Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Understand Inband Flow Analyzer 2.0

Inband Network Telemetry (INT) is a vendor-neutral network monitoring framework that provides per-hop granular data in the forwarding (data) plane. INT allows you to observe changes in flow patterns caused by microbursts, packet transmission delay, latency per node, and new ports in flow paths.

Inband Flow Analyzer (IFA) 2.0 is an implementation of INT in Junos OS switches to collect flow data and export the data to external collectors for per-hop or end-to-end analysis. IFA uses probe packets to collect data such as per-hop latency, per-hop ingress and egress ports, packet Receive (RX) timestamp (in seconds), queue ID, congestion, and egress port speed. The IFA packets traverse the same path in the network and use the same queues as the packets in the forwarding plane. So, the IFA packets experience similar latency and congestion as the packets in the forwarding plane.

Device Configuration

The QFX5120-32C and QFX5120-48Y devices support Inband Network Telemetry (INT) using IFA 2.0. The IFA probe packets collect flow metrics and export the data in the Internet Protocol Flow Information Export (IPFIX) format. Starting with Release 4.2.0, Paragon Insights supports analysis of the IPv4 Virtual Extensible LAN (VXLAN) flow data using the IFA sensor. Paragon Insights identifies VXLAN flows if the standard VXLAN port 4789 is present as the destination port in the Outer L4 Header (Layer 4 Header). The format of the IFA 2.0 packet with the VXLAN flow data is shown in Figure 1.

Note:

IFA uses revenue ports to export data to collectors. You cannot use management ports to export IFA data.

See IFA Configurations and Design Considerations for detailed information on supported platforms and the device configuration required to use IFA.

Figure 1: Format of VXLAN IFA 2.0 PacketFormat of VXLAN IFA 2.0 Packet

IFA probe packets use three nodes that have separate functionality as they collect flow information:

  • IFA Initiator Node (ingress node)—Samples the IPv4 VXLAN traffic, converts packets to IFA format by adding an IFA header, and updates IFA probe packet with the Initiator Node metadata. The IFA Header has the total maximum length allowed for the IFA Metadata Stack. The metadata stack is where each node adds its respective hop-specific metadata.

  • IFA Transit Node—Identifies IFA packets and appends metadata into the metadata stack of the packet. A transit node checks the current length against the total maximum length in the IFA Header. If the current length equals or exceeds the maximum length, the Transit Node does not append its metadata to the IFA Metadata Stack.

  • IFA Terminating Node (egress node)—Appends its metadata and exports a copy of the flow data to the IFA 2.0 application (the IFA firmware). The IFA application adds the egress port number, converts the packets into IPFIX format, and sends them to a collector such as Paragon Insights.

See IFA Configurations and Design Considerations for more information.

Note:

You must configure the IFA Initiator Node, IFA Transit Node, and IFA Terminating Node in the QFX5120-32C and QFX5120-48Y switches.

Paragon Insights Configuration

In Paragon Insights, you must perform the following tasks:

  1. Configure IFA flow IP address in devices and configure IP address of the deploy node and the UDP port in the device group. Paragon Insights deploys the IFA ingest on the configured deploy node.

    See Manage Devices, Device Groups, and Network Groups for more information.

  2. Create a new rule for IFA ingest.

    See Paragon Insights Rules and Playbooks for more information.

  3. Create a playbook and deploy the playbook instance in device groups.

    See Paragon Insights Rules and Playbooks for more information.

  4. Configure device details such as device name and device ID in the ingest. See Configure Device Details for Inband Flow Analyzer Devices.

Paragon Insights supports hb_ifa_v2_0 as the IFA sensor name. The IFA sensor supports fields described in Table 1.

Table 1: IFA Sensor Fields

Field

Key Field

Data Type

Description

source_ip

Yes

String

IP address of the Initiator Node from which the IFA flow packets originate.

source_port

Yes

String

Source port of the Initiator Node from which the IFA packet originates.

dest_ip

Yes

String

IP address of the Terminating Node.

dest_port

Yes

String

Destination port of the Terminating Node that exports the IFA packets.

proto

Yes

String

Value of the protocol used for the IFA flow.

hop

Yes

String

The hop field denotes the number of hops that the the IFA packet traversed. If there are n nodes, the hop value starts with 1 for the Initiator node, 2 for the Transit node, and so on until it reaches the Terminating node that is assigned a value of n.

Note:

The IFA sensor can additionally assign the hop value 65,535 to describe end-to-end latency and the complete IFA flow path.

In Paragon Insights rules, the hop field captures the sequence number (hop value) at each hop.

node_id

No

String

Device ID of the IFA Initiator node, the IFA Transit node, or the IFA Terminator node, when the hop field’s value is not 65,535. The device ID is present in the IFA Metadata Stack.

When the hop field’s value is 65,535, the node_id field denotes the complete path taken by the IFA probe packet.

node_name

No

String

Displays name of the IFA node associated with the node_id, if you previously configured Paragon Insights to display the node_name.

If you didn't configure Paragon Insights to display the node_name, the node_id Is displayed.

ingress_port

No

String

Ingress port of the node through which the IFA flow enters.

egress_port

No

String

Egress port of the node through which the IFA flow exits.

egress_portspeed

No

Unsigned integer 32

Speed (in Gigabits per second) of the egress port.

congestion_bits

No

Unsigned integer 32

Congestion bit that indicates if an IFA packet experienced congestion or not.

queue_id

No

Unsigned integer 32

Identifier (ID) of the queue taken by the IFA packets in a node.

residence_time_ns

No

Unsigned integer 32

Time taken (in nanoseconds) by the IFA packet within a node.

rx_ts_ns

No

Unsigned integer 64

Receive timestamp value when the IFA probe packet enters a node.

latency

No

Unsigned integer 64

Difference between the received timestamp of the current node and the previous node, when the hop field’s value is not 65,535.

When the hop field’s value is 65,535, the latency field denotes the end-to-end latency of the complete path.

Paragon Insights ingests the IFA data as IPFIX records and creates multi-row entries in the time-series database (TSDB) for each IPFIX record. The TSDB rows capture per hop details such as:

  • Ingress and egress ports

  • Latency

  • Receive packet (RX) timestamp

  • Sequence number that increments at each hop

  • A record of the end-to-end latency from the Initiator node to the Terminating node

Related Documentation