Flow Monitoring Version 9 Format Output Fields
A detailed explanation of active flow monitoring version 9 packet formats and fields is shown as follows:
The Junos OS supports the version 9 template formats:
Template |
Fields |
|---|---|
IPv4 |
Flow selectors:
Flow nonselectors:
|
MPLS |
Flow selectors:
Flow nonselectors:
|
MPLS_IPv4 |
Flow selectors:
Flow nonselectors:
|
IPv6 |
Flow selectors:
Flow nonselectors:
|
Peer AS billing |
Flow selectors:
Flow nonselectors
Note:
Peer AS billing traffic is not supported for active flow monitoring version 9 configuration on PTX5000 routers tethered to CSE2000. |
Field |
Description |
|---|---|
Version |
9 |
Count |
Total number of records in the protocol data unit (PDU) or packet. This number includes all of the options FlowSet records, template FlowSet records, and data FlowSet records. |
sysUptime |
Current time elapsed, in milliseconds, since the router started. |
UNIX seconds |
Current seconds since 0000 UTC 1970. |
Flow sequence number |
Sequence counter of total flows received. |
Source ID |
32-bit value that identifies the data exporter. Version 9 uses the integrated field diagnostics (IFD) SNMP index of the PIC or device that is exporting the data flow. This field is equivalent to engine type and engine ID fields found in versions 5 and 8. |
Field |
Description |
|---|---|
FlowSet ID |
FlowSet type. FlowSet ID 0 is reserved for the Template FlowSet. |
Length |
FlowSet length. Individual template FlowSets might contain multiple template records, which means that the length of template FlowSets varies. |
Template ID |
Unique template ID assigned to each newly generated template. Templates numbered 256 and higher define data formats. Templates numbered 0 through 255 define FlowSet IDs. |
Field Count |
Fields in the template record. This field allows the collector to determine the end of the current template record and the start of the next. |
Field Type |
Field type. These are defined in Table 4. |
Field Length |
Length, in bytes, of the corresponding field type. |
Field Type |
Description |
|---|---|
1 |
IN_BYTES: The number of bytes associated with an IP flow. By default, the length is 4 bytes. |
2 |
IN_PKTS: The number of packets associated with an IP flow. By default, the length is 4 packets. |
4 |
PROTOCOL: The IP protocol byte. |
5 |
TOS: The type-of-service byte setting of an incoming packet. |
6 |
TCP_FLAGS: The cumulative TCP flags associated with a flow. |
7 |
L4_SRC_PORT: The TCP/UDP source port. |
8 |
IPv4_SRC_ADDR: The IPv4 source address. |
9 |
SRC_MASK: The number of contiguous bits in the source subnet mask. |
10 |
INPUT_SNMP: The IFD SNMP input interface index. By default, the length is 2. |
11 |
L4_DST_PORT: The TCP/UDP destination port number. |
12 |
IPV4_DST_ADDR: The IPv4 destination address. |
13 |
DST_MASK: The number of contiguous bits in the destination subnet mask. |
14 |
OUTPUT_SNMP: The IFD SNMP output interface index. By default, the length is 2. |
16 |
SRC_AS: The source autonomous system number. This is always set to zero. |
17 |
DST_AS: The destination autonomous system number. This is always set to zero. |
18 |
BGP_IPV4_NEXT_HOP: The BGP IPV4 next-hop address. |
21 |
LAST_SWITCHED: The uptime of the device (in milliseconds) at which the last packet of the flow was switched. |
22 |
FIRST_SWITCHED: The uptime of the device (in milliseconds) at which the first packet of the flow was switched. |
29 |
IPV6_SRC_MASK: The length of the IPv6 source mask, in contiguous bits. |
30 |
IPV6_DST_MASK: The length of the IPv6 destination mask, in contiguous bits. |
32 |
ICMP_TYPE: The ICMP type. |
34 |
SAMPLING_INTERVAL: The rate at which packets are sampled. As an example, a rate of 100 means that one packet is sampled for every 100 packets in the data flow. |
35 |
SAMPLING_ALGORITHM: The type of algorithm being used. Ox01 indicates deterministic sampling and 0x02 indicates random sampling. |
47 |
MPLS_TOP_LABEL_IP_ADDRESS: The MPLS top- label address. |
60 |
IP_PROTOCOL_VERSION: The IP protocol version being used. |
62 |
IPV6_NEXT_HOP: The IPv6 address of the next-hop router. |
70 |
MPLS_LABEL_1: The first MPLS label in the stack. |
71 |
MPLS_LABEL_2: The second MPLS label in the stack. |
72 |
MPLS_LABEL_3: The third MPLS label in the stack. |
128 |
DST_PEER_AS: The destination of the BGP peer AS. |
Field |
Description |
|---|---|
FlowSet ID = Template ID |
Data FlowSet that associated with a FlowSet ID. The FlowSet ID maps to a previously generated template ID. The flow collector must use the FlowSet ID to find the corresponding template record and decode the flow records from the FlowSet. |
Length |
FlowSet length. Data FlowSets are fixed in length. |
Record Number - Field Value Number |
Flow data records, each containing a set of field values. The template record identified by the FlowSet ID dictates the type and length of the field values. |
Padding |
Bytes (in zeros) that the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary. |
Field |
Description |
|---|---|
FlowSet ID |
FlowSet type. FlowSet ID 1 is reserved for the options template. |
Length |
FlowSet length. Option template FlowSets are fixed in length. |
Template ID |
Template ID of the options template. Options template values are greater than 255. |
Option Scope Length |
Length, in bytes, of any scope field definition that is part of the options template record. |
Scope 1 Field Type |
Relevant process. The Junos OS supports the system process (1). |
Scope 1 Field Length |
Length, in bytes, of the option field. |
Padding |
Bytes the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary. |
Field |
Description |
|---|---|
FlowSet ID = Template ID |
ID that precedes each options data flow record. The FlowSet ID maps to a previously generated template ID. The collector must use the FlowSet ID to find the corresponding template record and decode the options data flow records from the FlowSet. |
Length |
FlowSet length. Option FlowSets are fixed in length. |
Number of Flow Data Records |
Remainder of the options data FlowSet is a collection of flow data records, each containing a set of field values. The template record identified by the FlowSet ID dictates the type and length of the field values. |
Padding |
Bytes (in zeros) the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary. |
IPFIX (Version 10) IPv4 Fields
Field Name |
Flow Key |
Element ID |
Length in Bytes |
|---|---|---|---|
IPV4_SADDR |
Y |
8 |
4 |
IPV4_DADDR |
Y |
12 |
4 |
IPV4_TOS |
Y |
5 |
1 |
IPV4_PROTO |
Y |
4 |
1 |
TCP_UDP_SPORT |
Y |
7 |
2 |
TCP_UDP_DPORT |
Y |
11 |
2 |
IMCP_TYPE_CODE_IPV4 |
Y |
32 |
2 |
IIF |
Y |
10 |
4 |
VLAN_ID |
Configurable |
58 |
2 |
IPV4_SMASK |
N |
9 |
1 |
IPV4_DMASK |
N |
13 |
1 |
SRC_AS |
N |
16 |
4 |
DST_AS |
N |
17 |
4 |
IPV4_NEXTHOP |
N |
15 |
4 |
TCP_FLAGS |
N |
6 |
1 |
OIF |
N |
14 |
4 |
FLOW_BYTES |
N |
1 |
8 |
FLOW_PACKETS |
N |
2 |
8 |
MIN_TTL |
N |
52 |
1 |
MAX_TTL |
N |
53 |
1 |
START_TIME |
N |
152 |
8 |
END_TIME |
N |
153 |
8 |
FIRST_SWITCHED |
N |
22 |
4 |
LAST_SWITCHED |
N |
21 |
4 |
FLOW_END_REASON |
N |
136 |
1 |
IP_PROTOCOL_VERSION |
N |
60 |
1 |
BGP_NEXTHOP_ID |
N |
18 |
4 |
FLOW_DIRECTION |
Configurable |
61 |
1 |
DOT_1Q_VLAN_ID |
N |
243 |
2 |
DOt_1Q_CUSTOMER_VLAN_ID |
N |
245 |
2 |
IP IDENTIFIER |
N |
54 |
4 |