Configuring an Outbound Traffic Filter

Example: Configuring an Outbound Traffic Filter

Applying the Outbound Traffic Filter

Example: Applying the Outbound Traffic Filter

Configuring an Inbound Traffic Filter

Example: Configuring an Inbound Traffic Filter

Applying the Inbound Traffic Filter to the Encryption Interface

Example: Applying the Inbound Traffic Filter to the Encryption Interface

Configuring an ES Tunnel Interface for a Layer 3 VPN

Configuring ES PIC Redundancy

Example: Configuring ES PIC Redundancy

Configuring IPsec Tunnel Redundancy

Summary of Encryption Configuration Statements

address
backup-destination
backup-interface
destination
es-options
family
filter
interfaces
ipsec-sa
source
tunnel
unit

Flow Monitoring and Discard Accounting Services

Flow Monitoring and Discard Accounting Overview

Passive Flow Monitoring
Active Flow Monitoring

Flow Monitoring and Discard Accounting Configuration Guidelines

Configuring Traffic Sampling

Minimum Configuration for Traffic Sampling

Configuring Traffic Sampling

Disabling Traffic Sampling

Configuring Traffic Sampling Output

Traffic Sampling Output Format

Tracing Traffic Sampling Operations

Traffic Sampling Examples

Example: Sampling a Single SONET Interface
Example: Sampling All Traffic from a Single IP Address
Example: Sampling All FTP Traffic

Configuring Flow Monitoring

Configuring Flow-Monitoring Interfaces

Configuring Flow-Monitoring Properties

Directing Traffic to Flow-Monitoring Interfaces
Exporting Flows
Configuring Time Periods when Flow Monitoring is Active and Inactive

Example: Configuring Flow Monitoring

Enabling Flow Aggregation

Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd

Configuring Flow Aggregation to Use Version 9 Flow Templates

Configuring the Traffic to be Sampled
Configuring the Version 9 Template Properties
Restrictions
Fields Included in Each Template Type
MPLS Sampling Behavior
Verification
Examples: Configuring Version 9 Flow Templates

Directing Replicated Flows to Multiple Flow Servers

Directing Replicated Routing Engine–Based Sampling Flows to Multiple Servers
Directing Replicated Version 9 Flow Aggregates to Multiple Servers

Logging cflowd Flows Before Export

Configuring Port Mirroring

Configuring Tunnels
Filter-Based Forwarding with Multiple Monitoring Interfaces
Restrictions
Configuring Port Mirroring on Services Interfaces
Examples: Configuring Port Mirroring

Load Balancing Among Multiple Monitoring Interfaces

Configuring Discard Accounting

Enabling Passive Flow Monitoring

Passive Flow Monitoring for MPLS Encapsulated Packets

Removing MPLS Labels from Incoming Packets

Example: Enabling Passive Flow Monitoring

Configuring Services Interface Redundancy with Flow Monitoring

Summary of Flow-Monitoring Configuration Statements

accounting

address

aggregate-export-interval

aggregation

autonomous-system-type

cflowd

cflowd (Discard Accounting and Sampling)
cflowd (Flow Monitoring)

family (Interfaces)
family (Monitoring)
family (Port Mirroring)
family (Sampling)

file

file (Sampling)
file (Trace Options)

filename

files

filter

flow-active-timeout

flow-export-destination

flow-inactive-timeout

flow-monitoring

forwarding-options

input

input (Port Mirroring)
input (Sampling)

input-interface-index

interface

interface (Accounting or Sampling)
interface (Monitoring)
interface (Port Mirroring)

max-packets-per-second

monitoring

mpls-ipv4-template

mpls-template

multiservice-options

no-world-readable

option-refresh-rate

output

output (Accounting)
output (Monitoring)
output (Port Mirroring)
output (Sampling)

output-interface-index

passive-monitor-mode

receive-options-packets

receive-ttl-exceeded

required-depth

run-length

sampling

sampling (Forwarding Options)
sampling (Interfaces)

template (Forwarding Options)
template (Services)

template-refresh-rate

version9 (Forwarding Options)
version9 (Services)

world-readable

Flow Collection Configuration Guidelines

Configuring Flow Collection

Configuring Destination FTP Servers for Flow Records
Configuring a Packet Analyzer
Configuring File Formats
Configuring Interface Mappings
Configuring Transfer Logs
Configuring Retry Attempts

Sending cflowd Records to Flow Collector Interfaces

Configuring Flow Collection Mode and Interfaces on Services PICs

Example: Configuring Flow Collection

Summary of Flow Collection Configuration Statements

file-specification

file-specification (File Format)
file-specification (Interface Mapping)

flow-collector

ftp

ftp (Flow Collector Files)
ftp (Transfer Log Files)

password (Flow Collector File Servers)
password (Transfer Log File Servers)

retry

retry-delay

transfer

transfer-log-archive

username

variant

Dynamic Flow Capture Configuration Guidelines

Dynamic Flow Capture Architecture

Liberal Sequence Windowing

Configuring Dynamic Flow Capture

Configuring the Capture Group
Configuring the Content Destination
Configuring the Control Source
Configuring the DFC PIC Interface
Configuring System Logging
Configuring Thresholds
Limiting the Number of Duplicates of a Packet

Example: Configuring Dynamic Flow Capture

Flow-Tap Configuration Guidelines

Flow-Tap Architecture

Configuring the Flow-Tap Service

Configuring the Flow-Tap Interface
Strengthening Flow-Tap Security
Restrictions on Flow-Tap Services

Configuring FlowTapLite

Examples: Configuring Flow-Tap Services

Summary of Dynamic Flow Capture and Flow-Tap Configuration Statements

address
allowed-destinations
capture-group
content-destination
control-source
duplicates-dropped-periodicity
dynamic-flow-capture
flow-tap
flow-tap-lite
g-duplicates-dropped-periodicity
g-max-duplicates
hard-limit
hard-limit-target
input-packet-rate-threshold
interface
interfaces
max-duplicates
minimum-priority
no-syslog
notification-targets
pic-memory-threshold
service-port
services
shared-key
soft-limit
soft-limit-clear
source-addresses
ttl

Link and Multilink Services

Link and Multilink Services Overview

Link and Multilink Services Configuration Guidelines

Multilink and Link Services PICs Overview

Configuring the Number of Bundles on Link Services PICs

Configuring the Links in a Multilink or Link Services Bundle

Multilink and Link Services Logical Interface Configuration Overview

Default Settings for Multilink and Link Services Logical Interfaces

Configuring Encapsulation for Multilink and Link Services Logical Interfaces

Configuring the Drop Timeout Period on Multilink and Link Services Logical Interfaces

Limiting Packet Payload Size on Multilink and Link Services Logical Interfaces

Configuring the Minimum Number of Active Links on Multilink and Link Services Logical Interfaces

Configuring MRRU on Multilink and Link Services Logical Interfaces

Configuring the Sequence Header Format on Multilink and Link Services Logical Interfaces

Configuring DLCIs on Link Services Logical Interfaces

Configuring Point-to-Point DLCIs for MLFR FRF.16 and MLPPP Bundles
Configuring Multicast-Capable DLCIs for MLFR FRF.16 Bundles

Configuring Delay-Sensitive Packet Interleaving on Link Services Logical Interfaces

Configuring LFI with DLCI Scheduling

Example: Configuring LFI with DLCI Scheduling

Configuring Compressed RTP on J-series Services Routers

Example: Configuring Compressed RTP with MLPPP Encapsulation
Example: Configuring Compressed RTP with PPP Encapsulation

Configuring Link Services Physical Interfaces

Default Settings for Link Services Interfaces
Configuring Encapsulation for Link Services Physical Interfaces
Configuring Acknowledgment Timers on Link Services Physical Interfaces
Configuring Differential Delay Alarms on Link Services Physical Interfaces with MLFR FRF.16
Configuring Keepalives on Link Services Physical Interfaces

Configuring CoS on Link Services Interfaces

CoS for Link Services Interfaces on J-series Services Routers
CoS for Link Services Interfaces on M-series and T-series Routing Platforms
Example: Configuring CoS on Link Services Interfaces

Examples: Configuring Multilink Interfaces

Example: Configuring a Multilink Interface with MLPPP
Example: Configuring a Multilink Interface with MLPPP over ATM 2 Interfaces
Configuring a Multilink Interface with MLFR FRF.15

Examples: Configuring Link Interfaces

Example: Configuring a Link Services Interface with Two Links
Example: Configuring a Link Services Interface with MLPPP
Example: Configuring a Link Services Interface with MLFR FRF.15
Example: Configuring a Link Services PIC with MLFR FRF.16
Example: Configuring Link and Voice Services Interfaces with a Combination of Bundle Types

Summary of Multilink and Link Services Configuration Statements

acknowledge-retries

acknowledge-timer

action-red-differential-delay

address

bundle

compression-device

destination

disable-mlppp-inner-ppp-pfc

dlci

drop-timeout

encapsulation

encapsulation (Logical Interface)
encapsulation (Physical Interface)

family

fragment-threshold

hello-timer

interfaces

interleave-fragments

lmi-type

minimum-links

mlfr-uni-nni-bundle-options

red-differential-delay

yellow-differential-delay

Real-Time Performance Monitoring Services

Real-Time Performance Monitoring Services Overview

Real-Time Performance Monitoring Configuration Guidelines

Configuring BGP Neighbor Discovery Through RPM

Configuring Real-Time Performance Monitoring

Configuring RPM Probes

Configuring RPM Receiver Servers

Limiting the Number of Concurrent RPM Probes

Configuring RPM Timestamping

Configuring RPM Timestamps on M-series, MX-series, and T-series Routing Platforms
Configuring RPM Timestamps on J-series Services Routers

Configuring TWAMP

Configuring TWAMP Interfaces
Configuring TWAMP Servers

Examples: Configuring BGP Neighbor Discovery Through RPM

Examples: Configuring Real-Time Performance Monitoring

Summary of Real-Time Performance Monitoring Configuration Statements

authentication-mode

client-list

data-fill

data-size

destination-interface

destination-port

dscp-code-point

hardware-timestamp

history-size

inactivity-timeout

logical-system

maximum-connections

maximum-connections-per-client

maximum-sessions

maximum-sessions-per-connection

moving-average-size

one-way-hardware-timestamp

port

port (RPM)
port (TWAMP)

routing-instances

Tunnel Services Overview

Tunnel Interfaces Configuration Guidelines

Configuring Unicast Tunnels

Configuring a Key Number on GRE Tunnels
Enabling Fragmentation on GRE Tunnels
Specifying an MTU Setting for the Tunnel
Configuring a GRE Tunnel to Copy ToS Bits to the Outer IP Header
Configuring Packet Reassembly

Restricting Tunnels to Multicast Traffic

Configuring Logical Tunnel Interfaces

Connecting Logical Systems
Configuring Logical Tunnels on J-series Platforms

Configuring Tunnel Interfaces for Routing Table Lookup

Configuring Virtual Loopback Tunnels for VRF Table Lookup

Configuring PIM Tunnels

Configuring IPv6-over-IPv4 Tunnels

Configuring Dynamic Tunnels

Configuring Tunnel Interfaces on MX-series Routers

Examples: Configuring Unicast Tunnels

Example: Configuring a Virtual Loopback Tunnel for VRF Table Lookup

Example: Configuring an IPv6-over-IPv4 Tunnel

Example: Configuring Logical Tunnels

Summary of Tunnel Services Configuration Statements

allow-fragmentation

backup-destination

copy-tos-to-outer-ip-header

destination

destination (Tunnel Remote End)
destination (Routing Instance)

destination-networks

reassemble-packets

routing-instance

routing-instances

Index
Index of Statements and Commands

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]