Sampling Traffic in SDK Applications

This section describes configuration of traffic sampling for SDK applications.

For information about sampling using the native JUNOS Software, see the JUNOS Policy Framework Configuration Guide and the JUNOS Services Interfaces Configuration Guide.

Configuring traffic sampling on the Multiservices PIC is similar to configuring traffic sampling for a Monitoring Services or an Adaptive Services PIC using the native JUNOS Software: you enable sampling, create a firewall filter, and apply it to the logical interface on which you want to sample traffic. For the Multiservices PIC, the existing JUNOS interfaces statement at the [edit forwarding-options sampling family inet output] hierarchy level is extended to support using an interface of the ms- type (ms-fpc/pic/port).

There is also a sampling service set you should be aware of. See The Sampling Service Set for more information.

The Sampling Service Set

In addition to next-hop and interface service sets there is also a sampling service set. Interface and next-hop service sets are explained in the JUNOS Services Interfaces Configuration Guide.

The sampling service set has SDK plugins work on the sampled traffic in a specified order. The sampling service set is configured using the sampling-service statement at the [edit services service-set service-set-name] hierarchy level:

[edit]
services {
    service-set service-set-name {
        sampling-service {
            service-interface interface-name;
        }
    }
}

In the case of a sampling service set, the service interface must be a Multiservices PIC interface with a subunit number of 0. If the subunit is not specified, 0 will be assumed. The reverse-flow statement is not mandatory in this case. If no reverse flow is configured, all the sampled traffic is considered to be forward traffic.

The following example makes sure that any sampled packet coming to the ms-6/1/0.0 interface will have the service plugins in service set sset1 applied in the order specified.

[edit]
services {
    service-set sset1 {
        sampling-service {
            service-interface ms-6/1/0;
        }
        extension-service plugin1;
        extension-service plugin2;
        service-order {
            forward-flow [plugin1 plugin2];
            reverse-flow [plugin1 plugin2];
        }
    }
}

In order to sample traffic, the user still needs to configure the other parts of traffic sampling: enabling sampling, creating a firewall filter, and applying it to the logical interface on which you want to sample traffic.

For the rest of this example, see the following section, Enabling Sampling on a Multiservices PIC.

Enabling Sampling on a Multiservices PIC

Note:
To allow for the forwarding database to be created, you must enable the forwarding-options sampling statement.
To enable sampling on a Multiservices PIC, include the sampling statement at the [edit forwarding-options] hierarchy level:

[edit] 
forwarding-options {
    sampling {
        input {
            rate number;
        }
        family inet {
            output {
                extension-service service-name { # Mandatory for SDK monitoring 
                    provider-specific configuration; # Provider-defined hierarchy
                } 
                interface interface-name;  # ms- interface is allowed here. 
                               # Due to existing limitations in monitoring,
                               # only one output interface is allowed. 
            }
        }
    }
}

For sampling on a Multiservices PIC, you must use the extension-service statement at the [edit forwarding-options sampling family inet output] hierarchy level. If you use the extension-service statement, you must set the interface statement to an interface with an ms- prefix.

Here is the rest of the example started in The Sampling Service Set. For more information on configuring sampling, see the JUNOS Services Interfaces Configuration Guide.

[edit]
forwarding-options { # Forwards a duplicate copy of every packet to 6/1/0.0
    sampling {
        input {
            rate 1;
        }
        family inet {
            output {
                interface ms-6/1/0; # subunit 0 is assumed
                extension-service serv1 {  
            }       
        }
    }
}
firewall { # Creates a firewall filter foo that samples all ICMP-based transit traffic
    filter foo {
        term term1 {
            from {
                protocol icmp;
            }
            then {
                sample; # Specifies traffic is to be sampled
                accept;
            )
        }
    }
}
interfaces { # Attaches the firewall filter foo to interface fe-1/0/0.0
    fe-1/0/0 {
        unit 0 {
            family inet {
                filter {
                    input foo;
                }
            }
        }
    }               
}

Limitations and Constraints for SDK Traffic Sampling

Support for traffic sampling in JUNOS SDK applications is subject to the following limitations and constraints:

Other Configuration Guidelines:
Guidelines for Configuring SDK Applications

See also:
Statement Summary

Configuration Command Summary

Operational Command Reference

SDK CLI Configuration


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:48 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5