Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Monitoring Network Traffic Flow on PTX Series Routers Using Inline Flow Monitoring

    This topic describe how to configure inline flow monitoring so that you can use it to monitor your network traffic flow. This procedure applies to PTX3000 and PTX5000 routers that have third-generation FPCs installed, PTX10008 and the PTX1000 routers.

    Note: PTX1000 does not support version 9 flow templates.


    Inline flow monitoring is implemented on the Logical CPU (LCPU). All the functions like flow creation, flow update, and flow records export are done by the LCPU. The flow records are sent out in either the IPFIX format or the version 9 format.

    The inline flow monitoring configuration can be broadly classified into the following categories:

    • Configurations at the [edit services flow-monitoring version-ipfix template] or [edit services flow-monitoring version9 template] hierarchy level—At this level, you configure the template properties for inline flow monitoring.
    • Configurations at the [edit forwarding-options sampling instance] hierarchy level—At this level, you configure a sampling instance and associate the template to the sampling instance. At this level, you also configure the flow-server IP address and port number as well as the autonomous system type.
    • Configurations at the [edit chassis fpc] hierarchy level—At this level, you associate the sampling instance with the FPC on which the media interface is present.
    • Configurations at the [edit firewall] hierarchy level—At this level you configure a firewall filter for the family of traffic to be sampled. You must attach this filter to the interface on which you want to sample the traffic.

    To configure inline flow monitoring on PTX Series routers:

    1. Enable inline flow monitoring and specify the source address.
      [edit forwarding-options sampling instance instance-name family inet output flow-server]
      user@host# set inline-jflow source address source Ip address
    2. Specify an output format:
      • To specify the IPFIX output format:
        [edit forwarding-options sampling instance instance-name family inet output flow-server Ip address]
        user@host# set version-ipfix template ipv4-template
      • To specify the version 9 output format:
        [edit forwarding-options sampling instance instance-name family inet output flow-server Ip address]
        user@host# set version9 template ipv4-template
    3. Specify the output properties:

    The following is an example of the sampling configuration for an instance that supports inline flow monitoring on family inet and on family inet6:

    [edit forwarding-options]
    sampling {
    instance {
    sample-ins1 {
    input {
    rate 1;
    }
    family inet {
    output {
    flow-server 2.2.2.2 {
    port 2055;
    version-ipfix {
    template {
    ipv4;
    }
    }
    }
    inline-jflow {
    source-address 10.11.12.13;
    }
    }
    }
    family inet6 {
    output {
    flow-server 2.2.2.2 {
    port 2055;
    version-ipfix {
    template {
    ipv6;
    }
    }
    }
    interface sp-0/1/0 {
    source-address 10.11.12.13;
    }
    }
    }
    }
    }
    }

    The following example shows the output format configuration:

    services {
    flow-monitoring {
    version-ipfix {
    template ipv4 {
    flow-active-timeout 60;
    flow-inactive-timeout 60;
    ipv4-template;
    template-refresh-rate {
    packets 1000;
    seconds 10;
    }
    option-refresh-rate {
    packets 1000;
    seconds 10;
    }
    }
    }
    }
    }

    The following limitations and restrictions apply to the inline active flow monitoring feature in Junos OS:

    • Flow records and templates cannot be exported if the flow collector is reachable through any management interface.
    • The flow collector should be reachable through the default routing table (inet.0 or inet6.0). If the flow collector is reachable through a non-default VPN routing and forwarding table (VRF), flow records and templates cannot be exported.

    Modified: 2018-01-31