Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Inline Active Flow Monitoring on PTX Series Routers

 

This topic describes how to configure inline flow monitoring on PTX Series Routers for IPv4 and IPv6 traffic.

Table 1 lists the PTX Series platform support for various types of traffic for inline active flow monitoring.

Table 1: PTX Series Platform Support for Inline Active Flow Monitoring

Platform

Support

PTX3000 Series

Junos OS 18.1R1—IPv4 and IPv6 traffic (both IPFIX and version 9)

Junos OS 18.2R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

PTX5000 Series

Junos OS 18.1R1—IPv4 and IPv6 traffic (both IPFIX and version 9)

Junos OS 18.2R1, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

PTX1000

Junos OS 17.3R1—IPv4 and IPv6 traffic (version 9 only).

PTX10001-36MR

Junos OS Evolved 20.3R1—IPv4, IPv6, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

PTX10002-60C

Junos OS 18.4R1—IPv4 and IPv6 traffic (both IPFIX and version 9).

Junos OS 19.4R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

PTX10003

Junos OS Evolved 19.3R1—IPv4 and IPv6 traffic (IPFIX and version 9).

Junos OS Evolved 20.1R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

PTX10004

Junos OS Evolved 20.4R1—IPv4, IPv6, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic (IPFIX and version 9).

PTX10008 (with the JNP10008-SF3 and the JNP10K-LC1201 line card)

Junos OS Evolved 19.3R1—IPv4 and IPv6 traffic (IPFIX and version 9).

Junos OS Evolved 20.1R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

PTX10008 (with the JNP10008-SF3 and the JNP10K-LC1202 line card)

Junos OS Evolved 20.3R1—IPv4, IPv6, MPLS, MPLS-IPv4, and MPLS-IPv6 traffic (IPFIX and version 9).

PTX10008 (without the JNP10008-SF3) and PTX10016

Junos OS 18.1R1—IPv4 and IPv6 traffic (both IPFIX and version 9)

Junos OS 18.2R1—MPLS, MPLS-IPv4, and MPLS-IPv6 traffic.

To configure inline flow monitoring for MPLS-over UDP traffic on PTX Series Routers, see Inline Active Flow Monitoring of MPLS-over-UDP Flows on PTX Series Routers. Inline active flow monitoring for MPLS-over-UDP traffic is not supported on the PTX10001-36MR, PTX10003, PTX10004, and the PTX10008 (with the JNP10008-SF3) routers. Starting in Junos OS Release 18.2R1, you can configure up to four collectors under a family for inline active flow monitoring. In previous releases of Junos OS, you could configure only one collector under a family for inline active flow monitoring. Starting in Junos OS Evolved 20.3R1, for the PTX10003 and PTX10008 (with the JNP10K-LC1201 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring. Starting with Junos OS Evolved 20.4R1, for the PTX10001-36MR and the PTX10008 (with the JNP10K-LC1202 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring. To configure a collector under a family for inline active flow monitoring, configure the flow-server statement at the edit forwarding-options sampling-instance instance-name family (inet | inet6) output hierarchy level. To specify up to four collectors, include up to four flow-server statements.

Inline flow monitoring is implemented on the Logical CPU (LCPU). All the functions like flow creation, flow update, and flow records export are done by the LCPU. The flow records are sent out in either the IPFIX format or the version 9 format.

The following limitations and restrictions apply to the inline active flow monitoring feature in Junos OS and Junos OS Evolved:

  • Egress MPLS filters are not supported on the PTX10001-36MR, PTX10003, PTX10004, and the PTX10008 (with the JNP10008-SF3) routers.

  • The PTX10001-36MR router does not support multiple FPC sampling collection because it has only 1 Routing Engine.

  • True outgoing interface (OIF) reporting is not supported for egress sampling. In Junos OS Evolved, true outgoing interface (OIF) reporting is not supported for GRE de-encapsulated packets.

  • The interface type field for the true incoming interface is not part of the version 9 template because this element is not present in the version 9 export version.

  • For tunneled traffic on the PTX10008 (with the JNP10008-SF3) routers, you configure an FTI interface to terminate a GRE tunnel. To sample this traffic, you configure a firewall filter with the sample action applied to the FTI interface. For tunneled traffic, the FTI interface is reported in the layer 2 header instead of the physical interface on which the tunnel traffic is received, is moved in or out of the aggregated Ethernet bundle, no new flow is created, because the FTI interface and the incoming interface reported in the layer 2 header are still the same. The export records reflect the incoming interface values of the aggregated Ethernet and the physical interface based on the configuration, so apart from the difference in flow creation behavior, there is no visible behavior change in this scenario.

    For the PTX10003 routers, you use a firewall filter to accept GRE-encapsulated traffic, count it, and then de-encapsulate it and sample it. Therefore, when physical interfaces are moved in or out of the aggregated Ethernet bundle, a new flow is created and the old flows will be timed out after a period of inactivity. However, for the PTX10008 (with the JNP10008-SF3) routers, no new flow is created.

Configuring the Template to Specify Output Properties

Configure a template to specify the output properties for the flow records:

  1. Configure the template name.
  2. (Optional) Configure the interval after which an active flow is exported.
  3. (Optional) Configure the interval of activity that marks a flow as inactive.
  4. (Optional) Configure the frequency at which the flow generator sends updates about template definitions to the flow collector. Specify either number of packets or number of seconds.
  5. (Optional) Configure the refresh rate in either number of packets or number of seconds.
  6. Specify the type of record that the template is used for.
  7. If you are monitoring MPLS flows, identify the types of MPLS flows.

    The tunnel-observation values enable the creation of the following types of flows:

    • ipv4—MPLS-IPv4 flows

    • ipv6—MPLS-IPv6 flows

    • mpls-over-udp—MPLS-over-UDP flows

    You can configure multiple values for tunnel-observation. Flows are created for only the deepest match. For example, if you configure both ipv4 and mpls-over-udp and the traffic type is MPLS-over-UDP, flows are created for MPLS-over-UDP. If you configure ipv4 but do not configure mpls-over-udp and the traffic type is MPLS-over-UDP, flows are created for MPLS-IPv4.

    If the MPLS traffic type does not match any of the tunnel-observation values, then plain MPLS flows are created.

    If you do not configure tunnel-observation, plain MPLS flows are created.

    If the tunnel-observation statement is added or deleted, or if the configured value is changed, all flows related to the old template will be deleted and replaced by new flows using the changed template.

  8. Enable the learning of next-hop addresses so that the true outgoing interface (OIF) is reported.

Configuring the Sampling Instance

Configure a sampling instance:

  1. Configure the sampling instance name.
  2. Configure the protocol family for the sampling instance.
  3. Set the ratio of the number of packets to be sampled. For example, if you specify a rate of 10, every tenth packet (1 packet out of 10) is sampled.
    Best Practice

    We recommend that you use a value of 1000 or higher for MPLS flows.

  4. Specify the source address for the traffic to be sampled.
  5. Specify the flow export rate of monitored packets in kpps.
  6. Specify the output address and port for a flow server.
  7. Specify the template to use with the sampling instance.

Assigning the Sampling Instance to an FPC

  • Assign the sampling instance to the FPC on which you want to implement flow monitoring.

Configuring a Firewall Filter

Configure a firewall filter to specify the family of traffic to accept and sample.

  1. Configure the firewall filter name and specify the family of traffic.
  2. Configure a term to sample and accept traffic.

Assigning the Firewall Filter to the Monitored Interface

  • Assign the input firewall filter to the interface you want to monitor.

The following is an example of the sampling configuration for an instance that supports inline flow monitoring on family inet and on family inet6:

The following example shows the output format configuration:

Release History Table
Release
Description
Starting with Junos OS Evolved 20.4R1, for the PTX10001-36MR and the PTX10008 (with the JNP10K-LC1202 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring.
Starting in Junos OS Evolved 20.3R1, for the PTX10003 and PTX10008 (with the JNP10K-LC1201 line card and the JNP10008-SF3) routers, you can configure up to four collectors for inline active flow monitoring.
Starting in Junos OS Release 18.2R1, you can configure up to four collectors under a family for inline active flow monitoring. In previous releases of Junos OS, you could configure only one collector under a family for inline active flow monitoring.