Using a Dynamic Flow Capture Interface
to Monitor Traffic On Demand
Dynamic flow capture (DFC) enables you to capture packet flows based on filtering criteria that you specify in real time. Unlike traditional flow monitoring that requires filtering criteria to be established before operation, DFC uses an on demand control protocol that allows you to modify the filtering criteria as network conditions change.
The DFC architecture consists of one or more control sources that send Dynamic Tasking Control Protocol (DTCP) requests to a monitoring station. The requests contain filtering criteria that specify which incoming traffic should be monitored, and the monitoring station forwards any packets that match the filter criteria to a set of one or more content destinations.
- Control source—A client that wants to monitor electronic data or voice transfer over the network. The control source sends filter requests to the Juniper Networks routing platform using DTCP. The control source is identified by a unique identifier and an optional list of IP addresses.
- Monitoring station—A Juniper Networks T-series or M320 routing platform configured with one or more Monitoring Services III PICs which support DFC processing. The monitoring station processes the requests from the control sources, creates the filters, monitors incoming data flows, and sends the matched packets to the appropriate content destinations.
- Content destination—Recipient of the matched packets from the monitoring station. Typically the matched packets are sent using an IPSec tunnel from the monitoring station to another router connected to the content destination. The content destination and the control source can be located on the same host.
NOTE: The DFC PIC forwards the entire packet content to the content destination, rather than just a content record, as used by cflowd.
Figure 38 shows a sample topology that contains control sources, a monitoring station, and content destinations.
To configure dynamic flow capture, perform the following tasks:
- Configuring the Capture Group
- Configuring the Content Destination
- Configuring the Control Source
- Configuring the DFC Interface
- Option: Configuring Thresholds
- Option: Configuring System Logging
- Option: Monitoring Dynamic Flow Capture by Using SNMP
To view examples of dynamic flow capture, see the following sections: