[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Enabling Passive Flow Monitoring

The following example shows a complete configuration for enabling passive flow monitoring on an Ethernet interface.

In this example, the Gigabit Ethernet interface can accept all Ethernet packets. It strips VLAN tags (if there are any) and up to two MPLS labels blindly, and passes IPv4 packets to the monitoring interface. With this configuration, it can monitor IPv4, VLAN+IPv4, VLAN+MPLS+IPv4, and VLAN+MPLS+MPLS+IPv4 labeled packets.

The Fast Ethernet interface can accept only packets with VLAN ID 100. All other packets are dropped. With this configuration, it can monitor VLAN (ID=100)+IPv4, VLAN (ID=100)+MPLS+IPv4, and VLAN (ID=100)+MPLS+MPLS+IPv4 labeled packets.

[edit firewall]
family inet {
filter input-monitoring-filter {
term def {
then {
count counter;
accept;
}
}
}
}
[edit interfaces]
ge-0/0/0 {
passive-monitor-mode;
gigether-options {
mpls {
pop-all-labels;
}
}
unit 0 {
family inet {
filter {
input input-monitoring-filter;
}
}
}
}
fe-0/1/0 {
passive-monitor-mode;
vlan-tagging;
fastether-options {
mpls {
pop-all-labels [required-depth [ 1 2 ] ];
}
}
unit 0 {
vlan-id 100;
family inet {
filter {
input input-monitoring-filter;
}
}
}
}
mo-1/0/0 {
unit 0 {
family inet {
receive-options-packets;
receive-ttl-exceeded;
}
}
unit 1 {
family inet;
}
}
[edit forwarding-options]
monitoring mon1 {
family inet {
output {
export-format cflowd-version-5;
cflowd 50.0.0.2 port 2055;
interface mo-1/0/0.0 {
source-address 50.0.0.1;
}
}
}
}
[edit routing-instances]
monitoring-vrf {
instance-type vrf;
interface ge-0/0/0.0;
interface fe-0/1/0.0;
interface mo-1/0/0.1;
route-distinguisher 68:1;
vrf-import monitoring-vrf-import;
vrf-export monitoring-vrf-export;
routing-options {
static {
route 0.0.0.0/0 next-hop mo-1/0/0.1;
}
}
}
[edit policy-options]
policy-statement monitoring-vrf-import {
then {
reject;
}
}
policy-statement monitoring-vrf-export {
then {
reject;
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.