Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Active Flow Monitoring on PTX Series Packet Transport Routers

 

You can use flow monitoring to help with network administration. Active flow monitoring on PTX Series routers allows you to collect sampled packets, then the router does GRE encapsulation of the packets and sends them to a remote server for flow processing. The GRE encapsulation includes an interface index and GRE key field. The GRE encapsulation removes MPLS tags. You configure one or more port-mirroring instances to define which traffic to sample and configure a server to receive the GRE encapsulated packets. You configure a firewall filter on interfaces where you want to capture flows. You can configure as many as 48 port-mirroring instances.

To configure the router to do GRE encapsulation of sampled packets and send them to a remote server for flow processing:

  1. Configure one or more server profiles that specify a host where GRE encapsulated sampled packets are sent, and optionally, a source address to include in the header of each sampled packet.

    1. Specify a name for each server profile and an IP address of the host where sampled packets are sent:
    2. (Optional) For each server profile, specify a source address to include in the header of each sampled packet:
      Note

      The default client address is 0.0.0.0. You must specify an IPv4 address as the client address. You can also specify the loopback address or management interface address as the client address.

  2. Configure one or more port-mirroring instances.

    1. Specify a name for each port-mirroring instance:
      Note

      You can configure a maximum of 48 port-mirroring instances.

    2. Specify a protocol family for each port-mirroring instance:
  3. To set the ratio of the number of packets to sample, specify a value from 1 through 65,535 for each port-mirroring instance:
    Note

    You must specify a value for the rate statement. The default value is zero, which effectively disables sampling. If, for example, you specify a rate value of 4, every fourth packet (1 packet out of 4) is sampled.

  4. (Optional) Specify the number of samples to collect after the initial trigger event for each port-mirroring instance:
    Note

    The default value is zero. You can specify a number up to 20.

  5. To designate a host where sampled traffic is sent, specify the name of server profile configured at the [edit services hosted-services] hierarchy level for each port-mirroring instance:
  6. Configure one or more firewall filters.

    1. For each firewall filter, specify a protocol family, filter name, and match conditions:
    2. For each firewall filter you configure, specify the name of a port-mirroring instance you configured at the [edit forwarding-options] hierarchy level as a nonterminating action so that the traffic that matches that instance is sampled:
  7. Apply each firewall filter to an interface to evaluate incoming traffic:
    Note

    Active flow monitoring is supported only on incoming traffic. You cannot apply firewall filters to evaluate outgoing traffic.

  8. Configure the remote server, where GRE encapsulated packets are sent, to perform flow processing.