Understand Inband Flow Analyzer 2.0
Inband Network Telemetry (INT) is a vendor-neutral network monitoring framework that provides per-hop granular data in the forwarding (data) plane. INT allows you to observe changes in flow patterns caused by microbursts, packet transmission delay, latency per node, and new ports in flow paths.
Inband Flow Analyzer (IFA) 2.0 is an implementation of INT in Junos OS switches. IFA enables the devices to collect flow data and export the data to external collectors for per-hop or end-to-end analysis. IFA uses probe packets to collect data such as per-hop latency, per-hop ingress and egress ports, packet Receive (RX) timestamp (in seconds), queue ID, congestion, and egress port speed. The IFA packets traverse the same path in the network and use the same queues as the packets in the forwarding plane. So, the IFA packets experience similar latency and congestion as the packets.
Benefits of Inband Telemetry Solution
- Samples flow data and exports data to collectors faster than traditional telemetry ingests.
- Gives a granular view of the source of fault, latency, and congestion in your live network.
Device Configuration
The QFX5120-32C and QFX5120-48Y devices support Inband Network Telemetry (INT) using IFA 2.0. The IFA probe packets collect flow metrics and export the data in the Internet Protocol Flow Information Export (IPFIX) format. Paragon Automation supports analysis of the IPv4 Virtual Extensible LAN (VXLAN) flow data using the IFA sensor. Paragon Automation identifies VXLAN flows if the standard VXLAN port 4789 is present as the destination port in the Outer L4 Header (Layer 4 Header). The format of the IFA 2.0 packet with the VXLAN flow data is shown in Figure 1.
IFA uses revenue ports to export data to collectors. You cannot use management ports to export IFA data.
IFA probe packets use three nodes that have separate functionality as they collect flow information:
-
IFA Initiator Node (ingress node)—Samples the IPv4 VXLAN traffic, converts packets to IFA format by adding an IFA header, and updates IFA probe packet with the Initiator Node metadata. The IFA Header has the total maximum length allowed for the IFA Metadata Stack. The metadata stack is where each node adds its respective hop-specific metadata.
-
IFA Transit Node—Identifies IFA packets and appends metadata into the metadata stack of the packet. A transit node checks the current length against the total maximum length in the IFA Header. If the current length equals or exceeds the maximum length, the Transit Node does not append its metadata to the IFA Metadata Stack.
-
IFA Terminating Node (egress node—Appends its metadata and exports a copy of the flow data to the IFA 2.0 application (the IFA firmware). The IFA application adds the egress port number, converts the packets into IPFIX format, and sends them to a collector such as Paragon Automation.
See IFA 2.0 Probe for Real-Time Monitoring for more information.
You must configure the IFA Initiator Node, IFA Transit Node, and IFA Terminating Node in the QFX5120-32C and QFX5120-48Y switches.
Paragon Automation Configuration
In Paragon Automation, you must perform the following tasks:
-
Configure IP address of the deploy node and the UDP port in the device group. Paragon Insights deploys the IFA ingest on the configured deploy node.
See Add a Device Group for more information.
-
Configure one or more IFA flow IP addresses in devices. See Edit Devices for more information.
-
Create a rule for the IFA ingest.
See Configure a Custom Rule in Paragon Automation GUI for more information.
-
Create a playbook and deploy the playbook instance in device groups.
See Create a Playbook Using the Paragon Insights GUI to create a playbook in Paragon Automation.
See Manage Playbook Instances to deploy a playbook.
-
Configure device details such as device name and device ID in the ingest. See Configure Device Details for Inband Flow Analyzer Devices.
Paragon Automation supports hb_ifa_v2_0 as the IFA sensor name. The IFA sensor supports fields described in Table 1.
Field | Key Field | Data Type | Description |
---|---|---|---|
source_ip | Yes | String | IP address of the Initiator Node from which the IFA flow packets originate. |
source_port | Yes | String | Source port of the Initiator Node from which the IFA packet originates. |
dest_ip | Yes | String | IP address of the Terminating Node. |
dest_port | Yes | String | Destination port of the Terminating Node that exports the IFA packets. |
proto | Yes | String | Value of the protocol used for the IFA flow. |
hop | Yes | String |
The hop field denotes the number of hops that the IFA packet traversed. If there are n nodes, the hop value starts with 1 for the Initiator node, 2 for the Transit node, and so on until it reaches the Terminating node that is assigned a value of n. Note:
The IFA sensor can additionally assign the hop value 65,535 to describe end-to-end latency and the complete IFA flow path. In Paragon Automation rules, the hop field captures the sequence number (hop value) at each hop. |
node_id | No | String |
Device ID of the IFA Initiator node, the IFA Transit node, or the IFA Terminator node, when the hop field's value is not 65,535. The device ID is present in the IFA Metadata Stack. When the hop field's value is 65,535, the node_id field denotes the complete path taken by the IFA probe packet. |
node_name | No | String |
Displays name of the IFA node associated with node_id, if you previously configured Paragon Automation to display the node_name. If you didn't configure Paragon Automation to display the node_name, the node_id Is displayed. |
ingress_port | No | String | Ingress port of the node through which the IFA flow enters. |
egress_port | No | String | Egress port of the node through which the IFA flow exits. |
egress_portspeed | No | Unsigned integer 32 | Speed (in Gigabits per second) of the egress port. |
congestion_bits | No | Unsigned integer 32 | Congestion bit that indicates if an IFA packet experienced congestion or not. |
queue_id | No | Unsigned integer 32 | Identifier (ID) of the queue taken by the IFA packets in a node. |
residence_time_ns | No | Unsigned integer 32 | Time taken (in nanoseconds) by the IFA packet within a node. |
rx_ts_ns | No | Unsigned integer 64 | Receive time stamp value when the IFA probe packet enters a node. |
latency | No | Unsigned integer 64 |
Difference between the received time stamp of the current node and the previous node, when the hop field's is not 65,535. When the hop field's value is 65,535, the latency field denotes the end-to-end latency of the complete path. |
Paragon Automation ingests the IFA data as IPFIX records and creates multi-row entries in the time-series database (TSDB) for each IPFIX record. The TSDB rows capture per hop details such as:
- Ingress and egress ports
- Latency
- Receive packet (RX) time stamp
- Sequence number that increments at each hop
- A record of the end-to-end latency from the Initiator node to the Terminating node