Configuring a Monitoring Group on an M, MX or T Series Router to Send Traffic to the Flow Server
You collect flow records by specifying output interfaces
in a monitoring group. In general, the monitoring services interfaces
are the output interfaces. The logical unit number on the output interfaces
when used in conjunction with a VRF instance must be 1. To configure,
include the output statement at the [edit forwarding-options
monitoring group-name family inet] hierarchy
level.
Because routing instances determine the input
interface, the input statement at the [edit forwarding-options
monitoring group-name family inet] hierarchy
level has been removed in Junos OS Release 6.0 and later. If you have
a configuration that contains this old statement, we recommend that
you update your configuration and remove the statement.
As part of the mo-fpc/pic/port statement
at the [edit forwarding-options monitoring group-name family inet output interface] hierarchy level, you must specify
a source address for transmission of flow information. You can use
the router ID IP address, the IP address of the input interface, or
any local IP address of your choice as the source address. If you
provide a different source-address statement for each monitoring
services output interface, you can track which interface processes
a particular flow record.
All other statements at this level (engine-id,
engine-type, input-interface-index, and output-interface-index) are dynamically generated, but can be configured manually. To reset
outgoing interface or incoming interface indexes that were once configured
manually, configure the input-interface-index or outgoing-interface-index statements with a value of 0 at the [edit forwarding-options
monitoring group-name family inet output interface interface-name] hierarchy level.
To specify the flow server IP address and port
number, include the flow-server ip-address port port-number statement at the [edit forwarding-options monitoring group-name family inet output] hierarchy level. You can specify up to
eight flow servers in a monitoring group and the IP address for each
server must be unique. Flow records are exported and load-balanced
between all active flow servers.
Once you configure the VRF and monitoring group statements, traffic enters the input interfaces, passes to the monitoring services interfaces for processing, and is discarded. The resulting flow description packets exit the monitoring station through the export interface.If you want traffic to travel to destinations other than the monitoring services interfaces, or need to establish additional analysis, see the section Copying and Redirecting Traffic with Port Mirroring and Filter-Based Forwarding.
You must complete interface configuration on the Monitoring Services or Monitoring Services II PIC before an interface can be added into a monitoring group. For more information, see Configuring Input Interfaces, Monitoring Services Interfaces and Export Interfaces on M, MX or T Series Routers.
[edit]
forwarding-options {
monitoring group1 {
family inet {
output {
export-format cflowd-version-5;
flow-active-timeout 60;
flow-inactive-timeout 30;
flow-server 192.168.245.1 port 2055;
flow-server 192.168.245.2 port 2055;
interface mo-4/0/0.1 {
engine-id 1;
engine-type 1;
input-interface-index 44;
output-interface-index 54;
source-address 192.168.245.1;
}
interface mo-4/1/0.1 {
engine-id 2;
engine-type 1;
input-interface-index 45;
output-interface-index 55;
source-address 192.168.245.1;
}
interface mo-4/2/0.1 {
engine-id 3;
engine-type 1;
input-interface-index 46;
output-interface-index 56;
source-address 192.168.245.1;
}
}
}
}
}