Active Flow Monitoring Overview
Flow monitoring versions 5, 8, and 9 support active flow monitoring. For active flow monitoring, the monitoring station participates in the network as an active router. The major actions the router can perform during active flow monitoring are as follows:
Sampling—The router selects and analyzes only a portion of the traffic.
Sampling with templates—The router selects, analyzes, and arranges a portion of the traffic into templates.
Sampling per sampling instance—The router selects, analyzes, and arranges a portion of the traffic according to the configuration and binding of a sampling instance.
Port mirroring—The router copies entire packets and sends the copies to another interface.
Multiple port mirroring—The router sends multiple copies of monitored packets to multiple export interfaces with the
next-hop-group
statement at the[edit forwarding-options]
hierarchy level.Discard accounting—The router accounts for selected traffic before discarding it. Such traffic is not forwarded out of the router. Instead, the traffic is quarantined and deleted.
Flow-tap processing—The router processes requests for active flow monitoring dynamically by using the Dynamic Tasking Control Protocol (DTCP).