Using a Juniper Networks routing platform, a selection of Physical Interface Cards (PICs) for M-series and T-series routing platforms—including the Monitoring Services PIC, Monitoring Services II PIC, Adaptive Services PIC, and MultiServices PICs—and other networking hardware, you can monitor traffic flow and export the monitored traffic. Monitoring traffic allows you to do the following:
There are two main types of flow monitoring:
Flow monitoring version 5 supports passive flow monitoring. Versions 8 and 9 do not support passive flow monitoring.
The M40e, M160, M320, MX-series, or T-series routing platform that is used for passive flow monitoring does not route packets from monitored interfaces, nor does it run any routing protocols related to those interfaces; it only passes along intercepted traffic and receives traffic flows. Figure 41 shows a typical topology for the passive flow monitoring application.
Figure 41: Passive Flow Monitoring Application Topology
Traffic travels normally between Router 1 and Router 2. To redirect IPv4 traffic, you insert an optical splitter on the interface between these two routers. The optical splitter copies and redirects the traffic to the monitoring station. The optical cable connects only the receive port on the monitoring station, never the transmit port. This configuration allows the monitoring station to receive traffic only from the router being monitored but never to transmit it back.
If you are monitoring traffic flow, the Internet Processor II ASIC in the routing platform forwards a copy of the traffic to the Monitoring Services or Monitoring Services II PIC in the monitoring station. If there is more than one Monitoring Services PIC installed, the monitoring station distributes the load of the incoming traffic across the multiple PICs. The Monitoring Services PICs generate flow records in version 5 format, and the records are exported to the flow collector.
When you are performing lawful interception of packets, the Internet Processor II ASIC filters the incoming traffic and forwards it to the Tunnel Services PIC. Filter-based forwarding is then applied to direct the traffic to the packet analyzers. Optionally, the intercepted traffic or the flow records can be encrypted by the ES PIC and then sent to their destination. With additional configuration, flow records can be processed by a flow collector and flows can be captured dynamically.
With MPLS passive monitoring, the routing platform can process MPLS packets with label values that do not have corresponding entries in the mpls.0 routing table. You can divert these unrecognized MPLS packets, remove the MPLS labels, and redirect the underlying IPv4 packets. This is equivalent to a default route for MPLS packets or a promiscuous label. Because this application does not use a Monitoring Services PIC, see the JUNOS MPLS Applications Configuration Guide for more information about MPLS passive monitoring.
Flow monitoring versions 5, 8, and 9 support active flow monitoring. For active flow monitoring, the monitoring station participates in the network as an active routing platform. The major actions the routing platform can perform during active flow monitoring are as follows:
