Example: Active Monitoring Configuration
In Figure 9, traffic from Router 1 arrives on the monitoring router's OC-3 interface. The exit interface on the monitoring router leading to destination Router 2 can be any interface type (such as SONET, Gigabit Ethernet, and so on). The export interface leading to the cflowd server is fe-1/0/0. To enable active monitoring, configure a firewall filter on the SONET interface with the following match conditions:
- Traffic matching certain firewall conditions is sent to the Monitoring Services PIC using filter-based forwarding. This traffic is quarantined and not forwarded to other routers.
- All other traffic is port-mirrored to the Monitoring Services PIC. Port mirroring copies each packet and sends the copies to the port mirroring next hop (in this case, a Monitoring Services PIC). The original packets are forwarded out of the router as usual.
The active monitoring configuration steps are similar to those for the filter-based forwarding passive monitoring configuration (For an example of filter-based forwarding, see Copy and Redirect Traffic with Port Mirroring and Filter-Based Forwarding). To configure active monitoring, complete these steps:
- Define a Firewall Filter to Select Traffic to Monitor
- Configure the Interfaces That Will Be Actively Monitored
- Enable Interfaces on the Monitoring Services PIC and the Export Interface
- Create a Filter-Based Forwarding Routing Instance
- Configure Routing Options to Import Traffic into a Routing Table Group
- Configure Sampling Input Parameters
- Configure Port Mirroring to the Monitoring Services PIC Interface
- Configure a Monitoring Group to Collect cflowd Records