Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250

 

Active flow monitoring is implemented on the Packet Forwarding Engine. The Packet Forwarding Engine performs functions such as creating and updating flows, and updating flow records. The flow records are sent out in industry-standard IPFIX or version 9 format. Support for active flow monitoring with IPFIX templates on QFX10002 switches was added in Junos OS Release 17.2R1.

On routers with MS-PICs or MS-DPCs, IPv4 and IPv6 fragments are processed accurately. The flow monitoring application creates two flows for every fragmented flow. The first fragment that has the complete Layer 4 information forms the first flow with 5-tuple data and subsequently, all the fragmented packets related to this flow form another flow with the Layer 4 fields set to zero.

The following considerations apply to the inline flow-monitoring instance configuration:

  • Sampling run-length and clip-size are not supported.

  • For inline configurations, collectors are not reachable via fxp0.

  • Inline flow monitoring does not support cflowd. Therefore, inline flow monitoring does not support the local dump option, which is available only with cflowd.

  • The number of collectors that are supported depends on the device:

    • On MX Series routers running Junos OS Release 16.1R4 and later, you can export flow records to four collectors under a family with the same source IP address for Inline-JFlow. The Packet Forwarding Engine (PFE) can export the flow record, flow record template, option data, and option data template packet to all configured collectors. You can configure the multiple collectors at the [edit forwarding-options sampling instance instance name] hierarchy level.

    • For inline configurations on all other devices, each family can support only one collector.

Inline active flow monitoring is available in four hierarchies levels:

  • [edit chassis] —At this level, you associate the sampling instance with the FPC on which the media interface is present (except on the MX80 and MX104—see Configuring Inline Active Flow Monitoring on MX80 and MX104 Routers). If you are configuring sampling of IPv4 flows, IPv6 flows or VPLS flows, you can configure the flow hash table size for each family, as described below.

  • [edit firewall]—At this level, you configure a firewall filter for the family of traffic to be sampled. You must attach this filter to the interface on which you want to sample the traffic.

  • [edit forwarding-options]—At this level, you configure a sampling instance and associate the template with the sampling instance. At this level, you also configure the flow-server IP address and port number as well as the flow export rate.

  • [edit services flow-monitoring] —At this level, you configure the template properties for inline flow monitoring.

Before you configure inline active flow monitoring, you should ensure that you have adequately-sized hash tables for IPv4, IPv6, MPLS, and VPLS flow sampling. These tables can use one to fifteen 256K areas. Starting with Junos OS Release 16.1R1 and 15.1F2, the IPv4 table is assigned a default value of 1024. Prior to Junos OS Release 16.1 and 15.1F2, the IPv4 table is assigned a default value of fifteen 256K areas. The IPv6 table is assigned a default value of 1024, and the VPLS table is assigned a default value of 1024. When anticipated traffic volume requires larger tables, allocate larger tables.

To allocate flow hash tables:

  1. Go to the [edit-flow-table-size] hierarchy level for inline services on the FPC that processes the monitored flows.
  2. Specify the required sizes for the sampling hash tables.
    Note

    Starting in Junos OS Release 18.2R1, the bridge-flow-table-size option is available and the vpls-flow-table-size option is deprecated; use the bridge-flow-table-size option instead. The bridge-flow-table-size option supports both VPLS and bridge records.

    Note

    The total number of units used for IPv4, IPv6, MPLS, and VPLS cannot exceed 15. Also, starting in Junos OS Release 16.1R1 and 15.1F2, changing the flow hash table size does not automatically reboot the FPC (for earlier releases changing the flow hash table size triggers the FPC to reboot).

To configure inline active flow monitoring on MX Series routers (except for MX80 and MX104 routers), EX Series switches, and T4000 routers with Type 5 FPC:

  1. Enable inline active flow monitoring and specify the source address for the traffic.
  2. Specify the template to use with the sampling instance.
  3. Configure a template to specify output properties.
  4. (Optional) Configure the interval after which an active flow is exported.
  5. (Optional) Configure the interval of activity that marks a flow as inactive.
  6. (Optional) Configure the template refresh rate in either number of packets or number of seconds.
  7. (Optional) Configure the refresh rate in either number of packets or number of seconds.
  8. Specify the type of record that the template is used for.

    The vpls-template option is only for IPFIX templates.

    Starting in Junos OS Release 18.2R1, the bridge-template option is available and the vpls-template option is deprecated; use the bridge-template option instead. The bridge-template option supports both VPLS and bridge records and is for both IPFIX and version9 templates.

    Starting in Junos OS Release 18.4R1, the MPLS-ipv4-template option is deprecated for inline flow monitoring. To configure MPLS records starting in Junos OS Release 18.4R1, use the mpls-template option and the tunnel-observation option. This is described in step 9.

  9. Starting in Junos OS Release 18.4R1 for the MX Series, if you are configuring any type of MPLS flow records, perform the following:

    1. Specify the MPLS template.
    2. Configure the type of MPLS flow records to create.

      The tunnel-observation values enable the creation of the following types of flow records:

      • ipv4—MPLS-IPv4 flows

      • ipv6—MPLS-IPv6 flows

      You can configure multiple values for tunnel-observation.

      For an MPLS traffic type that does not match any of the tunnel-observation values, plain MPLS flow records are created. For example, if you only configure ipv4, then MPLS-IPv6 traffic results in plain MPLS flow records.

      If you do not configure tunnel-observation, plain MPLS flow records are created.

    3. If you are running inline flow monitoring on a Lookup (LU) card, enable sideband mode to create MPLS-IPv6 flow records.

      If you are running inline flow monitoring on an LU card and do not enable sideband mode, then MPLS-IPv6 traffic results in plain MPLS flow records.

  10. (Optional) Include the flow direction value in the template.

    The reported data field contains 0x00 (ingress) or 0x01 (egress). If you do not include the flow-key flow-direction statement, the flow direction data field contains the invalid value 0xFF.

  11. (Optional) Include VLAN IDs in both the ingress and egress directions in the flow key.

    This statement is not required for ingress and egress VLAN ID reporting on interfaces.

  12. Associate the sampling instance with the FPC on which you want to implement inline active flow monitoring.

    For MX240, MX480, MX960, MX2010, MX2020, use the following command:

    1. Confirm the configuration by running the following show command:

    For MX5, MX10, MX40, and MX80, use the following command:

    1. Confirm the configuration by running the following show command:

    For MX104, use the following command:

    1. Confirm the configuration by running the following show command:

This example shows the sampling configuration for an instance that supports inline active flow monitoring on family inet:

Here is the output format configuration:

The following example shows the output format configuration for chassis fpc 0:

Release History Table
Release
Description
Starting in Junos OS Release 18.4R1, the MPLS-ipv4-template option is deprecated for inline flow monitoring. To configure MPLS records starting in Junos OS Release 18.4R1, use the mpls-template option and the tunnel-observation option.
Starting in Junos OS Release 18.2R1, the bridge-flow-table-size option is available and the vpls-flow-table-size option is deprecated; use the bridge-flow-table-size option instead.
Starting in Junos OS Release 18.2R1, the bridge-template option is available and the vpls-template option is deprecated; use the bridge-template option instead.
On MX Series routers running Junos OS Release 16.1R4 and later, you can export flow records to four collectors under a family with the same source IP address for Inline-JFlow.
Starting with Junos OS Release 16.1R1 and 15.1F2, the IPv4 table is assigned a default value of 1024.
Also, starting in Junos OS Release 16.1R1 and 15.1F2, changing the flow hash table size does not automatically reboot the FPC