Configure Passive Flow Monitoring

When you want to monitor traffic passively in an M40e or M160 router, you can use either the Monitoring Services PIC or the Monitoring Services II PIC. The PICs receive passively monitored network traffic from a SONET/SDH or ATM2 IQ input interface, convert the received packets into cflowd records, and export them to a cflowd server for further analysis.

The key configuration hierarchy statement for passive flow monitoring is the monitoring statement found at the [edit forwarding-options] hierarchy. At minimum, you must configure a VRF routing instance to direct the traffic to a monitoring services interface for cflowd processing.

However, there are several options you can use that add complexity to passive flow monitoring. For example, you can configure the router to direct traffic into a routing instance and deliver the traffic into a monitoring group. You can also use port mirroring and filter-based forwarding to copy and redirect traffic. Optionally, you can encrypt cflowd output before it is sent to a cflowd server for processing, or send cflowd records to a flow collector.

The following sections explain the variety of passive flow monitoring configuration topics:

• Monitor Traffic with a VRF Instance and a Monitoring Group
• Copy and Redirect Traffic with Port Mirroring and Filter-Based Forwarding
• Hardware and Software Considerations
• Example: Passive Flow Monitoring Configuration
• Check Your Work
• Example: Flow Collector Interface Configuration
• Check Your Work