[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Dynamic Flow Capture Configuration

The following example shows a complete dynamic flow capture configuration. On Router 1, configure the dynamic flow capture interface, the interfaces that connect to the control source and content destination, and the interface that receives passively monitored traffic. Then, configure the capture group and specify your control source and content destination requirements. Next, configure filter-based forwarding (FBF) to send monitored traffic to logical unit 1 of the dynamic flow capture interface. Finally, configure a firewall filter and routing table groups to complete the configuration.

Router 1



[edit]
interfaces {


                 
dfc-0/0/0 { # DFC PIC that processes requests from the control source.


unit 0 {


family inet {


                       
address 2.1.0.0/32
{ # Address of the Routing Engine for the DFC PIC. 

destination 10.36.100.1; # Address
of DFC PIC; used by
} # the control source to communicate with the monitoring
station.


}


}




                   
unit 1 { #
This logical interface receives data packets.
family inet; 
}




                   
unit 2 {  # This logical interface sends out copies of matched packets.
family inet; 
}


}




                 
fe-4/1/2 { #
Interface that receives filtering requests from cs1.


unit 0 {


family inet {
address 10.36.41.2/30; 
}


}


}




                 
ge-7/0/0 {  # Interface that sends monitored packets to cd1.


unit 0 {


family inet {
address 10.36.70.1/30;
}


}


}




                 
so-1/2/0 {  # Interface that receives traffic to be monitored.
encapsulation ppp; 


unit 0 {
                   
passive-monitor-mode; #
Enables this interface to be passively monitored.  
              



family inet {


filter {
input catch;
}


}


}


}


}
services {


                 
dynamic-flow-capture {               



                   
capture-group g1 {                 

                   
interfaces dfc-0/0/0; # Specifies which interface to use for DFC processing.
                   
input-packet-rate-threshold
90k; # Traffic threshold for system log messages.
                   
pic-memory-threshold percentage
80; # Memory threshold for log messages.


                     
control-source cs1 { # Specifies addresses and ports for the control source.
source-addresses 10.36.41.1; 
service-port 2400; 


notification-targets {
10.36.41.1 port 2100;
}


shared-key "$9$ASxdsYoX7wg4aHk"; 
allowed-destinations cd1; 
}




                     
content-destination cd1
{ # Specifies content destination addresses and TTL.
address 10.36.70.2; 
ttl 244; 
}


}


}


}
firewall {


                 
filter catch { # Places monitored traffic into the filter-based forwarding instance.
interface-specific;


term def {


then {
count counter; 
routing-instance fbf_inst; 
}


}


}


}
routing-instances {


                 
fbf_inst { # Sends matching traffic to the DFC PIC for processing.
instance-type forwarding;


routing-options {


static {
                     
route 0.0.0.0/0 next-hop
dfc-0/0/0.1;                   

}


}


}


}
routing-options {


interface-routes {
rib-group inet common;
}




rib-groups {


                   
common { #
Shares routes between the instance and the main routing table.
import-rib [ inet.0 fbf_inst.inet.0 ];
}


}




forwarding-table {
export pplb;
}


}

[Contents] [Prev] [Next] [Index] [Report an Error]