- play_arrow Overview
- play_arrow Operation, Administration, and Management Features
- play_arrow Ethernet OAM and Connectivity Fault Management for Routers
- Introduction to OAM Connectivity Fault Management (CFM)
- Configure Connectivity Fault Management (CFM)
- CFM Action Profile
- Ethernet Local Management Interface
- CFM Support for CCC Encapsulated Packets
- Configure Unified ISSU for 802.1ag CFM
- CFM Monitoring between CE and PE Devices
- Configure Continuity Check Messages
- Example: Configure Ethernet CFM on Physical Interfaces
- Example: Configure Ethernet CFM on Bridge Connections
- Example: Configure Ethernet CFM over VPLS
- play_arrow Link Fault Management for Routers
- play_arrow Ethernet OAM Link Fault Management for Switches
- play_arrow Ethernet OAM Connectivity Fault Management for Switches
- play_arrow Ethernet Frame Delay
- Ethernet Frame Delay Measurements on Switches
- Configure MEP Interfaces on Switches to Support Ethernet Frame Delay Measurements (CLI Procedure)
- Configure One-Way Ethernet Frame Delay Measurements on Switches (CLI Procedure)
- Configure an Iterator Profile on a Switch (CLI Procedure)
- Trigger an Ethernet Frame Delay Measurement Session on a Switch
- Configure Two-Way Ethernet Frame Delay Measurements on Switches (CLI Procedure)
- play_arrow Ethernet Service OAM (ITU-TY.1731) for Routers
- ITU-T Y.1731 Ethernet Service OAM Overview
- Configure Ethernet Frame Delay Measurement Sessions
- Configuring MEP Interfaces to Support Ethernet Frame Delay Measurements
- Configure Ethernet Frame Loss Measurement
- Configure an Iterator Profile
- Configure Ethernet Synthetic Loss Measurements
- Ethernet Alarm Indication
- Inline Transmission Mode
-
- play_arrow Network Monitoring by using SNMP
- SNMP Architecture and SNMP MIBs Overview
- Understand SNMP Implementation in Junos OS
- Configure SNMP in Junos OS
- Configure Options on Managed Devices for Better SNMP Response Time
- Enterprise Specific Utility MIB to Enhance SNMP Coverage
- Optimize the Network Management System Configuration for the Best Results
- Interfaces to Accept SNMP Requests
- Configure SNMP for Routing Instances
- Configure SNMP Remote Operations
- SNMP Traps
- SNMP Traps Supported by Junos OS
- Trace SNMP Activity
- Access Privileges for an SNMP Group
- Configure Local Engine ID on SNMPv3
- Configure SNMPv3
- Configure SNMPv3 Authentication Type and Encryption Type
- SNMPv3 Traps
- SNMPv3 Informs
- SNMP Communities
- MIB Views
- SNMP MIBs Supported by Junos OS and Junos OS Evolved
- Junos OS SNMP FAQs
- play_arrow Remote Network Monitoring (RMON) with SNMP Alarms and Events
- play_arrow Accounting Options
- play_arrow Monitoring Common Security Features
- play_arrow Performance Management
- play_arrow Port Mirroring
- play_arrow Port Mirroring and Analyzers
- Port Mirroring and Analyzers
- Configuring Port Mirroring and Analyzers
- Configuring Port Mirroring Instances
- Configuring Port Mirroring on Physical Interfaces
- Configuring Port Mirroring on Logical Interfaces
- Configuring Port Mirroring for Multiple Destinations
- Configuring Port Mirroring for Remote Destinations
- Configuring Port Mirroring Local and Remote Analysis
- 1:N Port Mirroring to Multiple Destinations on Switches
- Example: Configure Port Mirroring with Family any and a Firewall Filter
- Monitoring Port Mirroring
- Configure Packet Mirroring with Layer 2 Headers for Layer 3 Forwarded Traffic
- Troubleshooting Port Mirroring
-
- play_arrow System Log Messages
- play_arrow Network Management and Troubleshooting
- Compressing Troubleshooting Logs from /var/logs to Send to Juniper Networks Technical Support
- Monitoring and Troubleshooting
- Troubleshooting System Performance with Resource Monitoring Methodology
- Configuring Data Path Debugging and Trace Options
- Using MPLS to Diagnose LSPs, VPNs, and Layer 2 Circuits
- Using Packet Capture to Analyze Network Traffic
- On-Box Packet Sniffer Overview
- Troubleshooting Security Devices
- play_arrow Configuration Statements and Operational Commands
sFlow Support on Routers
On PTX1000 routers and QFX10000 Series switches, sFlow technology always works at the level of the physical interface. Enabling sFlow monitoring on one logical interface enables it on all logical interfaces belonging to that physical interface.
On PTX1000 routers, PTX10000 routers, and QFX10000 Series
switches, you can configure sFlow only on an active logical interface. Use the show
interfaces terse
command to display the status information of interfaces. If both
operational and admin state of an interface is up, then it is an active interface.
On PTX10000 routers, PTX5000 routers and QFX10000 Series switches, sFlow will not generate samples as expected when the ingress or egress interfaces are part of routing instance specifically in ECMP scenario.
The sFlow agent is responsible for monitoring the network port, sample all incoming packets including control traffic and traffic arriving on all the ports in the system.
The following sFlow features are supported on the ACX5000 line of routers:
Packet-based sampling
Note:This feature is not supported on ACX5448 router.
Time-based sampling
Adaptive sampling
The following sFlow technology limitations apply on ACX5000 line of routers:
The ingress and egress sampling can be configured only on one of the units under a physical interface and the sFlow is enabled for the physical interface (port). The sFlow cannot be enabled if the unit under a physical interface is not configured.
Egress sampling for Broadcast, Unknown unicast and Multicast (BUM) traffic is not supported because the source-interface field in the sFlow datagrams cannot be populated.
Destination VLAN and Destination Priority fields are not populated in the case of Layer 3 forwarding.
sFlow sampling is not supported on the output interface of an analyzer.
SNMP MIB support for sFlow is not available.
sFlow cannot be enabled on IRB interfaces.
sFlow cannot be enabled on logical tunnel (lt-) and LSI interfaces.
sFlow for GRE Encapsulation
On PTX10001-36MR, PTX10003, PTX10004, PTX10008, and PTX10016 devices, sFlow supports the export of Extended Tunnel Egress Structure fields for traffic entering IPv4 or IPv6 GRE tunnels. This enables sFlow to provide information about GRE tunnel into which a packet entering the device might be encapsulated. The GRE tunnel could be IPv4 or IPv6. The feature is supported only when sFlow is enabled in the ingress direction wherein firewall based GRE encapsulation happens on IPv4 or IPv6 packets.
The feature is supported for the below traffic scenarios when ingress sFlow sampling is enabled:
Incoming IPv4 traffic that undergoes IPv4 GRE encapsulation
Incoming IPv6 traffic that undergoes IPv4 GRE encapsulation
Incoming IPv4 traffic that undergoes IPv6 GRE encapsulation
Incoming IPv6 traffic that undergoes IPv6 GRE encapsulation
To learn more about the sFlow and sFlow Tunnel Structures, see sFlow Tunnel Structures.
#id-overview-of-sflow-technology__sflow-fields describes extended tunnel egress structure fields for traffic entering IPv4 or IPv6 GRE tunnels.
Field Name | Value |
---|---|
Protocol reported | 0x2f (GRE) |
Source IP | IPv4 or IPv6 address of the tunnel source |
Destination IP | IPv4 or IPv6 address of the tunnel destination endpoint |
length | 0 |
source port | 0 |
destination port | 0 |
tcp flags | 0 |
priority | 0 |
The extended structure for IPv4 and IPv6 GRE tunnels is below:
/* opaque = flow_data; enterprise = 0; format = 1023 */ struct extended_ipv4_tunnel_egress { sampled_ipv4 header; } /* opaque = flow_data; enterprise = 0; format = 1025 */ struct extended_ipv6_tunnel_egress { sampled_ipv6 header; }
Sampled IPv4 header structure is below:
/* Packet IP version 4 data */ /* opaque = flow_data; enterprise = 0; format = 3 */ struct sampled_ipv4 { unsigned int length; /* The length of the IP packet excluding lower layer encapsulations */ unsigned int protocol; /* IP Protocol type (for example, TCP = 6, UDP = 17) */ ip_v4 src_ip; /* Source IP Address */ ip_v4 dst_ip; /* Destination IP Address */ unsigned int src_port; /* TCP/UDP source port number or equivalent */ unsigned int dst_port; /* TCP/UDP destination port number or equivalent unsigned int tcp_flags; /* TCP flags */ unsigned int tos; /* IP type of service */ }
Sampled IPv6 header structure is below:
/* Packet IP Version 6 Data */ /* opaque = flow_data; enterprise = 0; format = 4 */ struct sampled_ipv6 { unsigned int length; /* The length of the IP packet excluding lower layer encapsulations */ unsigned int protocol; /* IP next header (for example, TCP = 6, UDP = 17) */ ip_v6 src_ip; /* Source IP Address */ ip_v6 dst_ip; /* Destination IP Address */ unsigned int src_port; /* TCP/UDP source port number or equivalent */ unsigned int dst_port; /* TCP/UDP destination port number or equivalent*/ unsigned int tcp_flags; /* TCP flags */ unsigned int priority; /* IP priority */ }
sFlow Sample Size
Starting in Junos OS Evolved 23.1R1 release for PTX Series devices, you can configure the
sFlow sample size of the raw packet header to be exported as part of the sFlow record to the
collector. The configurable range of sample size is from 128 bytes through 512 bytes. Use
the set protocols sflow sample-size Sample-Size
command
to configure the sample size. If the configured sample size is greater than the actual
packet size, then the actual size of the packet is exported. If you do not configure the
sample size, the default size of the raw packet header exported to the collector is 128
bytes.
The sample size configured in the global sFlow configuration is inherited by all the interfaces configured under sFlow protocols.
sFlow Limitations on Routers
On routers, limitations of sFlow traffic sampling include the following:
Trio chipset cannot support different sampling rate for each family. Hence, only one sampling rate can be supported per line card.
Adaptive load balancingsampling is applied per line card and not for per interface under the line card.
Routers support configuration of only one sampling rate (inclusive of ingress and egress
rates) on an line card. To support compatibility with the sFlow configuration of other
Juniper Networks products, the routers still accept multiple rate configuration on different
interfaces of the same line card. However, the router programs the lowest rate as the
sampling rate for all the interfaces of that line card. The (show sflow
interfaces
) command displays the configured rate and the actual (effective) rate.
However, different rates on different line cards is still supported on Juniper Networks
routers.
You cannot configure sFlow on the following line cards:
JNP10K-LC4800
MPC10E
MPC15E
MPC11E
MX10K-LC9600
EX9200-15C
In Junos OS Evolved, you can configure sFlow only on Ethernet interfaces
(et-*
) for the following PTX Series devices:
PTX10003-80C and PTX10003-160C
PTX10008
PTX10001-36MR
PTX10004
PTX10016
You cannot configure sFlow on loopback interfaces (lo0
).