JUNOS 9.4 Services Interfaces Configuration Guide

JUNOS 9.4 Services Interfaces Configuration Guide

Techpubs Home
Report an Error

Collapse TOC

List of Figures
List of Tables

Index
Index of Statements and Commands

Entire manual as PDF

About This Guide

Objectives

Audience

Supported Platforms

Using the Indexes

Using the Examples in This Manual

Documentation Conventions

List of Technical Publications

Documentation Feedback

Requesting Technical Support

Services Interfaces Overview

Services PIC Types
Supported Platforms

Services Interfaces Configuration Statements

[edit applications] Hierarchy Level
[edit forwarding-options] Hierarchy Level
[edit interfaces] Hierarchy Level
[edit logical-systems] Hierarchy Level
[edit protocols] Hierarchy Level
[edit services] Hierarchy Level

Adaptive Services Overview

Enabling Service Packages

Layer 2 Service Package Capabilities and Interfaces

Services Configuration Procedure

Packet Flow Through the Adaptive Services or MultiServices PIC

Stateful Firewall Overview

Stateful Firewall Support for Application Protocols
Stateful Firewall Anomaly Checking

Network Address Translation Overview

Traditional NAT
Twice NAT

IPSec Overview

IPSec
Security Associations
IKE
Comparison of IPSec Services and ES Interface Configuration

Layer 2 Tunneling Protocol Overview

Voice Services Overview

Class of Service Overview

Packet Gateway Overview

Examples: Services Interfaces Configuration

Applications Configuration Guidelines

Configuring Application Protocol Properties

Configuring an Application Protocol
Configuring the Network Protocol
Configuring the ICMP Code and Type
Configuring Source and Destination Ports
Configuring the Inactivity Timeout Period
Configuring SIP
Configuring an SNMP Command
Configuring an RPC Program Number
Configuring the TTL Threshold
Configuring a Universal Unique Identifier

Configuring Application Sets

ALG Descriptions

Basic TCP ALG
Basic UDP ALG
BOOTP
DCE RPC Services
FTP
H323
ICMP
IIOP
NetShow
RealAudio
RPC and RPC Portmap Services
RTSP
SMB
SNMP
SQLNet
TFTP
Traceroute
UNIX Remote-Shell Services
WinFrame

Verification

FTP Example

Sample Output

FTP System Log Messages

Analysis

Control Flows
Data Flows

Troubleshooting Questions

RTSP ALG Example

Sample Output
Analysis
Troubleshooting Questions

System Log Messages

System Log Configuration
System Log Output

JUNOS Default Groups

Examples: Referencing the Preset Statement from the JUNOS Default Group

Examples: Configuring Applications

Summary of Applications Configuration Statements

application
application-protocol
application-set
applications
destination-port
icmp-code
icmp-type
inactivity-timeout
learn-sip-register
protocol
rpc-program-number
sip-call-hold-timeout
snmp-command
source-port
ttl-threshold
uuid

Stateful Firewall Services Configuration Guidelines

Configuring Stateful Firewall Properties

Configuring the Stateful Firewall Rule Set

Configuring Stateful Firewall Rule Content

Configuring Match Direction

Configuring Stateful Firewall Match Conditions

Configuring Stateful Firewall Actions

Configuring IP Option Handling

Examples: Configuring Stateful Firewall Properties

Summary of Stateful Firewall Configuration Statements

allow-ip-option
application-sets
applications
destination-address
destination-address-range
destination-prefix-list
from
match-direction
rule
rule-set
services
source-address
source-address-range
source-prefix-list
syslog
term
then

Network Address Translation Services Configuration Guidelines

Configuring Network Address Translation Properties

Configuring Address and Port Information

Configuring a Pool
Specifying the Destination or Source Prefix
Addressing Information
Configuring IPv6 Multicast Filters

Configuring the NAT Rule Set

Configuring NAT Rule Content

Configuring NAT Match Direction
Configuring NAT Type
Configuring NAT Match Conditions
Configuring NAT Actions

Examples: Configuring Network Address Translation Properties

Dynamic Source Translation

Static Source Translation

Dynamic and Static Source Translation

Oversubscribed Pool with No Fallback

Oversubscribed Pool with a Fallback to NAPT

Multiple Prefixes and Address Ranges in Static Source Translation

Assigning Addresses from a Dynamic Pool for Static Use

Configuring NAT Rules Without Defining a Pool

Configuring Specific Addresses That Are Not to Be Translated

Configuring Network Address Translation for Multicast Traffic

Rendezvous Point Configuration
Router 1 Configuration

Configuring Twice NAT

Configuring Full-Cone NAT

Summary of Network Address Translation Configuration Statements

destination-address

destination-address-range

destination-pool

destination-prefix

destination-prefix-list

from

hint

ipv6-multicast-interfaces

ports-per-session

remotely-controlled

source-address-range

source-pool

source-prefix

source-prefix-list

translation-type (Traditional NAT)
translation-type (Twice NAT)

transport

Intrusion Detection Service Configuration Guidelines

Configuring Intrusion Detection Properties

Configuring the IDS Rule Set

Configuring IDS Rule Content

Configuring Match Direction
Configuring IDS Match Conditions
Configuring IDS Actions

Examples: Configuring Intrusion Detection Properties

Summary of Intrusion Detection Service Configuration Statements

aggregation
application-sets
applications
by-destination
by-pair
by-source
destination-address
destination-address-range
destination-prefix
destination-prefix-ipv6
destination-prefix-list
force-entry
from
ignore-entry
logging
match-direction
mss
rule
rule-set
services
session-limit
source-address
source-address-range
source-prefix
source-prefix-ipv6
source-prefix-list
syn-cookie
syslog
term
then
threshold

IPSec Services Configuration Guidelines

Minimum Security Association Configurations

Manual SA Configuration
Dynamic SA Configuration

Configuring Security Associations

Configuring Manual Security Associations

Configuring Direction

Example: Configuring Inbound and Outbound Direction Statements
Example: Configuring Bidirectional Statement

Configuring the Protocol

Configuring the Security Parameter Index

Configuring the Auxiliary Security Parameter Index

Configuring Authentication

Configuring Encryption

Configuring Dynamic Security Associations

Clearing Security Associations

Configuring an IKE Proposal

Configuring an IKE Authentication Algorithm
Configuring an IKE Authentication Method
Configuring an IKE Diffie-Hellman Group
Configuring an IKE Encryption Algorithm
Configuring the Lifetime for an IKE SA
Example: Configuring an IKE Proposal

Configuring an IKE Policy

Configuring the IKE Policy Mode

Configuring IKE Policy Proposals

Configuring a Preshared Key

Configuring a Local Certificate

Configuring a Certificate Revocation List

Configuring an IKE Policy Description

Configuring Local and Remote IDs

Example: Configuring an IKE Policy

Configuring an IPSec Proposal

Configuring an Authentication Algorithm
Configuring an IPSec Proposal Description
Configuring an Encryption Algorithm
Configuring the Lifetime for an IPSec SA
Configuring the Protocol for the Dynamic SA

Configuring an IPSec Policy

Configuring an IPSec Policy Description
Configuring Perfect Forward Secrecy
Configuring IPSec Policy Proposals
Example: IPSec Policy Configuration

Configuring IPSec Service Rules

Configuring the IPSec Rule Set

Configuring IPSec Rule Content

Configuring IPSec Match Conditions

Configuring IPSec Actions

Enabling IPSec Packet Fragmentation
Configuring the Remote Address and Backup Remote Address
Disabling the Anti-Replay Window
Enabling System Log Messages
Configuring the Tunnel MTU Value

Configuring Dynamic Endpoints

Authentication Process
Dynamic Implicit Rules
Reverse Route Insertion
Configuring an IKE Access Profile
Configuring the Service Set
Configuring the Interface Identifier
Default IKE and IPSec Proposals

Tracing IPSec Operations

Examples: Configuring IPSec Services

Statically Assigned Tunnels
Dynamically Assigned Tunnels

Summary of IPSec Services Configuration Statements

authentication

authentication-algorithm

authentication-algorithm (IKE)
authentication-algorithm (IPSec)

authentication-method

auxiliary-spi

backup-remote-gateway

clear-dont-fragment-bit

clear-ike-sas-on-pic-restart

clear-ipsec-sas-on-pic-restart

description

destination-address

encryption-algorithm

from

ike

initiate-dead-peer-detection

ipsec

ipsec-inside-interface

lifetime-seconds

local-certificate

perfect-forward-secrecy

policy

policy (IKE)
policy (IPSec)

pre-shared-key

proposal

proposal (IKE)
proposal (IPSec)

Layer 2 Tunneling Protocol Services Configuration Guidelines

L2TP Services Components

L2TP Minimum Configuration

Configuring L2TP Group Properties

Configuring a Tunnel Group
Configuring Access Profiles
Configuring Addressing
Configuring Window Size
Configuring Timers
Hiding Attribute-Value Pairs
Configuring System Log Properties

Configuring the Logical Interface Identifier

Configuring Multilink on Shared Interfaces

L2TP Redundancy

Tracing L2TP Operations

Examples: Configuring L2TP Services

Summary of Layer 2 Tunneling Protocol Configuration Statements

facility-override

hello-interval

hide-avps

host

l2tp-access-profile

local-gateway address

log-prefix

maximum-send-window

ppp-access-profile

receive-window

retransmit-interval

service-interface

services

services (Hierarchy)
services (L2TP System Logging)

Link Services IQ Interfaces Configuration Guidelines

Layer 2 Service Package Capabilities and Interfaces

LSQ Failure Recovery

Interchassis LSQ Failover

Configuring Failover Options
Configuring Interoperability
Configuration Restrictions

Stateless Intrachassis LSQ Failover

Stateful Intrachassis LSQ Failover

Configuring Intrachassis LSQ Redundancy
LSQ Failure Conditions and Constraints
Link PIC Redundancy
Examples: Configuring Intrachassis LSQ Redundancy

Link Services IQ CoS Components

Scheduler Buffer Size
Scheduler Priority
Scheduler Shaping Rate
Drop Profiles

Configuring Fragmentation by Forwarding Class

Configuring Link-Layer Overhead

Configuring Multiclass MLPPP

Oversubscribing Interface Bandwidth

Example: Oversubscribing an LSQ Interface

Providing a Guaranteed Minimum Rate

Example: Providing a Guaranteed Minimum Rate

Configuring Link Services and CoS

Link Services CoS on J-series Services Routers

Common Uses for the Link Services IQ Interface

Configuring an NxT1 Bundle Using MLPPP

Example: Configuring an NxT1 Bundle Using MLPPP

Configuring an NxT1 Bundle Using FRF.16

Examples: Configuring an NxT1 Bundle Using FRF.16

Configuring a Single Fractional T1 Interface Using MLPPP and LFI

Example: Configuring a Single Fractional T1 Using MLPPP and LFI

Configuring a Single Fractional T1 Interface Using FRF.12

Examples: Configuring a Single Fractional T1 Interface Using FRF.12

Configuring an NxT1 Bundle Using FRF.15

Configuring a T3 Link for Compressed RTP over MLPPP

Configuring a T3 or OC3 Interface Using FRF.12

Configuring an ATM2 IQ Interface Using MLPPP

Summary of Link Services IQ Configuration Statements

cisco-interoperability
forwarding-class
fragment-threshold
fragmentation-map
fragmentation-maps
hot-standby
link-layer-overhead
lsq-failure-options
multilink-class
multilink-max-classes
no-fragmentation
no-termination-request
per-unit-scheduler
preserve-interface
primary
redundancy-options
secondary
trigger-link-failure
warm-standby

Voice Services Configuration Guidelines

Configuring Voice Services Properties

Configuring the Interface Address
Configuring Compression
Configuring Delay-Sensitive Packet Interleaving
Example: Configuring Compression

Configuring Encapsulation

Configuring the Network Interface

Configuring Voice Services Bundles
Configuring the Compression Interface

Configuring VoIP Routing on J-series Services Routers

Functional Components
Configuring the VoIP Interface
Configuring the Media Gateway Controller List
Configuring Dynamic Call Admission Control

Examples: Configuring Voice Services

Summary of Voice Services Configuration Statements

activation-priority
address
bearer-bandwidth-limit
bundle
compression
compression-device
dynamic-call-admission-control
encapsulation
f-max-period
family
fragment-threshold
interfaces
maximum-contexts
port
queues
rtp
unit

Class-of-Service Configuration Guidelines

Configuring Class-of-Service Properties

Configuring the Class-of-Service Rule Set

Configuring Class-of-Service Rule Content

Configuring Class-of-Service Match Direction

Configuring Class-of-Service Match Conditions

Configuring Class-of-Service Actions

Configuring Application Profiles
Configuring Reflexive and Reverse CoS Actions

CoS Configuration Restrictions

Output Packet Rewriting

CoS Hierarchy Configuration Examples

Examples: Configuring Class-of-Service Properties

Summary of Class-of-Service Configuration Statements

application-profile
application-sets
applications
destination-address
destination-prefix-list
dscp
forwarding-class
from
match-direction
(reflexive | reverse)
rule
rule-set
services
sip-text
sip-video
sip-voice
source-address
source-prefix-list
syslog
term
then

Service Set Configuration Guidelines

Configuring Service Sets

Configuring Services Interfaces

Configuring an Interface Service Set

Configuring a Next-Hop Service Set

Determining Traffic Direction

Interface Style Service Sets
Next-Hop Style Service Sets

Configuring Service Rules

Configuring IPSec Options

Configuring the Local Gateway Address

IKE Addresses in VRF Instances

Configuring an IKE Access Profile

Configuring Certification Authorities

Configuring the Maximum Number of Flows

Configuring System Log Properties

Allowing Multicast Traffic

Service Set Extensions for JUNOS SDK Applications

Interface Service Sets for JUNOS SDK Applications
Next-Hop Service Sets for JUNOS SDK Applications
Limitations and Constraints for SDK Service Sets
Enabling JUNOS SDK Services

Tracing Adaptive Services or MultiServices PIC Operations

Configuring the Adaptive Services Log Filename
Configuring the Number and Size of Adaptive Services Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Trace Operations

Example: Configuring Service Sets

Summary of Service Set Configuration Statements

adaptive-services-pics

allow-multicast

extension-service

facility-override

host

ids-rules

ike-access-profile

interface-service

ipsec-vpn-options

service-interface

service-set

services

services (Hierarchy)
services (System Logging)

stateful-firewall-rules

syslog

traceoptions

trusted-ca

Interface Configuration Guidelines

Naming Services Interfaces

Configuring Interface Properties

Configuring the Interface Address and Domain
Configuring Default Timeout Settings
Configuring Default System Log Properties
Enabling Fragmentation on GRE Tunnels

Applying Filters and Services to an Interface

Configuring Service Filters

Configuring AS or MultiServices PIC Redundancy

Examples: Configuring a Services Interface

Summary of Interface Configuration Statements

address
clear-dont-fragment-bit
dial-options
facility-override
family
host
inactivity-timeout
input
interfaces
log-prefix
open-timeout
output
post-service-filter
primary
redundancy-options
secondary
service
service-domain
service-filter
service-set
services
services-options
syslog
unit

Packet Gateway Configuration Guidelines

Configuring Virtual Packet Gateways

Configuring a Connection to the Packet Gateway Controller

Configuring NAT Pools for the Packet Gateway

Configuring a Media Service

Configuring a Virtual Interface

Configuring H.248 Timers

Configuring Default Values for H.248 Properties

Limiting FUF Terms on VPGs

Limiting the Rate of Messages Sent from the PIC

Enabling Application Layer Gateways for RTP and RTCP for Media Flows

Configuring Graceful Restart

Detecting Latch Deadlocks and Inactivity Delays

Configuring the Service State of a VPG or a Virtual Interface

Configuring the Service State of a VPG
Configuring the Service State of a Virtual Interface

Configuring the Packet Gateway Rule Content

Configuring the Packet Gateway Rule Set

Configuring Session Mirroring

Configuring Overload Control

Enabling Wildcards for Service Changes

Enabling a History of Media Inactivity Notifications

Disabling Bit Mirroring of DSCP Marking

Configuring ServiceChange Method and Reason

Tracing PGCP Operations

Example: Configuring a Packet Gateway

Summary of Packet Gateway Configuration Statements

administrative

administrative (Control Association)
administrative (Virtual Interface)

algorithm

application-data-inactivity-detection

audit-observed-events-returns-history

base-root

cancel-graceful

cancel-graceful (Control Association)
cancel-graceful (Virtual Interface)

cleanup-timeout

context-indications

control-association-indications

controller-address

controller-failure

controller-port

data-inactivity-detection

delivery-function

destination-address

destination-port

detect

diffserv

disable-session-mirroring

event-timestamp-notification

failover-cold

failover-warm

failure

failure (Control Association)
failure (Virtual Interface)

fast-update-filters

gateway

gateway-address

gateway-controller

gateway-port

graceful

graceful (Control Association)
graceful (Virtual Interface)

hanging-termination-detection

inactivity-delay

inactivity-duration

inactivity-timeout

inactivity-timer

initial-average-ack-delay

interface

interim-ah-scheme

ip-flow-stop-detection

latch-deadlock-delay

link-loss

max-burst-size

max-burst-size (All Streams)
max-burst-size (RTCP Streams)

max-concurrent-calls

maximum-fuf-percentage

maximum-inactivity-time

maximum-net-propagation-delay

maximum-synchronization-mismatches

maximum-synchronization-time

maximum-terms

maximum-waiting-delay

media

media-service

mg-maximum-pdu-size

mg-originated-pending-limit

mg-provisional-response-timer-value

mg-segmentation-timer

mgc-maximum-pdu-size

mgc-originated-pending-limit

mgc-provisional-response-timer-value

mgc-segmentation-timer

monitor

nat-pool

network-operator-id

normal-mg-execution-time

normal-mgc-execution-time

notification-behavior

notification-rate-limit

notification-regulation

no-dscp-bit-mirroring

overload-control

peak-data-rate

peak-data-rate (All Streams)
peak-data-rate (RTCP Streams)

queue-limit-percentage

reconnect

report-service-change

request-timestamp

send-notification-on-delay

service-change

service-change-type

service-interface

service-state

service-state (VPG)
service-state (Virtual Interface)

services

session-mirroring

source-address

source-port

state-loss

stop-detection-on-drop

sustained-data-rate

sustained-data-rate (All Streams)
sustained-data-rate (RTCP Streams)

timerx

tmax-retransmission-delay

traceoptions

traffic-management

up

virtual-interface

virtual-interface-down

virtual-interface-indications

virtual-interface-up

warm

wildcard-response-service-change

Service Interface Pools Configuration Guidelines

Configuring Service Interface Pools

Summary of Service Interface Pools Statements

interface
pool
service-interface-pools

Border Signaling Gateway Configuration Guidelines

Summary of Border Signaling Gateway Configuration Statements

committed-burst-size

committed-information-rate

datastore

dscp

egress-service-point

from (New Call Usage Policy)
from (New Transaction Policy)
from (Service Class)

gateway

maximum-call-duration

media-policy

media-type

minimum

new-call-usage-policies

new-call-usage-policy

new-call-usage-policy-set

new-transaction-policies

new-transaction-policy

new-transaction-policy-set

service-interface

service-interface (Gateway)
service-interface (Service Point)

service-point

service-point-type

term (New Call Usage Policy)
term (New Transaction Policy)
term (Service Class)

then

then (New Call Usage Policy)
then (New Transaction Policy)
then (Service Class)

timer-c

timers

traceoptions

Data Link Switching Overview

Overview
DLSw Standards

Data Link Switching Configuration Guidelines

Configuring DLSw Properties

Minimum DLSw Configuration

Configuring the Remote Peer

Configuring Load Balancing

Configuring DLSw Timers

Configuring the Local Peer

Examples: Configuring DLSw Peers

Configuring the Initial Pacing Window

Configuring the Idle Timeout

Configuring the Multicast Address

Configuring Class of Service

Example: Configuring CoS for a DLSw Connection

Tracing DLSw Protocol Traffic

Configuring Logical Link Control on an Interface

Example: Configuring LLC Options on an Interface

Configuring DLSw Ethernet Redundancy Using LLC2 Properties

Example: Configuring DLSw Ethernet Redundancy

Summary of Data Link Switching Configuration Statements

advertise-interval
circuit-weight
connection-idle-timeout
cost
destination
destination-interface
dlsw
dlsw-cos
explorer-wait-time
hold-time
interface
load-balance
local-mac
local-peer
map
multicast-address
no-preempt
peer
preempt
priority
promiscuous
protocols
reachability-cache-timeout
receive-initial-pacing
redundancy-group
remote-mac
remote-peer
traceoptions
track
type-of-service

Encryption Overview

Encryption Interfaces Configuration Guidelines

Configuring an Encryption Interface

Specifying the Security Association Name
Configuring the MTU for an Encryption Interface
Example: Configuring an Encryption Interface

Configuring Traffic

Traffic Overview

Configuring the Security Association

Configuring an Outbound Traffic Filter

Example: Configuring an Outbound Traffic Filter

Applying the Outbound Traffic Filter

Example: Applying the Outbound Traffic Filter

Configuring an Inbound Traffic Filter

Example: Configuring an Inbound Traffic Filter

Applying the Inbound Traffic Filter to the Encryption Interface

Example: Applying the Inbound Traffic Filter to the Encryption Interface

Configuring an ES Tunnel Interface for a Layer 3 VPN

Configuring ES PIC Redundancy

Example: Configuring ES PIC Redundancy

Configuring IPSec Tunnel Redundancy

Summary of Encryption Configuration Statements

address
backup-destination
backup-interface
destination
es-options
family
filter
interfaces
ipsec-sa
source
tunnel
unit

Flow Monitoring and Discard Accounting Overview

Passive Flow Monitoring
Active Flow Monitoring

Flow Monitoring and Discard Accounting Configuration Guidelines

Minimum Traffic Sampling or Forwarding Configuration

Configuring Traffic Sampling

Configuring Traffic Sampling Properties

Disabling Traffic Sampling

Configuring Traffic Sampling Output

Traffic Sampling Output Files

Tracing Traffic Sampling Operations

Examples: Configuring Traffic Sampling

Sampling a Single SONET Interface
Sampling All Traffic from a Single IP Address
Sampling All FTP Traffic

Configuring Flow Monitoring

Configuring the Flow-Monitoring Interface

Configuring Flow-Monitoring Properties

Configuring the Flow-Monitoring Interface
Exporting Flows
Configuring Timers

Example: Configuring Flow Monitoring

Configuring Flow Aggregation

Configuring Version 5 or Version 8 cflowd

Configuring Version 9 Flow Templates

Configuring the Traffic to be Sampled
Configuring the Version 9 Template Properties
Restrictions
Fields Included in Each Template Type
MPLS Sampling Behavior
Verification
Examples: Configuring Version 9 Flow Templates

Replicating Flows to Multiple Flow Servers

Replicating Routing Engine–Based Sampling to Multiple Flow Servers
Replicating Version 9 Flow Aggregation to Multiple Flow Servers

Debugging cflowd Flow Aggregation

Configuring Port Mirroring

Configuring Tunnels
Filter-Based Forwarding with Multiple Monitoring Interfaces
Restrictions
Configuring Port Mirroring on Services Interfaces
Examples: Configuring Port Mirroring

Load Balancing Among Multiple Monitoring Interfaces

Configuring Discard Accounting

Enabling Passive Flow Monitoring

Passive Flow Monitoring for MPLS Encapsulated Packets

Removing MPLS Labels from Incoming Packets

Example: Enabling Passive Flow Monitoring

Flow-Monitoring Redundancy

Summary of Flow-Monitoring Configuration Statements

accounting

address

aggregate-export-interval

aggregation

autonomous-system-type

cflowd

cflowd (Discard Accounting and Sampling)
cflowd (Flow Monitoring)

family (Interfaces)
family (Monitoring)
family (Port Mirroring)
family (Sampling)

file

file (Sampling)
file (Trace Options)

filename

files

filter

flow-active-timeout

flow-export-destination

flow-inactive-timeout

flow-monitoring

forwarding-options

input

input (Port Mirroring)
input (Sampling)

input-interface-index

interface

interface (Accounting or Sampling)
interface (Monitoring)
interface (Port Mirroring)

max-packets-per-second

monitoring

mpls-ipv4-template

mpls-template

multiservice-options

no-world-readable

option-refresh-rate

output

output (Accounting)
output (Monitoring)
output (Port Mirroring)
output (Sampling)

output-interface-index

passive-monitor-mode

receive-options-packets

receive-ttl-exceeded

required-depth

run-length

sampling

sampling (Forwarding Options)
sampling (Interfaces)

template (Forwarding Options)
template (Services)

template-refresh-rate

version9 (Forwarding Options)
version9 (Services)

world-readable

Flow Collection Configuration Guidelines

Configuring Flow Collection Properties

Configuring Flow Collector Destinations
Configuring a Packet Analyzer
Configuring File Formats
Configuring Interface Mappings
Configuring Transfer Logs
Configuring Retry Attempts

Sending cflowd Records to the Flow Collector Interface

Enabling Flow Collection Mode and Interface

Example: Flow Collector Interface Configuration

Summary of Flow Collection Configuration Statements

file-specification

file-specification (File Format)
file-specification (Interface Mapping)

flow-collector

ftp

ftp (Flow Collector Files)
ftp (Transfer Log Files)

password (Flow Collector File Servers)
password (Transfer Log File Servers)

retry

retry-delay

transfer

transfer-log-archive

username

variant

Dynamic Flow Capture Configuration Guidelines

Dynamic Flow Capture Architecture

Liberal Sequence Windowing

Configuring Dynamic Flow Capture Properties

Configuring the Capture Group
Configuring the Content Destination
Configuring the Control Source
Configuring the DFC PIC Interface
Configuring System Logging
Configuring Thresholds
Configuring Maximum Duplicates

Example: Dynamic Flow Capture Configuration

Flow-Tap Configuration Guidelines

Flow-Tap Architecture

Configuring Flow-Tap Properties

Configuring the Flow-Tap Interface
Configuring Security Properties
Restrictions

Example: Flow-Tap Configuration

Summary of Dynamic Flow Capture and Flow-Tap Configuration Statements

address
allowed-destinations
capture-group
content-destination
control-source
duplicates-dropped-periodicity
dynamic-flow-capture
flow-tap
g-duplicates-dropped-periodicity
g-max-duplicates
hard-limit
hard-limit-target
input-packet-rate-threshold
interface
interfaces
max-duplicates
minimum-priority
no-syslog
notification-targets
pic-memory-threshold
service-port
services
shared-key
soft-limit
soft-limit-clear
source-addresses
ttl

Link and Multilink Services Overview

Link and Multilink Services Configuration Guidelines

Configuring Multilink and Link Services Logical Interface Properties

Default Settings for Multilink and Link Services Logical Interfaces

Configuring a Link Services Point-to-Point DLCI

Configuring a Link Services Multicast-Capable DLCI

Configuring a Drop Timeout Period

Configuring Logical Interface Encapsulation

Configuring a Fragmentation Threshold

Configuring Link Services Delay-Sensitive Packet Interleaving

Configuring LFI with DLCI Scheduling

Example: Configuring LFI with DLCI Scheduling

Configuring Minimum Links

Configuring the MRRU and MTU Values

Configuring the Sequence Format

Configuring Compressed RTP with MLPPP Encapsulation

Example: Configuring Compressed RTP with MLPPP Encapsulation

Configuring Compressed RTP with PPP Encapsulation

Example: Configuring Compressed RTP with PPP Encapsulation

Configuring Link Services Physical Interface Properties

Default Settings for Link Services Interfaces
Configuring the Link Services Physical Interface Encapsulation
Configuring Link Services Acknowledgment Timers
Configuring the Link Services Differential Delay
Configuring Link Services Keepalive Settings on Frame Relay LMI

Multilink and Link Services Interface Structure

Multilink Services and Link Services PIC Capacities
Link Services PIC Capabilities
Configuring Bundles

Configuring CoS Components on Link Services PICs

Link Services CoS on J-series Services Routers
Link Services CoS on M-series and T-series Platforms
Example: Configuring Link Services CoS Components

Examples: Configuring Multilink Interfaces

Examples: Configuring Link Services Interfaces

Summary of Link Services Configuration Statements

acknowledge-retries

acknowledge-timer

action-red-differential-delay

address

bundle

compression-device

destination

disable-mlppp-inner-ppp-pfc

dlci

drop-timeout

encapsulation

encapsulation (Logical Interface)
encapsulation (Physical Interface)

family

fragment-threshold

hello-timer

interfaces

interleave-fragments

lmi-type

minimum-links

mlfr-uni-nni-bundle-options

red-differential-delay

yellow-differential-delay

Real-Time Performance Monitoring Services Overview

Real-Time Performance Monitoring Configuration Guidelines

Configuring BGP Neighbor Discovery Through RPM

Configuring Real-Time Performance Monitoring Properties

Configuring the Probe

Configuring the Server

Configuring the Maximum Number of Probes

Configuring RPM Timestamping

Timestamps on M-series and T-series Routing Platforms
Timestamps on J-series Services Routers

Configuring TWAMP

Configuring the TWAMP Interface
Configuring the TWAMP Server Properties

Examples: Configuring BGP Neighbor Discovery Through RPM

Examples: Configuring Real-Time Performance Monitoring

Summary of Real-Time Performance Monitoring Configuration Statements

client-list

data-fill

data-size

destination-interface

destination-port

dscp-code-point

hardware-timestamp

history-size

inactivity-timeout

logical-system

maximum-connections

maximum-connections-per-client

maximum-sessions

maximum-sessions-per-connection

moving-average-size

one-way-hardware-timestamp

port

port (RPM)
port (TWAMP)

routing-instances

Tunnel Services Overview

Tunnel Interfaces Configuration Guidelines

Configuring a Unicast Tunnel

Configuring a Key Number on GRE Tunnels
Enabling Fragmentation on GRE Tunnels
Specifying an MTU Setting for the Tunnel
Configuring a GRE Tunnel to Copy ToS Bits to the Outer IP Header
Configuring Packet Reassembly

Restricting a Tunnel to Multicast Traffic

Configuring a Logical Tunnel Interface

Connecting Logical Systems
Configuring Logical Tunnels on J-series Platforms

Configuring a Tunnel Interface for Routing Table Lookup

Configuring a Virtual Loopback Tunnel for VRF Table Lookup

Configuring PIM Tunnels

Configuring an IPv6-over-IPv4 Tunnel

Configuring a Dynamic Tunnel

Configuring Tunnel Interfaces on MX-series Routers

Example: Configuring Unicast Tunnels

Example: Configuring a Virtual Loopback Tunnel for VRF Table Lookup

Example: Configuring an IPv6-over-IPv4 Tunnel

Example: Configuring a Logical Tunnel

Summary of Tunnel Services Configuration Statements

allow-fragmentation

backup-destination

copy-tos-to-outer-ip-header

destination

destination (Address)
destination (Routing Instance)

destination-networks

reassemble-packets

routing-instance

routing-instances

Index
Index of Statements and Commands