Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Active Flow Monitoring Version 9 Formats and Fields

    A detailed explanation of active flow monitoring version 9 packet formats and fields is shown as follows:

    Junos OS supports the following version 9 template formats:

    Table 1: Flow Monitoring Version 9 Template Formats

    Template

    Fields

    IPv4

    Flow selectors:

    • Source and destination IP address
    • Source and destination address prefix mask lengths
    • Source and destination port numbers
    • IP protocol and IP type of service
    • ICMP type

    Flow nonselectors:

    • TCP flags
    • Input and output SNMP
    • Input bytes
    • Input packets
    • Start time
    • End time

    MPLS

    Flow selectors:

    • MPLS label 1
    • MPLS label 2
    • MPLS label 3

    Flow nonselectors:

    • Input and output SNMP
    • Input bytes
    • Input packets
    • Start time
    • End time

    MPLS_IPv4

    Flow selectors:

    • MPLS label 1
    • MPLS label 2
    • MPLS label 3
    • MPLS top-level FEC address

    Flow nonselectors:

    • Input and output SNMP
    • Input bytes
    • Input packets
    • Start time
    • End time

    IPv6

    Flow selectors:

    • IP protocol and IP type of service
    • Source and destination port numbers
    • Input SNMP
    • Source and destination IPv6 address
    • ICMP type

    Flow nonselectors:

    • Input bytes
    • Input packets
    • TCP flags
    • Output SNMP
    • Source and destination autonomous system
    • Last and first switched
    • IPv6 source and destination mask
    • IP protocol version
    • IPv6 next hop

    Note: Peer AS billing traffic is not supported for active flow monitoring version 9 configuration on a PTX Series router tethered to a CSE2000.

    Figure 1: Version 9 Flow Header Format

    Version 9 Flow Header Format

    Table 2: Version 9 Flow Header Fields

    Field

    Description

    Version

    9

    Count

    Total number of records in the protocol data unit (PDU) or packet. This number includes all the options–FlowSet records, template FlowSet records, and data FlowSet records.

    sysUptime

    Current time elapsed, in milliseconds, since the router started.

    UNIX seconds

    Current seconds since 0000 UTC 1970.

    Flow sequence number

    Sequence counter of total flows received.

    Source ID

    32-bit value that identifies the data exporter. Version 9 uses the integrated field diagnostics (IFD) SNMP index of the PIC or device that is exporting the data flow. This field is equivalent to engine type and engine ID fields found in versions 5 and 8.

    Figure 2: Version 9 Template FlowSet Format

    Version 9 Template FlowSet Format

    Table 3: Version 9 Template FlowSet Fields

    Field

    Description

    FlowSet ID

    FlowSet type. FlowSet ID 0 is reserved for the Template FlowSet.

    Length

    FlowSet length. Individual template FlowSets might contain multiple template records, which means that the length of template FlowSets varies.

    Template ID

    Unique template ID assigned to each newly generated template. Templates numbered 256 and higher define data formats. Templates numbered 0 through 255 define FlowSet IDs.

    Field Count

    Fields in the template record. This field allows the collector to determine the end of the current template record and the start of the next.

    Field Type

    Field type. These are defined in Table 4.

    Field Length

    Length, in bytes, of the corresponding field type.

    Table 4: Field Type Definitions Supported in Junos OS

    Field Type

    Description

    1

    IN_BYTES: The number of bytes associated with an IP flow. By default, the length is 4 bytes.

    2

    IN_PKTS: The number of packets associated with an IP flow. By default, the length is 4 packets.

    4

    PROTOCOL: The IP protocol byte.

    5

    TOS: The type-of-service byte setting of an incoming packet.

    6

    TCP_FLAGS: The cumulative TCP flags associated with a flow.

    7

    L4_SRC_PORT: The TCP/UDP source port.

    8

    IPv4_SRC_ADDR: The IPv4 source address.

    9

    SRC_MASK: The number of contiguous bits in the source subnet mask.

    10

    INPUT_SNMP: The IFD SNMP input interface index. By default, the length is 2.

    11

    L4_DST_PORT: The TCP/UDP destination port number.

    12

    IPV4_DST_ADDR: The IPv4 destination address.

    13

    DST_MASK: The number of contiguous bits in the destination subnet mask.

    14

    OUTPUT_SNMP: The IFD SNMP output interface index. By default, the length is 2.

    16

    SRC_AS: The source autonomous system number. This is always set to zero.

    17

    DST_AS: The destination autonomous system number. This is always set to zero.

    18

    BGP_IPV4_NEXT_HOP: The BGP IPV4 next-hop address.

    21

    LAST_SWITCHED: The uptime of the device (in milliseconds) at which the last packet of the flow was switched.

    22

    FIRST_SWITCHED: The uptime of the device (in milliseconds) at which the first packet of the flow was switched.

    29

    IPV6_SRC_MASK: The length of the IPv6 source mask, in contiguous bits.

    30

    IPV6_DST_MASK: The length of the IPv6 destination mask, in contiguous bits.

    32

    ICMP_TYPE: The ICMP type.

    34

    SAMPLING_INTERVAL: The rate at which packets are sampled. As an example, a rate of 100 means that one packet is sampled for every 100 packets in the data flow.

    35

    SAMPLING_ALGORITHM: The type of algorithm being used. Ox01 indicates deterministic sampling and 0x02 indicates random sampling.

    47

    MPLS_TOP_LABEL_IP_ADDRESS: The MPLS top- label address.

    60

    IP_PROTOCOL_VERSION: The IP protocol version being used.

    62

    IPV6_NEXT_HOP: The IPv6 address of the next-hop router.

    70

    MPLS_LABEL_1: The first MPLS label in the stack.

    71

    MPLS_LABEL_2: The second MPLS label in the stack.

    72

    MPLS_LABEL_3: The third MPLS label in the stack.

    128

    DST_PEER_AS: The destination of the BGP peer AS.

    Figure 3: Version 9 Data FlowSet Format

    Version 9 Data FlowSet Format

    Table 5: Version 9 Data FlowSet Format

    Field

    Description

    FlowSet ID = Template ID

    Data FlowSet that is associated with a FlowSet ID. The FlowSet ID maps to a previously generated template ID. The flow server must use the FlowSet ID to find the corresponding template record and decode the flow records from the FlowSet.

    Length

    FlowSet length. Data FlowSets are fixed in length.

    Record Number - Field Value Number

    Flow data records, each containing a set of field values. The template record identified by the FlowSet ID dictates the type and length of the field values.

    Padding

    Bytes (in zeros) that the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary.

    Figure 4: Version 9 Options Template Format

    Version 9 Options Template Format

    Table 6: Version 9 Options Template Format

    Field

    Description

    FlowSet ID

    FlowSet type. FlowSet ID 1 is reserved for the options template.

    Length

    FlowSet length. Option template FlowSets are fixed in length.

    Template ID

    Template ID of the options template. Options template values are greater than 255.

    Option Scope Length

    Length, in bytes, of any scope field definition that is part of the options template record.

    Scope 1 Field Type

    Relevant process. The Junos OS supports the system process (1).

    Scope 1 Field Length

    Length, in bytes, of the option field.

    Padding

    Bytes the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary.

    Figure 5: Active Flow Monitoring Version 9 Options Data Record Format

    Active Flow Monitoring Version 9 Options
Data Record Format

    Table 7: Active Flow Monitoring Version 9 Options Data Record Format

    Field

    Description

    FlowSet ID = Template ID

    ID that precedes each options data flow record. The FlowSet ID maps to a previously generated template ID. The collector must use the FlowSet ID to find the corresponding template record and decode the options data flow records from the FlowSet.

    Length

    FlowSet length. Option FlowSets are fixed in length.

    Number of Flow Data Records

    Remainder of the options data FlowSet is a collection of flow data records, each containing a set of field values. The template record identified by the FlowSet ID dictates the type and length of the field values.

    Padding

    Bytes (in zeros) the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary.

    Modified: 2017-01-18