Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Active Flow Monitoring

In active flow monitoring, the router participates in both the monitoring application and in the normal routing functionality of the network. Although the Monitoring Services PIC was designed initially for use as an offline passive flow monitoring tool, it can also be used in an active flow monitoring topology.

Table 1 shows which Juniper Networks PICs and corresponding routers support active flow monitoring. For more information on Juniper Networks PICs, see the PIC guide that corresponds to your router.

Table 1: Passive and Active Flow Monitoring PIC Support

PIC Type and Service

M5/M10

M7i/M10i

M20

M40e

M120

M160

T Series/M320

TXMatrix

Monitoring Services PIC: active flow monitoring

Yes (version 8 only)

Yes

Yes

Yes

No

Yes (version 8 only)

No

No

Monitoring Services II PIC: flow collection services

No

No

No

Yes

No

Yes (version 8 only)

No

No

Adaptive Services PIC: active flow monitoring

Yes (version 8 only)

Yes

Yes

Yes

No

Yes (version 8 only)

No

No

Adaptive Services II PIC: active flow monitoring

Yes(version 8 only)

Yes

Yes

Yes

Yes

Yes (version 8 only)

Yes

Yes

Adaptive Services II PIC: flow-tap services

No

Yes

Yes

Yes

Yes

No

Yes

No

MultiServices 100 PIC: active flow monitoring

No

Yes

No

Yes

No

No

Yes

Yes

MultiServices 400 PIC: active flow monitoring

No

No

No

Yes

Yes

No

Yes

Yes

MultiServices 500 PIC: active flow monitoring

No

No

No

Yes

Yes

No

Yes

Yes

Junos OS-enabled active flow monitoring

No

No

No

No

No

No

No

No

Specified packets can be filtered and sent to the monitoring interface. For the Monitoring Services PIC, the interface name contains the mo- prefix. For the Adaptive Services PICs and MultiServices PICs, the interface name contains the sp- prefix.

Note:

If you upgrade from the Monitoring Services PIC to the Adaptive Services PIC or MultiServices PIC for active flow monitoring, you must modify the interface name of your monitoring interface from mo-fpc/pic/port to sp-fpc/pic/port.

The major active flow monitoring actions you can configure at the [edit forwarding-options] hierarchy level are as follows:

  • Sampling, with the [edit forwarding-options sampling] hierarchy. This option extracts limited information (such as the source and destination IP address) from a copy of some of the packets in a flow, while the original packets are forwarded to the intended destination. This option is extended to define active sampling on a per Packet Forwarding Engine basis by defining a sampling instance that specifies a name for the sampling parameters and binding the instance to the particular Packet Forwarding Engine.

  • Templates, with the [edit forwarding-options sampling] and [edit services monitoring] hierarchies. With active flow monitoring support for version 5, version 8, and the customizing version 9, you can use templates to organize the data gathered from sampling.

  • Discard accounting, with the [edit forwarding-options accounting] hierarchy. This option quarantines unwanted packets, creates flow monitoring records that describe the packets, and discards the packets instead of forwarding them.

  • Port mirroring, with the [edit forwarding-options port-mirroring] hierarchy. This option makes one full copy of all packets in a flow and delivers the copy to a single destination.

  • Multiple port mirroring, with the [edit forwarding-options next-hop-group] hierarchy. This option allows multiple copies of selected traffic to be delivered to multiple destinations. (Multiple port mirroring requires a Tunnel Services PIC.)

  • Flow-tap services processing, with the [edit services flow-tap] hierarchy. This option sends copies of packets that match dynamic filter criteria to one or more content destinations.

Unlike passive flow monitoring, you do not need to configure a monitoring group. Instead, you can send filtered packets to a monitoring services or adaptive services interface (mo- or sp-) by using sampling or discard accounting. Optionally, you can configure port mirroring or multiple port mirroring to direct packets to additional interfaces.

These active flow monitoring options provide a wide variety of actions that can be performed on network traffic flows. However, the following restrictions apply:

  • The router can perform either sampling or port mirroring at any one time.

  • The router can perform either forwarding or discard accounting at any one time.

Because the Monitoring Services PIC, Adaptive Services PIC, and MultiServices PIC allow only one action to be performed at any one time, the following configuration options are available:

  • Sampling and forwarding

  • Sampling and discard accounting

  • Port mirroring and forwarding

  • Port mirroring and discard accounting

  • Sampling and port mirroring on different sets of traffic

To configure active flow monitoring, complete these steps: