ADD (DTCP)
Syntax
ADD DTCP/0.7 Csource-ID: user-name Cdest-ID: variable Priority: priority-number X-Drop-Policy: policy-name X-JTap-Cdest-Dest-Address: ipv4-address X-JTap-Cdest-Dest-Port: udp-port X-JTap-Cdest-Source-Address: ipv4-address X-JTap-Cdest-Source-Port: port-number X-JTap-Cdest-TTL: time-to-live X-MD-Intercept-Id: 4-byte-id | 8-byte-id Dtcp-trigger: trigger-value Flags: flag Seq: sequence-number Authentication-Info: ssh-authentication-string
Description
Specify the DTCP attributes that do one of the following:
Trigger the router to initiate traffic mirroring.
Provide instructions to populate fields in the encapsulation header for packets sent to the mediation device
The DTCP ADD message can be sent either before or after subscribers log in through the interface.
The following attributes are added to the packet header of mirrored packets that the router sends to the mediation device. These attributes are required in the DTCP ADD message.
X-JTap-Cdest-Dest-Address
X-JTap-Cdest-Dest-Port
X-MD-Intercept-Id
This DTCP message is supported for both FlowTapLite and radius-flow-tap services.
Starting with Junos OS Release 12.3, DTCP ADD requests are validated for the IP version. The source IP and destination IP addresses must contain a matching IP address family, which must match with the value of the IPVersion field if it is available in the ADD message.
Consult the documentation for your mediation device to learn how to configure DTCP messages on the device.
The Account Session ID, Interface Identifier, and Subscriber User Name trigger attributes are optimized for a scaled subscriber management environment. Forwarding of mirrored traffic begins almost immediately when you include one or more of these three attributes and none of the non-optimized attributes in DTCP ADD messages.
If you include any of the non-optimized trigger attributes in the DTCP ADD message in a scaled subscriber management environment, some delay might be observed between the time when the DTCP ADD message is sent and the time when forwarding starts for the mirrored traffic. For example, if there are 10,000 subscriber sessions on the router, forwarding of the mirrored traffic might be delayed for less than one minute. This delay occurs when you specify any non-optimized attribute, with or without any optimized attribute. The delay occurs regardless of the order of attributes in the DTCP packet.
When a subscriber matches more than one of the DTCP mirroring triggers in an ADD message, the router processes the triggers in the following order:
X-Act-Sess-IdX-Call-Sta-IdX-IP-AddrX-Interface-IdX-NAS-Port-IdX-RM-Circuit-IdX-UserName
When you have DHCPv4/DHCPv6 subscribers over
VLANs, two sessions are created for each subscriber— one for
the Layer 2 VLAN, and one for DHCP. In this case do not use a trigger,
such as X-RM-Circuit-Id, that applies to both the VLAN
and the DHCP sessions. If the DHCP and VLAN sessions match the same
trigger, the DHCP subscriber login fails and subscriber secure policy
is not triggered. You need to select a traffic mirroring trigger that
matches only one of these sessions.
Options
| Csource-ID: user-name | Username on the router. This username must be configured
as a DTCP user on the router using the |
| Cdest-ID: variable | ID of the mediation device. |
| Flags: flag | STATIC is the only flag supported. |
| Priority: priority-number | This implementation of DTCP does not use the priority number. |
| X-Drop-Policy policy-name | Name of the policy used to determine which mirrored packets are no longer sent to the mediation device. |
| X-JTap-Cdest-Dest-Address: ipv4-address | Destination IPv4 address of the mediation device to which intercepted packets are sent. You must include this attribute in your ADD messages. It is used in the header of mirrored traffic that is sent to the mediation device. |
| X-JTap-Cdest-Dest-Port: udp-port | Destination port of the mediation device to which intercepted packets are sent. You must include this attribute in your ADD messages. It is used in the header of mirrored traffic that is sent to the mediation device. |
| X-JTap-Cdest-Source-Address: ipv4-address | Source IPv4 address. You must include
this attribute in your ADD messages. If the value entered does not
match the value configured on the router using the |
| X-JTap-Cdest-Source-Port: port-number | Source port. You must include this attribute in your ADD messages. If the value entered does not match the value of X-Jtap-Cdest-Dest-Port, it is ignored. |
| X-JTap-Cdest-TTL: time-to-live | TTL value to be used in the forwarded packet. |
| X-MD-Intercept-Id 4-byte-id or 8-byte-id | An Id that is used to identify a subscriber. You must include this attribute in your ADD messages. This ID is used in the header of mirrored traffic that is sent to the mediation device to allow the device to track a subscriber. The X-MD-Intercept-ID attribute must be provided in hexadecimal format, it can be prepended with 0x or 0X, but this prepend is optional. The X-MD-Intercept-ID attribute can consist of only 4 bytes or 8 bytes. If 4 bytes format is used, the two most significant bits must be 01. If 8 bytes format is used, the two most significant bits must be 00. |
| Dtcp-trigger: trigger-value | DTCP attribute used to trigger traffic mirroring.
|
| Seq: sequence-number | Number added by the mediation device. DTCP messages contain a monotonically increasing sequence number for each successive message. |
| Authentication-Info: ssh-authentication-string | String used when you are using SSH to connect to the router. |
Required Privilege Level
Not applicable.
Sample Output
command-name
ADD DTCP/0.7 Csource-ID: ft-user1 Cdest-ID: cd1 Priority: 2 X-JTap-Cdest-Dest-Address: 203.0.113.50 X-JTap-Cdest-Dest-Port: 7890 X-JTap-Cdest-Source-Address: 203.0.113.9 X-JTap-Cdest-Source-Port: 12321 X-Interface-Id: ge-0/0/2.1 X-MD-Intercept-Id: 55667788 Flags: STATIC Seq: 1 Authentication-Info: c16d2d9d1679facf0c4a66683af6114d341e4033 DTCP/0.7 200 OK SEQ: 7 CRITERIA-ID: 2 TIMESTAMP: 2011-02-13 15:56:49.609