Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Using a Dynamic Flow Capture Interface on M, MX and T Series Routers to Monitor Traffic On Demand

 

Dynamic flow capture enables you to capture packet flows based on filtering criteria that you specify in real time. Unlike traditional flow monitoring that requires filtering criteria to be established before operation, dynamic flow capture uses an on demand control protocol that allows you to modify the filtering criteria as network conditions change.

The dynamic flow capture architecture consists of one or more control sources that send Dynamic Tasking Control Protocol (DTCP) requests to a monitoring station. The requests contain filtering criteria that specify which incoming traffic should be monitored, and the monitoring station forwards any packets that match the filter criteria to a set of one or more content destinations.

  • Control source—A client that wants to monitor electronic data or voice transfer over the network. The control source sends filter requests to the Juniper Networks router using DTCP. The control source is identified by a unique identifier and an optional list of IP addresses.

  • Monitoring station—A Juniper Networks T Series or M320 router configured with one or more Monitoring Services III PICs which support dynamic flow capture processing. The monitoring station processes the requests from the control sources, creates the filters, monitors incoming data flows, and sends the matched packets to the appropriate content destinations.

  • Content destination—Recipient of the matched packets from the monitoring station. Typically the matched packets are sent using an IPSec tunnel from the monitoring station to another router connected to the content destination. The content destination and the control source can be located on the same host.

Note

The DFC PIC forwards the entire packet content to the content destination, rather than just a content record.

Figure 1 shows a sample topology that contains control sources, a monitoring station, and content destinations.

Figure 1: Dynamic Flow Capture Topology
Dynamic Flow Capture Topology

To configure dynamic flow capture, perform the following tasks: