Configuration du transfert et de la surveillance du trafic
Pour configurer les options de transfert et la surveillance du trafic, incluez des instructions au niveau de la [edit forwarding-options] hiérarchie :
[edit forwarding-options] accounting group-name { output { cflowd [ hostnames ] { aggregation { autonomous-system; destination-prefix; protocol-port; source-destination-prefix { caida-compliant; } source-prefix; } autonomous-system-type (origin | peer); port port-number; version format; } flow-active-timeout seconds; flow-inactive-timeout seconds; interface interface-name { engine-id number; engine-type number; source-address address; } } } enhanced-hash-key { family inet { gtp-tunnel-endpoint-identifier; incoming-interface-index; no-destination-port; no-source-port; type-of-service; } family inet6 { gtp-tunnel-endpoint-identifier; incoming-interface-index; no-destination-port; no-source-port; traffic-class; } family mpls { incoming-interface-index; label-1-exp; no-payload; } family multiservice { incoming-interface-index; no-payload; outer-priority; } services-loadbalancing { family inet layer-3-services { incoming-interface-index; source-address; } } } family family-name { filter { input filter-name; output filter-name; } route-accounting; } flood { input filter-name; } hash-key { family inet { layer-3; layer-4; } family mpls { no-interface-index; label-1; label-2; label-3; no-labels; no-label-1-exp; payload { ether-pseudowire; ip { layer-3-only; port-data { source-msb; source-lsb; destination-msb; destination-lsb; } } } } family multiservice } destination-mac; label-1; label-2; payload { ip { layer-3-only; } } source-mac; } } helpers { bootp { client-response-ttl; description text-description; interface interface-group { client-response-ttl number; description text-description; maximum-hop-count number; minimum-wait-time seconds; no-listen; server address { logical-system logical-system-name <routing-instance [ <default> routing-instance-names ]>; routing-instance [ <default> routing-instance-names ]; } } maximum-hop-count number; minimum-wait-time seconds; relay-agent-option; server [ addresses ]; } domain { description text-description; server < [ routing-instance routing-instance-names ] >; interface interface-name { description text-description; no-listen; server < [ routing-instance routing-instance-names ] >; } } tftp { description text-description; server < [ routing-instance routing-instance-names ] >; interface interface-name { description text-description; no-listen; server < [ routing-instance routing-instance-names ] >; } } traceoptions { file <filename> <files number> <match regular-expression> <size size> <world-readable | no-world readable>; flag flag; level severity-level; no-remote-trace; } } load-balance { indexed-load-balance; per-flow { hash-seed number; } per-prefix { hash-seed number; } } monitoring group-name { family inet { output { cflowd hostname { port port-number; } export-format cflowd-version-5; flow-active-timeout seconds; flow-export-destination { cflowd-collector; } flow-inactive-timeout seconds; interfaceinterface-name { engine-id number; engine-type number; input-interface-index number; output-interface-index number; source-address address; } } } } next-hop-group [ group-names ] { interface interface-name { next-hop [ addresses ]; } } port-mirroring { family (ccc | inet | inet6 | vpls) { output { interface interface-name { next-hop address; } no-filter-check; } input { maximum-packet-length bytes; rate number; run-length number; } } traceoptions { file <filename> <files number> <match regular-expression> <size bytes> <world-readable | no-world-readable>; no-remote-trace; } }
Lorsqu’une route pointant vers plusieurs CIP de services est disponible et que des passerelles de couche applicative (ALG) sont configurées, vous devez toujours configurer la distribution du trafic entre les PIC en fonction de l’adresse IP source en incluant l’instruction family inet layer-3-services source-address au niveau de la hiérarchie [edit forwarding-options enhanced-hash-key services-loadbalancing] pour le trafic IPv4 et l’instruction family inet6 layer-3-services source-address au niveau de la hiérarchie [edit forwarding-options enhanced-hash-key services-loadbalancing] pour le trafic IPv6. Avec les ALG utilisés pour gérer une relation parent-enfant de sessions, les sessions parent et enfant doivent être traitées par le même type de PIC de services.