Configuring the IPTV Monitor

Following are the parts of the configuration you need to specify to activate and run the application.

Complete Configuration

The comments included in this example are numbered and explained in more detail after the code.
system {
    syslog {
        ##
        ## 1. Show informational messages
        ##
        user * {
            any emergency;
        }
        file messages {
            any info;
            authorization info;
        }
    }
    extensions {
        providers {
            sync; ## Use the providerID in the certificate used for compiling
        }
    }
}
chassis {
    fpc 1 {
        pic 2 {
            adaptive-services {
                service-package {
                    extension-provider {
                        ##
                        ## 2. Recommended settings for a Type-I Multiservices PIC
                        ##
                        control-cores 1;
                        data-cores 6;
                        object-cache-size 512;
                        forwarding-db-size 64;
                        package sync-monitube-data;
                        syslog {
                            external info;
                        }
                    }
                }
            }
        }
    }
}
interfaces {
    ##
    ## 3. Server is on this network; note the firewall filter application
    ##

    fe-1/1/0 {
        unit 0 {
            family inet {
                filter {
                    input my-samp-filter;
                }
                address 192.168.2.1/24;
            }
        }
    }
    ##
    ## 4. Mirror destination is on this network
    ##
    fe-1/1/1 {
        unit 0 {
            family inet {
                address 10.227.7.230/24;
            }
        }
    }
    ##
    ## 5. Client is on this network
    ##
    fe-1/1/3 {
        unit 0 {
            family inet {
                address 192.168.0.1/24;
            }
        }
    }
    ms-1/2/0 {
        unit 0 {
            family inet;
        }
    }
    ##
    ## 6. Optionally Set up debugging
    ##
    pc-1/2/0 {
        multiservice-options {
            core-dump;
            debugger-on-panic;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 192.168.1.1/32;
            }
        }
    }
}
forwarding-options {
    sampling {
        input {
            family inet {
                rate 1;
            }
        }
        output {
            interface ms-1/2/0;
            ##
            ## 7. Configure Monitube with sampling to the Multiservices PIC
            ##
            extension-service monitube-test {
                monitor mon1 {
                    rate 1245184; ## 1 Mbps video + 192 Kbps audio
                    monitored-networks {
                        226.0.1.4/30;
                    }
                }
                mirror 226.0.1.5 {
                    destination 10.227.1.45;
                }
            }
        }
    }
}
##
## 8. Set up the router to enable IGMP and route Multicast using PIM
##
protocols {
    pim {
        interface fe-1/1/0.0 {
            mode dense;
        }
        interface fe-1/1/3.0 {
            mode dense;
        }
    }
}
##
## 9. Set up the firewall filter to perform the sampling
##
firewall {
    filter my-samp-filter {
        term rule1 {
            from {
                destination-address {
                    224.0.0.0/4;
                }
                protocol udp;
            }
            then {
                sample;
                accept;
            }
        }
        term rule2 {
            then {
                accept;
            }
        }
    }
}
sync {
    monitube {
        traceoptions {
            file mon.tr;
            syslog;
            flag all;
        }
    }
}

In the explanation that follows, each number corresponds to the number in the comment.

  1. This configures the syslog file called messages to receive messages from all facilities if they are at or above the informational level. This is important because the management component uses the info level when tracing is not available (before the initial configuration load). The data component also uses the info level in all its regular status logging. To observe the normal behavior of the system, you must configue the syslog file this way. Note the new syslog configuration under the chassis hierarchy as well.

  2. This part of the configuration directs the data component's package to be installed on the Multiservices PIC and defines an object-cache size to use. The maximum size is generally recommended. For the Multiservices 100 PIC used with this example, 512 MB is the maximum.

    The number of control cores is set to the minimum number, 1, and data cores to 6. Of the 8 total cores in the Multiservices PIC's CPU, this leaves 1 core as a user core.

    The system's main thread tries to bind itself to this user core upon startup, but if no user cores are available, it runs on the control core(s). This main thread's responsibilities are aging, receiving the general configuration, and all aspects of communication with the management component.

    Note that the system will never run on a control core and a user core. Running on control cores usually produces lower performance for the data component overall, because all the threads depend on each others' performance, due to locking that occurs to protect data access in memory shared between the threads.

  3. An IP address 192.168.2.1 is specified for the fe-1/1/0.0 interface. Attached to this interface is the network 192.168.2.0/24. In this example, the IPTV video server in this network is configured with the address 192.168.2.2.

    We also attach the my-samp-filter firewall filter to this interface in the input (ingress) direction. See the details of comment 9 below for more on this filter.

  4. The IP address 10.227.7.230 is configured for the fe-1/1/1.0 interface. Attached to this interface is the network 10.227.7.0/24.

    This example configures the mirror destination at an address that is reachable through this interface. In this case, there is another router between the end host we will see is 10.227.1.45; however, the mirror destination address could equally be in the 10.227.7.0/24 network (making it directly connected with respect to layer 3), or any other network that is routable through any interface.

  5. An IP address 192.168.0.1 is configured for the fe-1/1/3.0 interface. Attached to this interface is the network 192.168.0.0/24.

    This example configures the IPTV video client in this network with the address 192.168.0.2.

  6. This section specifies an optional part of the system's configuration, but it may be useful for debugging should any problems arise. This configuration is normally not meant for production environments. Here we use the pc prefixed form of the Multiservices PIC's interface name. Under this interface name, we can set some debugging configurations such as debugger-on-panic.

  7. Under the forwarding-options sampling output hierarchy, the configuration defines an extension-service with the monitube prefix, here called monitube-test. Most of the system's configuration falls under this object.

    This example streams a multicast channel using the 226.0.1.5 address. The only monitor, mon1, is configured to capture and monitor traffic in the 226.0.1.4/30 prefix (226.0.1.4, 226.0.1.5, 226.0.1.6, 226.0.1.7). This will capture the stream on 226.0.1.5.

    The example streams the IPTV channel using a video at a rate of 1024 Kbps and audio at a rate of 192 Kbps, so the media bit rate is set to 1,245,184 bps (1,216 Kbps) for monitor mon1.

    The configuration also specifies a mirror to mirror any traffic going to 226.0.1.5 to 10.227.1.45. The host at 10.227.1.45 would be expected to contain a view station capable of viewing the IPTV traffic.

  8. The router is between the IPTV video server and client, so it needs to be configured to enable IGMP and Multicast routing. The configuration specifies the PIM routing protocol on the interfaces where the multicast transmitters and receivers are expected to be. Because we know the transmitter (server) will be 192.168.2.2 and our receiver will be 192.168.0.2, we enable PIM on the fe-1/1/0 and fe-1/1/3 interfaces. For this setup, using PIM in dense mode is recommended as shown.

  9. This shows the configuration for the firewall filter that is eventually applied to the fe-1/1/3.0 interface. The filter's term from parameters are used to specify this filter to match all UDP multicast traffic. The filter's term then parameters specify that this filter should take all matched packets and sample them.

    The accept action is implied with sample, but it is a good idea to configure it, nonetheless, for those who are not aware of this.

    With this configuration, the traffic matched by the firewall filter will be directed to the Multiservices PIC, and hence to the application's data component.

Extensions to the JUNOS Configuration

This section focuses on syntactic details for the portion of the configuration that extends the JUNOS software. Each of the additions is explained individually after the code.

forwarding-options {
 2     sampling {
 3         output {
 4             interface ms-x/y/0.z;                        ## ms prefix required
 5             extension-service monitube-instance-name {   
 6                 monitor monitor-name {
 7                     monitored-networks {
 8                         a.b.c.d/i;
 9                         e.f.g.h/j;
10                     }
11                     rate X;                              ## mandatory
12                 }
13                 mirror q.r.s.t {
14                     destination u.v.w.x;
15                 }
16             }
17         }
18     }
19 }

Line 4: To use the extension-service object, you must use an ms prefix to designate an interface on the Multiservices PIC.

Line 5: The service-name identifier of the extension-service object must be prefixed with monitube-. This is important because the management component parses this configuration tree and searches for this prefix.

Line 6: The monitor object configures a monitoring group and groups a set of networks or hosts. Multiple groups can be configured using these objects with varying identifiers (monitor-name).

Line 7: The monitored-networks object is a container for prefixes for the monitor.

Lines 8 and 9: These letters show how to add a network or host (/32) address. Up to 100 prefixes (addresses) can be added to a group. A network mask of less than 32 implies that all host addresses falling into the network will be monitored as observed.

A given prefix should not fall into more than one monitor; however, you can configure the same network address with different prefix lengths within one or more monitors.

Line 11: The monitor also has a mandatory rate attribute within each monitor object. It is used to specify the media bit-per-second rate found in the monitored streams. Its configurable range is from 10,000 to 1,000,000,000 (10 Kbps to 1 Gbps). This should be sufficient, as most IPTV video streams are in the range of from 3.75 to 20 Mbps.

Line 14: The mirror object mirrors streams by taking the destination IP address of the flow to monitor as its identifier. Its destination attribute specifies the IP address to which the monitored traffic is mirrored. Beware of mirroring too many flows to one destination if the bandwidth to handle them is not available.

The system performs a best-match lookup for the address within all the prefixes. When the system receives an RTP packet destined for an address captured in one of the groups, the system assumes it is carrying a media stream payload with a drain rate equal to the rate configured in the group. This information is essential for calculating an accurate MDI for the given flow.

Extensions Configuration Example

The following sample scenario sets up monitoring for a number of different IPTV channels (sent through multicast) at various rates. The configuration also specifies monitoring video-on-demand (VoD) to all subscribers assuming that the streams' media bit rates are all the same.

Mirroring of two selected IPTV channels is also configured. This example also shows the configuration to enable system tracing, which is normally only done for debugging purposes.

The sample attaches the filter to the egress interface. Attaching the filter to the ingress interface could be more desirable in some cases, because you should not attach the sampling filter to more than one egress interface (or the egress and ingress interfaces); otherwise, the PIC will receive two copies of the same packet, which can result in incorrect mirroring and monitoring statistics. It is up to the network administrator to configure the filters appropriately.

The configuration is as follows:

chassis {
    fpc 1 {
        pic 2 {
            adaptive-services {
                service-package {
                    extension-provider {
                        control-cores 1;
                        data-cores 6;
                        object-cache-size 512;
                        forwarding-database-size 128;
                        package sync-monitube-data;
                    }
                }
            }
        }
    }
}
interfaces {
    ms-1/2/0 {
        unit 0 {
            family inet;
        }
    }
   fe-1/1/0 {                            ## example of attaching to ingress
        unit 0 {                          ## interface
            family inet {
                filter {
                    input monitor;        ## apply firewall filter here
                } 
                address 30.31.32.1/18;    ## subscriber facing interface
            }
        }
    }
}
forwarding-options {
    sampling {
        input {
            family inet {
                rate 1;
            }
        }
        output {
            interface ms-1/2/0.0;             ## ms prefix required
            extension-service monitube-iptv {
                monitored-networks sd-bcast-fox {
                    224.0.3.8/29; ## monitor 8 SD channels (.8 - .15)
                    rate 3750000;
                }
                monitored-networks hd-bcast-espn {
                    224.1.3.16/30;  ## monitor 4 HD channels (.16 - .19)
                    224.1.4.88/32;  ## monitor additional HD channel
                    224.1.4.176/32; ## monitor additional HD channel
                    rate 19500000;
                }
                monitored-networks ppv-vod-dvdmovie {
                    30.31.32.0/24; ## monitor 480p PPV channels
                    rate 9000000;
                }
                mirror 224.1.4.54 {
                    destination 10.10.1.47;
                }
                mirror 224.1.4.55 {
                    destination 10.10.1.48;
                }
            }
        }
    }
}
firewall {
    family inet { 
        filter monitor {  ## create a firewall filter for sampling all UDP
            term sample-all {
                from {
                    protocol udp;

                    ## In another user case, one may also want:
                    ## destination-address 224.0.0.0/4;
                }
                then {
                    sample;
                    accept;
                }
            }
        }
    }
}
sync {
    monitube {
        traceoptions {                 ## only used for debugging purposes
            file monitube.trace;
            flag all;
            syslog;
        }
    }
}

Setting up the VideoLAN VLC Software


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5