Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Flow-Tap Application Restrictions

The following restrictions apply to flow-tap services:

  • You cannot configure dynamic flow capture and flow-tap services on the same router simultaneously.

  • When the dynamic flow capture process or an AS PIC configured for flow-tap processing restarts, all filters are deleted and the mediation devices are disconnected.

  • Only the first fragment of an IPv4 fragmented packet stream is sent to the content destination.

  • If the flow-tap application is configured, you cannot configure the filter action then syslog for any firewall filter running on the same platform.

  • Running the flow-tap application over an IPsec tunnel on the same router can cause packet loops and is not supported.

  • The flow-tap service [edit services flow-tap] on tunnel interfaces on MX Series routers (FlowTapLite) and the RADIUS flow-tap service [edit services radius-flow-tap] cannot run simultaneously on the router. Consequently, you cannot run both FlowTapLite and subscriber secure policy mirroring at the same time on the same router in the earlier releases. However, starting in Junos OS Release 17.3R1, FlowTapLite and subscriber secure policy mirroring are supported to run concurrently on the same MX Series router.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
17.3R1
However, starting in Junos OS Release 17.3R1, FlowTapLite and subscriber secure policy mirroring are supported to run concurrently on the same MX Series router.