Example: Sampling Configuration for M, MX and T Series Routers
In Figure 1, traffic from Router 1 arrives on the monitoring router's Gigabit Ethernet ge-2/3/0 interface. The exit interface on the monitoring router that leads to destination Router 2 is ge-3/0/0. In active flow monitoring, both the input interface and exit interface can be any interface type (such as SONET/SDH, Gigabit Ethernet, and so on). The export interface leading to the flow server is fe-1/0/0.
Configure a firewall filter to sample, count, and accept all traffic. Apply the filter to the input interface, and configure the exit interface (for traffic forwarding), the adaptive services interface (for flow processing), and the export interface (for exporting flow records).
Configure sampling at the [edit forwarding-options] hierarchy level. Include the IP address and port of the flow server with the flow-server statement and specify the adaptive services interface to be used for flow record processing with the interface statement at the [edit forwarding-options sampling] hierarchy level.
Router 1
Verifying Your Work
To verify that your configuration is correct, use the following commands on the monitoring station that is configured for active flow monitoring:
show services accounting errors
show services accounting (flow | flow-detail)
show services accounting memory
show services accounting packet-size-distribution
show services accounting status
show services accounting usage
show services accounting aggregation template template-name name (detail | extensive | terse) (version 9 only)
Most active flow monitoring operational mode commands contain equivalent output information to the following passive flow monitoring commands:
show services accounting errors = show passive-monitoring error
show services accounting flow = show passive-monitoring flow
show services accounting memory = show passive-monitoring memory
show services accounting status = show passive-monitoring status
show services accounting usage = show passive-monitoring usage
The active flow monitoring commands can be used with most active flow monitoring applications, including sampling, discard accounting, port mirroring, and multiple port mirroring. However, you can use the passive flow monitoring commands only with configurations that contain a monitoring group at the [edit forwarding-options monitoring] hierarchy level.
The following shows the output of the show commands used with the configuration example:
user@router1> show services accounting errors Service Accounting interface: sp-2/0/0, Local interface index: 542
Service name: (default sampling)
Error information
Packets dropped (no memory): 0, Packets dropped (not IP): 0
Packets dropped (not IPv4): 0, Packets dropped (header too small): 0
Memory allocation failures: 0, Memory free failures: 0
Memory free list failures: 0
Memory overload: No, PPS overload: No, BPS overload: Yes
user@router1> show services accounting flow-detail limit 10
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: (default sampling)
Protocol Source Source Destination Destination Packet Byte
Address Port Address Port count count
udp(17) 10.1.1.2 53 10.0.0.1 53 4329 3386035
ip(0) 10.1.1.2 0 10.0.0.2 0 4785 3719654
ip(0) 10.1.1.2 0 10.0.1.2 0 4530 3518769
udp(17) 10.1.1.2 0 10.0.7.1 0 5011 3916767
tcp(6) 10.1.1.2 20 10.3.0.1 20 1 1494
tcp(6) 10.1.1.2 20 10.168.80.1 20 1 677
tcp(6) 10.1.1.2 20 10.69.192.1 20 1 446
tcp(6) 10.1.1.2 20 10.239.240.1 20 1 1426
tcp(6) 10.1.1.2 20 10.126.160.1 20 1 889
tcp(6) 10.1.1.2 20 10.71.224.1 20 1 1046
user@router1> show services accounting memory
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: (default sampling)
Memory utilization
Allocation count: 437340, Free count: 430681, Maximum allocated: 6782
Allocations per second: 3366, Frees per second: 6412
Total memory used (in bytes): 133416928, Total memory free (in bytes): 133961744
user@router1> show services accounting packet-size-distribution
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: (default sampling)
Range start Range end Number of packets Percentage packets
64 96 1705156 100
user@router1> show services accounting status
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: (default sampling)
Interface state: Monitoring
Group index: 0
Export interval: 60 secs, Export format: cflowd v5
Protocol: IPv4, Engine type: 55, Engine ID: 5
Route record count: 13, IFL to SNMP index count: 30, AS count: 1
Time set: Yes, Configuration set: Yes
Route record set: Yes, IFL SNMP map set: Yes
user@router1> show services accounting usage
Service Accounting interface: sp-2/0/0, Local interface index: 468
Service name: (default sampling)
CPU utilization
Uptime: 4790345 milliseconds, Interrupt time: 1668537848 microseconds
Load (5 second): 71%, Load (1 minute): 63%