Flow-Tap Configuration Guidelines

Dynamic flow capture enables you to capture packet flows on the basis of dynamic filtering criteria, using Dynamic Tasking Control Protocol (DTCP) requests. The flow-tap application extends the use of this protocol to intercept IPv4 packets in an active monitoring router and send a copy of packets that match filter criteria to one or more content destinations. Flow-tap data can be used in the following applications:

• Flexible trend analysis for detection of new security threats
• Lawful intercept

Flow-tap service is supported on M Series and T Series routers, except M120, M160, and TX Matrix routers. Flow-tap filters are applied on all IPv4 traffic and do not add any perceptible delay in the forwarding path. For security, filters installed by one client are not visible to others and the CLI configuration does not reveal the identity of the monitored target. A lighter version of the application is supported on MX Series routers only; for more information, see Configuring FlowTapLite.

Note: For information about dynamic flow capture, see Dynamic Flow Capture Configuration Guidelines. For information about DTCP, see draft-cavuto-dtcp-01.txt at http://www.ietf.org/internet-drafts.

To configure flow-tap services, include the flow-tap statement at the [edit services] hierarchy level:

Other statements are configured at the [edit interfaces] and [edit system] hierarchy levels.

This chapter contains the following sections:

• Flow-Tap Architecture
• Configuring the Flow-Tap Service
• Configuring FlowTapLite
• Examples: Configuring Flow-Tap Services