Example: Dynamic Flow Capture Configuration
The following example shows a complete dynamic
flow capture configuration. On Router 1, configure the dynamic flow
capture interface, the interfaces that connect to the control source
and content destination, and the interface that receives passively
monitored traffic. Then, configure the capture group and specify your
control source and content destination requirements. Next, configure
filter-based forwarding (FBF) to send monitored traffic to logical
unit 1 of the dynamic flow capture interface. Finally, configure a
firewall filter and routing table groups to complete the configuration.
[edit]interfaces { dfc-0/0/0 { # DFC PIC that processes requests from the control source.unit 0 {family inet { address 2.1.0.0/32
{ # Address of the Routing Engine for the DFC PIC. destination 10.36.100.1; # Address
of DFC PIC; used by} # the control source to communicate with the monitoring
station.}} unit 1 { #
This logical interface receives data packets.family inet; } unit 2 { # This logical interface sends out copies of matched packets.family inet; }} fe-4/1/2 { #
Interface that receives filtering requests from cs1.unit 0 {family inet {address 10.36.41.2/30; }}} ge-7/0/0 { # Interface that sends monitored packets to cd1.unit 0 {family inet {address 10.36.70.1/30;}}} so-1/2/0 { # Interface that receives traffic to be monitored.encapsulation ppp; unit 0 { passive-monitor-mode; #
Enables this interface to be passively monitored.
family inet {filter {input catch;}}}}}services { dynamic-flow-capture { capture-group g1 { interfaces dfc-0/0/0; # Specifies which interface to use for DFC processing. input-packet-rate-threshold
90k; # Traffic threshold for system log messages. pic-memory-threshold percentage
80; # Memory threshold for log messages. control-source cs1 { # Specifies addresses and ports for the control source.source-addresses 10.36.41.1; service-port 2400; notification-targets {10.36.41.1 port 2100;}shared-key "$9$ASxdsYoX7wg4aHk"; allowed-destinations cd1; } content-destination cd1
{ # Specifies content destination addresses and TTL.address 10.36.70.2; ttl 244; }}}}firewall { filter catch { # Places monitored traffic into the filter-based forwarding instance.interface-specific;term def {then {count counter; routing-instance fbf_inst; }}}}routing-instances { fbf_inst { # Sends matching traffic to the DFC PIC for processing.instance-type forwarding;routing-options {static { route 0.0.0.0/0 next-hop
dfc-0/0/0.1; }}}}routing-options {interface-routes {rib-group inet common;}rib-groups { common { #
Shares routes between the instance and the main routing table.import-rib [ inet.0 fbf_inst.inet.0 ];}}forwarding-table {export pplb;}}
Verifying Your Work
To verify that your dynamic flow capture configuration
is operating correctly, issue the following command:
show services dynamic-flow-capture capture-group
group-name control-source
source-identifier source-id
(detail)
The following section shows the output of this
command when used with the configuration example.
Router 1
user@router1> show services
dynamic-flow-capture control-source capture-group g1 source-identifier
cs2 detail
Capture group: g1, Control source: cs2
Criteria added: 1, Criteria add failed: 0
Active criteria: 2
Static criteria: 0, Dynamic criteria: 2
Control protocol requests: 3
Add Delete List Refresh No-op
Requests 1 0 1 0 1
Failed 0 0 0 0 0
Add request rate: 0
Add request peak rate: 1
Bandwidth across all criteria: 0
Total notifications: 0
Restart: 0, Rollover: 0, No-op: 0, Timeout: 0, Congestion: 0, Congestion delete: 0,
Dups dropped: 0
Criteria deleted: 0
Timeout idle: 0, Timeout total: 0, Packets: 0, Bytes: 0
Sequence number: 242
To clear dynamic flow capture criteria belonging
to a particular control source, issue the clear services dynamic-flow-capture command. For more information on other dynamic flow capture-related
operational mode commands, see the Junos System Basics and
Services Command Reference.
Published: 2010-06-30
