- play_arrow Flow Monitoring and Flow Collection Services
- play_arrow Understanding Flow Monitoring
- play_arrow Monitoring Traffic Using Active Flow Monitoring
- Configuring Active Flow Monitoring
- Active Flow Monitoring System Requirements
- Active Flow Monitoring Applications
- Active Flow Monitoring PIC Specifications
- Active Flow Monitoring Overview
- Active Flow Monitoring Overview
- Example: Configuring Active Monitoring on an M, MX or T Series Router’s Logical System
- Example: Configuring Flow Monitoring on an MX Series Router with MS-MIC and MS-MPC
- Configuring Services Interface Redundancy with Flow Monitoring
- Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250
- Configuring Flow Offloading on MX Series Routers
- Configuring Active Flow Monitoring on PTX Series Packet Transport Routers
- Configuring Actively Monitored Interfaces on M, MX and T Series Routers
- Collecting Flow Records
- Configuring M, MX and T Series Routers for Discard Accounting with an Accounting Group
- Configuring M, MX and T Series Routers for Discard Accounting with a Sampling Group
- Configuring M, MX and T Series Routers for Discard Accounting with a Template
- Defining a Firewall Filter on M, MX and T Series Routers to Select Traffic for Active Flow Monitoring
- Processing IPv4 traffic on an M, MX or T Series Router Using Monitoring services, Adaptive services or Multiservices Interfaces
- Replicating M, MX and T Series Routing Engine-Based Sampling to Multiple Flow Servers
- Replicating Version 9 Flow Aggregation From M, MX and T Series Routers to Multiple Flow Servers
- Configuring Routing Engine-Based Sampling on M, MX and T Series Routers for Export to Multiple Flow Servers
- Example: Copying Traffic to a PIC While an M, MX or T Series Router Forwards the Packet to the Original Destination
- Configuring an Aggregate Export Timer on M, MX and T Series Routers for Version 8 Records
- Example: Sampling Configuration for M, MX and T Series Routers
- Associating Sampling Instances for Active Flow Monitoring with a Specific FPC, MPC, or DPC
- Example: Sampling Instance Configuration
- Example: Sampling and Discard Accounting Configuration on M, MX and T Series Routers
- play_arrow Monitoring Traffic Using Passive Flow Monitoring
- Passive Flow Monitoring Overview
- Passive Flow Monitoring System Requirements for T Series, M Series and MX Series Routers
- Passive Flow Monitoring Router and Software Considerations for T Series, M Series and MX Series Routers
- Understanding Passive Flow Monitoring on T Series, M Series and MX Series Routers
- Enabling Passive Flow Monitoring on M Series, MX Series or T Series Routers
- Configuring Passive Flow Monitoring
- Example: Passive Flow Monitoring Configuration on M, MX and T Series Routers
- Configuring a Routing Table Group on an M, MX or T Series Router to Add Interface Routes into the Forwarding Instance
- Using IPSec and an ES PIC on an M, MX or T Series Router to Send Encrypted Traffic to a Packet Analyzer
- Applying a Firewall Filter Output Interface on an M, MX or T Series Router to Port-mirror Traffic to PICs or Flow Collection Services
- Monitoring Traffic on a Router with a VRF Instance and a Monitoring Group
- Specifying a Firewall Filter on an M, MX or T Series Router to Select Traffic to Monitor
- Configuring Input Interfaces, Monitoring Services Interfaces and Export Interfaces on M, MX or T Series Routers
- Establishing a VRF Instance on an M, MX or T Series Router for Monitored Traffic
- Configuring a Monitoring Group on an M, MX or T Series Router to Send Traffic to the Flow Server
- Configuring Policy Options on M, MX or T Series Routers
- Stripping MPLS Labels on ATM, Ethernet-Based and SONET/SDH Router Interfaces
- Using an M, MX or T Series Router Flow Collector Interface to Process and Export Multiple Flow Records
- Example: Configuring a Flow Collector Interface on an M, MX or T Series Router
- play_arrow Processing and Exporting Multiple Records Using Flow Collection
- play_arrow Logging Flow Monitoring Records with Version 9 and IPFIX Templates for NAT Events
- Understanding NAT Event Logging in Flow Monitoring Format on an MX Series Router or NFX250
- Configure Active Flow Monitoring Logs for NAT44/NAT64
- Configuring Log Generation of NAT Events in Flow Monitoring Record Format on an MX Series Router or NFX250
- Exporting Syslog Messages to an External Host Without Flow Monitoring Formats Using an MX Series Router or NFX250
- Exporting Version 9 Flow Data Records to a Log Collector Overview Using an MX Series Router or NFX250
- Understanding Exporting IPFIX Flow Data Records to a Log Collector Using an MX Series Router or NFX250
- Mapping Between Field Values for Version 9 Flow Templates and Logs Exported From an MX-Series Router or NFX250
- Mapping Between Field Values for IPFIX Flow Templates and Logs Exported From an MX Series Router or NFX250
- Monitoring NAT Events on MX Series Routers by Logging NAT Operations in Flow Template Formats
- Example: Configuring Logs in Flow Monitoring Format for NAT Events on MX Series Routers for Troubleshooting
-
- play_arrow Flow Capture Services
- play_arrow Dynamically Capturing Packet Flows Using Junos Capture Vision
- play_arrow Detecting Threats and Intercepting Flows Using Junos Flow-Tap and FlowTapLite Services
- Understanding the FlowTap and FlowTapLite Services
- Understanding FlowTap and FlowTapLite Architecture
- Configuring the FlowTap Service on MX Series Routers
- Configuring a FlowTap Interface on MX Series Routers
- Configuring FlowTap and FlowTapLite Security Properties
- FlowTap and FlowTapLite Application Restrictions
- Examples: Configuring the FlowTapLite Application on MX Series and ACX Series Routers
- Configuring FlowTapLite on MX Series Routers and M320 Routers with FPCs
-
- play_arrow Inline Monitoring Services and Inband Network Telemetry
- play_arrow Inline Monitoring Services
- play_arrow Flow-Based Telemetry
- play_arrow Inband Flow Analyzer 2.0
- play_arrow Juniper Resiliency Interface
-
- play_arrow Real-Time Performance Monitoring and Video Monitoring Services
- play_arrow Monitoring Traffic Using Real-Time Performance Monitoring and Two-Way Active Monitoring Protocol (TWAMP)
- Understanding Using Probes for Real-Time Performance Monitoring on M, T, ACX, MX, and PTX Series Routers, EX and QFX Switches
- Configuring RPM Probes on M, MX and T Series Routers and EX Series Switches
- Understanding Real-Time Performance Monitoring on EX and QFX Switches
- Real-Time Performance Monitoring for SRX Devices
- Configuring RPM Receiver Servers
- Limiting the Number of Concurrent RPM Probes on M, MX, T and PTX Routers and EX Series Switches
- Configuring RPM Timestamping on MX, M, T, and PTX Series Routers and EX Series Switches
- Configuring the Interface for RPM Timestamping for Client/Server on a Switch (EX Series)
- Analyzing Network Efficiency in IPv6 Networks on MX Series Routers Using RPM Probes
- Configuring BGP Neighbor Discovery Through RPM
- Examples: Configuring BGP Neighbor Discovery on SRX Series Firewalls and MX, M, T and PTX Series Routers With RPM
- Trace RPM Operations
- Examples: Configuring Real-Time Performance Monitoring on MX, M, T and PTX Series Routers
- Enabling RPM on MX, M and T Series Routers and SRX Firewalls for the Services SDK
- Understand Two-Way Active Measurement Protocol
- Configure TWAMP on ACX, MX, M, T, and PTX Series Routers, EX Series and QFX10000 Series Switches
- Example: Configuring TWAMP Client and Server on MX Series Routers
- Example: Configuring TWAMP Client and Server for SRX Series Firewalls
- Understanding TWAMP Auto-Restart
- Configuring TWAMP Client and TWAMP Server to Reconnect Automatically After TWAMP Server Unavailability
- play_arrow Managing License Server for Throughput Data Export
- play_arrow Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
- Understanding RFC 2544-Based Benchmarking Tests on MX Series Routers and SRX Series Firewalls
- Understanding RFC2544-Based Benchmarking Tests for E-LAN and E-Line Services on MX Series Routers
- Supported RFC 2544-Based Benchmarking Statements on MX Series Routers
- Configuring an RFC 2544-Based Benchmarking Test
- Enabling Support for RFC 2544-Based Benchmarking Tests on MX Series Routers
- Example: Configure an RFC 2544-Based Benchmarking Test on an MX104 Router for Layer 3 IPv4 Services
- Example: Configuring an RFC 2544-Based Benchmarking Test on an MX104 Router for UNI Direction of Ethernet Pseudowires
- Example: Configuring an RFC 2544-Based Benchmarking Test on an MX104 Router for NNI Direction of Ethernet Pseudowires
- Example: Configuring RFC2544-Based Benchmarking Tests on an MX104 Router for Layer 2 E-LAN Services in Bridge Domains
- Example: Configuring Benchmarking Tests to Measure SLA Parameters for E-LAN Services on an MX104 Router Using VPLS
- play_arrow Configuring RFC 2544-Based Benchmarking Tests on ACX Series
- RFC 2544-Based Benchmarking Tests for ACX Routers Overview
- Layer 2 and Layer 3 RFC 2544-Based Benchmarking Test Overview
- Configuring RFC 2544-Based Benchmarking Tests
- Configuring Ethernet Loopback for RFC 2544-Based Benchmarking Tests
- RFC 2544-Based Benchmarking Test States
- Example: Configure an RFC 2544-Based Benchmarking Test for Layer 3 IPv4 Services
- Example: Configuring an RFC 2544-Based Benchmarking Test for NNI Direction of Ethernet Pseudowires
- Example: Configuring an RFC 2544-Based Benchmarking Test for UNI Direction of Ethernet Pseudowires
- Configuring a Service Package to be Used in Conjunction with PTP
- play_arrow Tracking Streaming Media Traffic Using Inline Video Monitoring
- Understanding Inline Video Monitoring on MX Series Routers
- Configuring Inline Video Monitoring on MX Series Routers
- Inline Video Monitoring Syslog Messages on MX Series Routers
- Generation of SNMP Traps and Alarms for Inline Video Monitoring on MX Series Routers
- SNMP Traps for Inline Video Monitoring Statistics on MX Series Routers
- Processing SNMP GET Requests for MDI Metrics on MX Series Routers
-
- play_arrow Configuration Statements and Operational Commands
Configuring Inline Active Flow Monitoring on PTX Series Routers
This topic describes how to configure inline active flow monitoring on PTX Series routers for IPv4 and IPv6 traffic.
Platform and Feature Support
Table 1 lists the PTX Series platform support for various types of traffic for inline active flow monitoring.
Platform | Support |
|---|---|
PTX3000 Series | Junos OS 18.1R1—IPv4 and IPv6 traffic (both IPFIX and version 9) Junos OS 18.2R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
PTX5000 Series | Junos OS 18.1R1—IPv4 and IPv6 traffic (both IPFIX and version 9) Junos OS 18.2R1, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
PTX1000 | Junos OS 17.3R1—IPv4 and IPv6 traffic (version 9 only). |
PTX10001-36MR | Junos OS Evolved 20.3R1—IPv4, IPv6, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
PTX10002-60C | Junos OS 18.4R1—IPv4 and IPv6 traffic (both IPFIX and version 9). Junos OS 19.4R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
PTX10003 | Junos OS Evolved 19.3R1—IPv4 and IPv6 traffic (IPFIX and version 9). Junos OS Evolved 20.1R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
PTX10004 | Junos OS Evolved 20.4R1—IPv4, IPv6, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic (IPFIX and version 9). |
PTX10008 (with the JNP10008-SF3 and the JNP10K-LC1201 line card) | Junos OS Evolved 19.3R1—IPv4 and IPv6 traffic (IPFIX and version 9). Junos OS Evolved 20.1R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
PTX10008 (with the JNP10008-SF3 and the JNP10K-LC1202 line card) | Junos OS Evolved 20.3R1—IPv4, IPv6, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic (IPFIX and version 9). |
PTX10008 (without the JNP10008-SF3) and PTX10016 | Junos OS 18.1R1—IPv4 and IPv6 traffic (both IPFIX and version 9) Junos OS 18.2R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic. |
VRF support: Starting in Junos OS Evolved 24.2R1, we support export of IPFIX or version 9 records of inline active flow monitoring sampled packets to collectors reachable through:
Interfaces belonging to the mgmt_junos VRF instance.
WAN ports belonging to the non-default VRF instance.
You configure this feature using the routing-instance configuration
statement at the [edit forwarding-options sampling instance
name family type output flow-server
IP-address] hierarchy level. You must ensure
that the collectors are reachable through the management interface. We support a
maximum of four collectors for each type of VRF instance. You can configure
collectors for both types of VRF instances in the same sampling configuration.
However, the collectors reachable through the mgmt_junos VRF instance and the
collectors reachable through the WAN ports cannot coexist under the same family,
because you can specify only one source IP address per family. You can specify
inet collectors, inet6 collectors, or a mix of
the two types. To configure the mgmt_junos VRF instance, see Management Interface in a Non-Default Instance.
MPLS-over-UDP support: To configure inline flow monitoring for MPLS-over UDP traffic on PTX Series Routers, see Inline Active Flow Monitoring of MPLS-over-UDP Flows on PTX Series Routers. Inline active flow monitoring for MPLS-over-UDP traffic is not supported on the PTX10001-36MR, PTX10003, PTX10004, and the PTX10008 (with the JNP10008-SF3) routers.
Collectors: Starting in Junos OS Release 18.2R1, you can configure up to four
collectors under a family for inline active flow monitoring. In previous releases of
Junos OS, you could configure only one collector under a family for inline active
flow monitoring.
Starting
in Junos OS Evolved 20.3R1, for the PTX10003 and PTX10008 (with the JNP10K-LC1201
line card and the JNP10008-SF3) routers, you can configure up to four collectors for
inline active flow monitoring. Starting with Junos OS Evolved 20.4R1, for the
PTX10001-36MR and the PTX10008 (with the JNP10K-LC1202 line card and the
JNP10008-SF3) routers, you can configure up to four collectors for inline active
flow monitoring. Starting with Junos OS Evolved 21.1R1, for the PTX10004 router, you
can configure up to four collectors for inline active flow monitoring. To configure
a collector under a family for inline active flow monitoring, configure the
flow-server statement at the edit forwarding-options
sampling-instance instance-name family (inet | inet6)
output hierarchy level. To specify up to four collectors, include up to
four flow-server statements.
Line Card CPU: Inline active flow monitoring is implemented on the Line Card CPU (LCPU). All the functions like flow creation, flow update, and flow records export are done by the LCPU. The flow records are sent out in either the IPFIX format or the version 9 format.
Flows: Starting with Junos OS Evolved Release 21.2R1 and Junos OS Release
21.3R1, no flows are maintained. Every sampled packet is considered to be a flow.
When the sampled packet is received, the flow is created and immediately timed out
as inactive, and the software exports a record to the collector. Therefore, the
number of records sent to the collector is higher than before. The IPFIX and version
9 Options Template Data Record now contains 0 in the Flow Active
Timeout (Element ID 36) and Flow Inactive Timeout
(Element ID 37) fields. Therefore, the Options Template Data Record is not compliant
with IPFIX RFC 7011. The show services accounting flow inline-jflow fpc-slot
slot operational mode command now displays 0 for
all of the Active Flows and Timed Out fields. The
values of the various Total Flows fields are now equal to their
respective Flow Packets field values. The values of the various
Flows Inactive Timed Out fields are now equal to their
respective Flow Packets field values. The effect of the
nexthop-learning statement at the [edit services
flow-monitoring version version template
template-name] hierarchy level on this no-flow
behavior varies depending upon the operating system. For Junos OS Evolved, we do not
recommend that you configure the nexthop-learning statement, as it
reduces the number of packets that can be processed. For Junos OS, you can configure
the nexthop-learning statement to change this default no-flow
behavior and once again create and maintain flows, then attach the template to all
sampling instances associated with FPCs that require the previous behavior.
Limitations and Restrictions
The following limitations and restrictions apply to the inline active flow monitoring feature in Junos OS and Junos OS Evolved:
Egress MPLS filters are not supported on the PTX10001-36MR, PTX10003, PTX10004, and the PTX10008 (with the JNP10008-SF3) routers.
The PTX10001-36MR router does not support multiple FPC sampling collection because it has only 1 Routing Engine.
True outgoing interface (OIF) reporting is not supported for egress sampling. In Junos OS Evolved, true outgoing interface (OIF) reporting is not supported for GRE de-encapsulated packets.
The interface type field for the true incoming interface is not part of the version 9 template because this element is not present in the version 9 export version.
For GRE tunnel traffic on PTX10003 routers, the physical interface is reported in the layer 2 header and is considered as one of the keys during flow creation. Therefore, when physical interfaces are moved in or out of the aggregated Ethernet bundle, a new flow is created and the old flows are timed out after a period of inactivity. Physical interface, logical interface, or the aggregated logical interface (based on the configuration) is reported as the incoming interface in export records based on the configuration.
For GRE tunnel traffic on PTX10008 (with the JNP10008-SF3) routers, an FTI interface is configured to terminate a GRE tunnel. This interface is used during flow creation as one of the keys instead of the physical interface. Hence when a physical interface is moved in or out of an aggregated Ethernet bundle, no new flow is created as the key remains unchanged. Physical interface, logical interface, or the aggregated logical interface (based on the configuration) is reported as the incoming interface in exported records.
How to Configure Inline Active Flow Monitoring on PTX Series Routers
In this example, we configure a version-ipfix template for
recording IPv4 and IPv6 traffic flows.
- Configure a Template to Specify Output Properties
- Configure a Sampling Instance to Specify Input Properties
- Assign the Sampling Instance to an FPC
- Configure a Firewall Filter to Accept and Sample Flows
- Assign the Firewall Filter to an Interface
- Results from a Sample Configuration
Configure a Template to Specify Output Properties
Define the template and configure the type of flow the template should record.
content_copy zoom_out_map[edit services flow-monitoring] user@host# set version-ipfix template template-name ipv4-template user@host# set version-ipfix template template-name ipv6-template user@host# set version-ipfix template template-name mpls-template
(Optional) Configure additional output properties for the template, such as flow timeout interval and template/option refresh rates, to control the flow records.
You can use the
template-refresh-rateoption to configure the frequency at which the flow generator sends updates about template definitions to the flow collector either using number of packets or seconds.content_copy zoom_out_map[edit services flow-monitoring] user@host# set version-ipfix template template-name flow-active-timeout seconds user@host# set version-ipfix template template-name flow-inactive-timeout seconds user@host# set version-ipfix template template-name template-refresh-rate (packets packets | seconds seconds) user@host# set version-ipfix template template-name option-refresh-rate (packets packets | seconds seconds)
- (Optional)
If you are monitoring MPLS flows, that is, if the template in use is configured for the MPLS protocol family, use the
tunnel-observationoption to identify the types of MPLS flows.content_copy zoom_out_map[edit services flow-monitoring] user@host# set version-ipfix template template-name tunnel-observation (ipv4 | ipv6 | mpls-over-udp)
(Optional) Enable the learning of next-hop addresses so that the true outgoing interface is reported.
Note:Starting in Junos OS Evolved 21.2R1, we do not recommend that you enable learning of next-hop addresses, as it reduces the number of packets that can be processed. However, starting in Junos OS Release 21.3R1, you can configure the
nexthop-learningstatement to change the default no-flow behavior and once again create and maintain flows, then attach the template to all sampling instances associated with FPCs that require the previous behavior.content_copy zoom_out_map[edit services flow-monitoring] user@host# set version-ipfix template template-name nexthop-learning enable
Configure a Sampling Instance to Specify Input Properties
Define the sampling instance and configure the ratio of number of packets to be sampled. For example, if you specify a rate of 10, every tenth packet (1 packet out of 10) is sampled.
content_copy zoom_out_map[edit forwarding-options sampling] user@host# set instance instance-name input rate number
Best Practice:We recommend that you use a value of 1000 or higher for MPLS flows.
Configure the protocol family for the sampling instance and specify a flow collector to send the traffic aggregates.
content_copy zoom_out_map[edit forwarding-options sampling] user@host# set instance instance-name family (inet | inet6 | mpls) flow-server hostname
(Optional) Specify the UDP port for the flow collector and the template to use with the sampling instance.
content_copy zoom_out_map[edit forwarding-options sampling] user@host# set instance instance-name family (inet | inet6 | mpls) flow-server hostname port port-number user@host# set instance instance-name family (inet | inet6 | mpls) flow-server hostname version-ipfix template template-name
Configure inline processing of the sampled packets.
content_copy zoom_out_map[edit forwarding-options sampling] user@host# set instance instance-name family (inet | inet6 | mpls) output inline-jflow source-address address
Assign the Sampling Instance to an FPC
Assign the sampling instance to the FPC on which you want to implement flow monitoring.
content_copy zoom_out_map[edit chassis] user@host# set fpc slot-number sampling-instance instance-name
Configure a Firewall Filter to Accept and Sample Flows
Configure the firewall filter for the protocol family and enable sampling of traffic flows.
content_copy zoom_out_map[edit firewall] user@host# set family (inet | inet6 | mpls) filter filter-name user@host# set family (inet | inet6 | mpls) filter filter-name term term-name then accept user@host# set family (inet | inet6 | mpls) filter filter-name term term-name then sample
Assign the Firewall Filter to an Interface
Assign the input firewall filter to the interface you want to monitor.
content_copy zoom_out_map[edit interfaces] user@host# set interface-name unit unit-number family (inet |inet6 | mpls) filter input filter-name
Results from a Sample Configuration
The following is an example of the sampling configuration for an instance that
supports inline flow monitoring on family inet and on
family inet6:
[edit chassis]
fpc 0 {
sampling-instance sample-1;
}[edit services]
flow-monitoring {
version-ipfix {
template test-template {
flow-active-timeout 30;
flow-inactive-timeout 60;
nexthop-learning {
enable;
}
template-refresh-rate {
seconds 10;
}
ipv4-template;
}
template v6 {
ipv6-template;
}
}
}[edit interfaces]
et-1/0/0 {
unit 0 {
family inet {
filter {
input ipv4-filter;
output ipv4-filter;
}
address 192.168.100.10/24;
}
}
}
et-1/0/2 {
unit 0 {
family inet6 {
filter {
input ipv6-filter;
output ipv6-filter;
}
address 2001:db8:0:2::1/64;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.100.1/32;
}
}
}[edit forwarding-options]
sampling {
instance sample-1{
ipv4 {
input {
rate 10;
}
family inet {
output {
flow-server 10.208.174.127 {
port 2055;
version-ipfix {
template {
test-template;
}
}
}
inline-jflow {
source-address 192.168.100.1;
}
}
}
family inet6 {
output {
flow-server 10.208.174.127 {
port 2055;
version-ipfix {
template {
v6;
}
}
}
inline-jflow {
source-address 192.168.100.1;
}
}
}
}
}
}[edit firewall]
family inet {
filter ipv4-filter {
term ipv4-accept {
then {
accept;
sample;
}
}
}
}
family inet6 {
filter ipv6-filter {
term ipv6-accept {
then {
accept;
sample;
}
}
}
}You can use the show services accounting flow command to verify active flow statistics.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
