[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Sampling Configuration


Figure 10: Active Flow Monitoring—Sampling Configuration Topology Diagram

In Figure 11, traffic from Router 1 arrives on the monitoring router's Gigabit Ethernet ge-2/3/0 interface. The exit interface on the monitoring router that leads to destination Router 2 is ge-3/0/0. In active flow monitoring, both the input interface and exit interface can be any interface type (such as SONET/SDH, Gigabit Ethernet, and so on). The export interface leading to the cflowd server is fe-1/0/0.

Configure a firewall filter to sample, count, and accept all traffic. Apply the filter to the input interface, and configure the exit interface (for traffic forwarding), the adaptive services interface (for cflowd processing), and the export interface (for exporting cflowd records).

Configure sampling at the [edit forwarding-options] hierarchy level. Include the IP address and port of the cflowd server with the cflowd statement and specify the adaptive services interface to be used for cflowd record processing with the interface statement at the [edit forwarding-options sampling] hierarchy level.

[edit]

interfaces {

    sp-2/0/0 {                            # This adaptive services interface creates the cflowd records.

        unit 0 {

            family inet {

                address 10.1.1.1/32 {

                    destination 10.1.1.2;

                }

            }

        }

    }

    fe-1/0/0 {                            # This is the export interface where records are sent to the cflowd server.

        unit 0 {

            family inet {

                address 10.60.2.2/30;

            }

        }

    }

    ge-2/3/0 {                            # This is the input interface where all traffic enters the router.

        unit 0 {

            family inet {

                filter {

                    input catch_all;                            # This is where the firewall filter is applied.

                }

                address 11.1.1.1/20;

            }

        }

    }

    ge-3/0/0 {                                    # This is the exit interface where the original traffic is forwarded.

        unit 0 {

            family inet {

                address 12.2.2.1/24;

            }

        }

    }

}

forwarding-options {

    sampling {                                # Traffic is sampled and sent to a cflowd server.

        input {

            family inet {

                rate 1;                    # The router samples 1 out of x packets (a rate of 1 samples every packet).

            }

        }

        output {

            cflowd 10.60.2.1 {                                    # Here you configure the IP address and port of the cflowd server.

                port 2055;

                version 5;                                # The records are sent to the cflowd server using version 5 format.

            }

            flow-inactive-timeout 15;

            flow-active-timeout 60;

            interface sp-2/0/0 {                                    # By adding an interface here, you enable PIC-based sampling.

                engine-id 5;                        # Engine statements are generated dynamically, but can be configured.

                engine-type 55;

                source-address 10.60.2.2;                                                    # You must configure this statement.

            }

        }

    }

}

firewall {

    family inet {

        filter catch_all {                                            # Apply this filter on the input interface.

            term default {

                then {

                    sample;

                    count counter1;

                    accept;

                }

            } 

        }

    }

}
[Contents] [Prev] [Next] [Index] [Report an Error]