JUNOS 8.5 Services Interfaces Configuration Guide

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Dynamic Flow Capture Configuration Guidelines

Dynamic flow capture enables you to capture packet flows on the basis of dynamic filtering criteria. Specifically, you can use this feature to forward passively monitored packet flows that match a particular filter list to one or more destinations using an on-demand control protocol.

The architecture consists of one or more control sources that send requests to a Juniper Networks routing platform to monitor incoming data, and then forward any packets that match specific filter criteria to a set of one or more content destinations:

Control source—A client that monitors electronic data or voice transfer over the network. The control source sends filter requests to the Juniper Networks routing platform using the Dynamic Task Control Protocol (DTCP), specified in draft-cavuto-dtcp-01.txt at http://www.ietf.org/internet-drafts. The control source is identified by a unique identifier and an optional list of IP addresses.
Monitoring platform—A Juniper Networks T-series or M320 routing platform containing one or more Dynamic Flow Capture (DFC) PICs, which support dynamic flow capture processing. The monitoring platform processes the requests from the control sources, creates the filters, monitors incoming data flows, and sends the matched packets to the appropriate content destinations.
Content destination—Recipient of the matched packets from the monitoring platform. Typically the matched packets are sent using an IP Security (IPSec) tunnel from the monitoring platform to another router connected to the content destination. The content destination and the control source can be physically located on the same host. For more information on IPSec tunnels, see IPSec Services Configuration Guidelines.

Note: The DFC PIC (either a Monitoring Services III PIC or MultiServices 400 PIC) forwards the entire packet content to the content destination, rather than to a content record as is done with cflowd or flow aggregation version 9 templates.

Figure 11 shows a sample topology. The number of control sources and content destinations is arbitrary.

Figure 11: Dynamic Flow Capture Topology

Image g017075.gif

To configure dynamic flow capture, include the dynamic-flow-capture statement at the [edit services] hierarchy level:




dynamic-flow-capture {





capture-group client-name {





content-destination identifier {


address address;


ttl hops;

}








control-source identifier {


allowed-destinations [ destination ];


no-syslog;


notification-targets [ address address port port-number ];


service-port port-number;


shared-key value;


source-addresses [ address ];

}





input-packet-rate-threshold rate;


interfaces interface-name;


pic-memory-threshold percentage percentage;

}




}

This chapter contains the following sections:

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]