Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250

Inline active flow monitoring is implemented on the Packet Forwarding Engine. The Packet Forwarding Engine performs functions such as creating and updating flows, and updating flow records. The flow records are sent out in industry-standard IPFIX or version 9 format.

On routers with MS-PICs or MS-DPCs, IPv4 and IPv6 fragments are processed accurately. The flow monitoring application creates two flows for every fragmented flow. The first fragment that has the complete Layer 4 information forms the first flow with 5-tuple data and subsequently, all the fragmented packets related to this flow form another flow with the Layer 4 fields set to zero.

The following limitations and restrictions apply to the inline active flow monitoring feature:

  • Configuring both sFlow and inline active flow monitoring on the same interface leads to unexpected behavior. Therefore, configure these features on separate interfaces.

  • Configuring both egress port mirroring and inline active flow monitoring on the same interface leads to unexpected behavior. Therefore, configure these features on separate interfaces.

  • Ingress and egress sampling are sent to the same host-path queue. The packet rate in the queue is shared across ingress and egress sampled packets.

  • Forwarding class configuration is not effective. Export record packets are always considered to be control frames and as such are pushed to the network-control queue.

  • If multiple inline active flow monitoring firewall filters match to a flow, only the actions of the first filter are taken.

  • In ingress sampling, if the destination port is on an aggregated Ethernet interface, the output interface is invalid.

The following considerations apply to the inline active flow monitoring instance configuration:

  • Sampling run-length and clip-size are not supported.

  • For inline configurations, collectors are not reachable via management interfaces, such as fxp0.

  • Inline active flow monitoring does not support cflowd. Therefore, inline flow monitoring does not support the local dump option, which is available only with cflowd.

  • Inline active flow monitoring is not supported when you enable Next Gen Services on an MX Series router.

  • The number of collectors that are supported depends on the device:

    • In Junos OS Release 16.2 and in Junos OS Release 16.1R3 and earlier, you can configure only one collector under a family for inline active flow monitoring. Starting with Junos OS Release 16.1R4 and 17.2R1, you can configure up to four collectors under a family for inline active flow monitoring. Starting with Junos OS Evolved 20.3R1, for the PTX10003 and PTX10008 (with the JNP10K-LC1201 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring. Starting with Junos OS Evolved 20.4R1, for the PTX10001-36MR and the PTX10008 (with the JNP10K-LC1202 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring. Starting with Junos OS Evolved 21.1R1, for the PTX10004 router, you can configure up to four collectors for inline active flow monitoring. The Packet Forwarding Engine (PFE) can export the flow record, flow record template, option data, and option data template packet to all configured collectors. To configure a collector under a family for inline active flow monitoring, configure the flow-server statement at the [edit forwarding-options sampling instance instance-name family (inet | inet6 | mpls) output] hierarchy level. To specify up to four collectors, include up to four flow-server statements.

    • For inline configurations on all other devices, each family can support only one collector.

Inline active flow monitoring is configured using statements from four hierarchy levels:

  • [edit chassis] —At this level, you associate the sampling instance with the FPC on which the media interface is present (except on the MX80 and MX104—see Configuring Inline Active Flow Monitoring on MX80 and MX104 Routers). If you are configuring sampling of IPv4 flows, IPv6 flows or VPLS flows (Junos OS only), you can configure the flow hash table size for each family, as described below.

  • [edit firewall]—At this level, you configure a firewall filter for the family of traffic to be sampled. You must attach this filter to the interface on which you want to sample the traffic.

  • [edit forwarding-options]—At this level, you configure a sampling instance and associate the template with the sampling instance. At this level, you also configure the flow-server IP address and port number as well as the flow export rate.

  • [edit services flow-monitoring] —At this level, you configure the template properties for inline flow monitoring.

Before you configure inline active flow monitoring, you should ensure that you have adequately-sized hash tables for IPv4, IPv6, MPLS, and VPLS flow sampling. (VPLS flow sampling is Junos OS only). These tables can use one to fifteen 256K areas. Starting with Junos OS Release 16.1R1 and 15.1F2, the IPv4 table is assigned a default value of 1024. Prior to Junos OS Release 16.1 and 15.1F2, the IPv4 table is assigned a default value of fifteen 256K areas. The IPv6 table is assigned a default value of 1024, and the VPLS table is assigned a default value of 1024. When anticipated traffic volume requires larger tables, allocate larger tables.

To allocate flow hash tables:

  1. Go to the [edit chassis fpc 0 inline-services flow-table-size] hierarchy level for inline services on the FPC that processes the monitored flows.
  2. Specify the required sizes for the sampling hash tables.
    Note:

    Starting in Junos OS Release 18.2R1, the bridge-flow-table-size option is available and the vpls-flow-table-size option is deprecated; use the bridge-flow-table-size option instead. The bridge-flow-table-size option supports both VPLS and bridge records.

    Note:

    Starting with Junos OS Release 17.3R1, the maximum supported flow table size varies by line card type. See flow-table-size for how the size varies by line card type.

    Also, starting in Junos OS Release 16.1R1 and 15.1F2, changing the flow hash table size does not automatically reboot the FPC (for earlier releases changing the flow hash table size triggers the FPC to reboot).

To configure inline active flow monitoring on MX Series routers (except for MX80 and MX104 routers), EX Series switches, and T4000 routers with Type 5 FPC:

  1. Enable inline active flow monitoring and specify the source address for the traffic.

  2. Specify the template to use with the sampling instance.

  3. Configure a template to specify output properties.

  4. (Optional) Configure the interval after which an active flow is exported.

  5. (Optional) Configure the interval of activity that marks a flow as inactive.

  6. (Optional) Configure the template refresh rate in either number of packets or number of seconds.

  7. (Optional) Configure the refresh rate in either number of packets or number of seconds.

  8. Specify the type of record that the template is used for.

    The vpls-template option is only for IPFIX templates.

    Starting in Junos OS Release 18.2R1, the bridge-template option is available and the vpls-template option is deprecated; use the bridge-template option instead. The bridge-template option (Junos OS only) supports both VPLS and bridge records and is for both IPFIX and version9 templates.

    Starting in Junos OS Release 18.4R1, the mpls-ipv4-template option is deprecated for inline flow monitoring. To configure MPLS records starting in Junos OS Release 18.4R1, use the mpls-template option and the tunnel-observation option. This is described in step 9.

  9. Starting in Junos OS Release 18.4R1 for the MX Series, if you are configuring any type of MPLS flow records, perform the following:

    1. Specify the MPLS template.

    2. Configure the type of MPLS flow records to create.

      The tunnel-observation values enable the creation of the following types of flow records:

      • ipv4—MPLS-IPv4 flows

      • ipv6—MPLS-IPv6 flows

      You can configure multiple values for tunnel-observation.

      For an MPLS traffic type that does not match any of the tunnel-observation values, plain MPLS flow records are created. For example, if you only configure ipv4, then MPLS-IPv6 traffic results in plain MPLS flow records.

      If you do not configure tunnel-observation, plain MPLS flow records are created.

    3. If you are running inline flow monitoring on a Lookup (LU) card, enable sideband mode to create MPLS-IPv6 flow records.

      If you are running inline flow monitoring on an LU card and do not enable sideband mode, then MPLS-IPv6 traffic results in plain MPLS flow records.

  10. (Optional) Include the flow direction value in the template.

    The reported data field contains 0x00 (ingress) or 0x01 (egress). If you do not include the flow-key flow-direction statement, the flow direction data field contains the invalid value 0xFF.

  11. (Optional) Include VLAN IDs in both the ingress and egress directions in the flow key.

    This statement is not required for ingress and egress VLAN ID reporting on interfaces.

  12. Associate the sampling instance with the FPC on which you want to implement inline active flow monitoring.

    For MX240, MX480, MX960, MX2010, MX2020, use the following command:

    1. Confirm the configuration by running the following show command:

    For MX5, MX10, MX40, and MX80, use the following command:

    1. Confirm the configuration by running the following show command:

    For MX104, use the following command:

    1. Confirm the configuration by running the following show command:

This example shows the sampling configuration for an instance that supports inline active flow monitoring on family inet:

Here is the output format configuration:

The following example shows the output format configuration for chassis fpc0:

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
23.4R1-EVO
Starting in Junos OS Evolved 23.4R1 for the ACX7024X, ACX7332, and ACX7348 routers, we support ingress and egress sampling of IPv4 and IPv6 traffic on aggregated Ethernet and IRB interfaces, for both the IPFIX and version 9 export formats. You can configure up to four IPv4 collectors for inline active flow monitoring. You can sample traffic mapped to non-default VRFs, but you cannot export IPFIX or V9 records of those sampled packets through a non-default or management VRF.
23.1R1-EVO
Starting in Junos OS Evolved Release 23.1R1, for the PTX10001-36MR, PTX10003, and PTX10004 routers, as well as the PTX10008 and PTX10016 routers (with the JNP10K-LC1201 or the JNP10K-LC1202 line card and the JNP10008-SF3) routers, we support IPv6 addresses for IPFIX and version 9 collectors. You can configure either IPv4 or IPv6 collectors for each family within a sampling instance; you cannot specify both for the same family. You can specify up to four collectors for each family. You specify the destination server address with the flow-server address statement and the source address with the inline-jflow source-address address statement at the [edit forwarding-options sampling instance name family (inet | inet6 | mpls) output] hierarchy level.
23.1R1-EVO
Starting in Junos OS Evolved 23.1R1 for the ACX7100 and ACX7509 routers, we support ingress and egress sampling of IPv4 and IPv6 traffic on aggregated Ethernet and IRB interfaces, for both the IPFIX and version 9 export formats. You can configure up to four IPv4 collectors for inline active flow monitoring. You can sample traffic mapped to non-default VRFs, but you cannot export IPFIX or V9 records of those sampled packets through a non-default or management VRF.
21.4R1-EVO
Starting in Junos OS Evolved Release 21.4R1 for PTX Series, you can export BGP community and AS path information using IP Flow Information Export (IPFIX) information elements 483 through 491, 16, and 17, per RFCs 8549 and 6313. Content providers can use this information to identify a transit service provider degrading the quality of the service. You configure these elements with the statement data-record-fields at the [edit services flow-monitoring version-ipfix template template-name] hierarchy level.
21.1R1-EVO
Starting with Junos OS Evolved 21.1R1, for the PTX10004 router, you can configure up to four collectors for inline active flow monitoring.
20.4R1-EVO
Starting with Junos OS Evolved 20.4R1, for the PTX10001-36MR and the PTX10008 (with the JNP10K-LC1202 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring.
20.3R1-EVO
Starting with Junos OS Evolved 20.3R1, for the PTX10003 and PTX10008 (with the JNP10K-LC1201 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring.
19.3R2
Inline active flow monitoring is not supported when you enable Next Gen Services on an MX Series router.
18.4R1
Starting in Junos OS Release 18.4R1, the mpls-ipv4-template option is deprecated for inline flow monitoring. To configure MPLS records starting in Junos OS Release 18.4R1, use the mpls-template option and the tunnel-observation option.
18.2R1
Starting in Junos OS Release 20.3R1 for QFX10002-60C switches, you can configure inline active flow monitoring for IPv4 and IPv6 traffic. Both IPFIX and version 9 templates are supported.
18.2R1
Starting in Junos OS Release 18.2R1, the bridge-flow-table-size option is available and the vpls-flow-table-size option is deprecated; use the bridge-flow-table-size option instead.
18.2R1
Starting in Junos OS Release 18.2R1, the bridge-template option is available and the vpls-template option is deprecated; use the bridge-template option instead.
17.2R1
Starting in Junos OS Release 17.2R1 for QFX10002 switches, we added support for inline active flow monitoring with IPFIX templates.
16.1R4
In Junos OS Release 16.2 and in Junos OS Release 16.1R3 and earlier, you can configure only one collector under a family for inline active flow monitoring. Starting with Junos OS Release 16.1R4 and 17.2R1, you can configure up to four collectors under a family for inline active flow monitoring.
16.1R1
Also, starting in Junos OS Release 16.1R1 and 15.1F2, changing the flow hash table size does not automatically reboot the FPC.
16.1R1
Starting with Junos OS Release 16.1R1 and 15.1F2, the IPv4 table is assigned a default value of 1024.