Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Traffic Sampling

On routing platforms containing a Monitoring Services PIC or an Adaptive Services PIC, you can configure traffic sampling for traffic passing through the routing platform. In Junos OS Release 8.3 and later, you can also configure traffic sampling of MPLS traffic.

To configure traffic sampling on a logical interface:

  1. Include the input statement at the [edit forwarding-options sampling] hierarchy level, for example:

    Junos OS Release 17.2R1, you can export flow records generated by inline flow monitoring to four collectors under a family with the same source IP address. The Packet Forwarding Engine (PFE) can export the flow record, flow record template, option data, and, option data template packet to all configured collectors. You can configure the multiple collectors at the [edit forwarding-options sampling instance instance name] hierarchy level.

    Note:

    You cannot change the source IP address for collectors under the same family.

  2. Specify the threshold traffic value by using the max-packets-per-second statement. The value is the maximum number of packets to be sampled, beyond which the sampling mechanism begins dropping packets. The range is 0 through 65,535. A value of 0 instructs the Packet Forwarding Engine not to sample any packets. The default value is 1000.
    Note:

    This statement is not valid for port mirroring.

  3. Specify the maximum length of the sampled packet by using the maximum-packet-length bytes statement. For bytes, specify a value.
    Note:

    For MX-Series devices with Modular Port Concentrators (MPCs) and T4000 router with Type 5 FPC, port-mirrored or sampled packets can be truncated (or clipped) to any length in the range of 1 to 255 bytes. Only 1 to 255 are valid values for packet truncation on these devices. For other devices, the range is from 0 to 9216. A maximum-packet-length value of zero represents that truncation is disabled, and the entire packet is mirrored or sampled.

  4. Specify the sampling rate by setting the values for rate and run-length (see Figure 1).
    Figure 1: Configure Sampling RateConfigure Sampling Rate

The forwarding plane provides support for random sampling that can be configured through the rate or run-length statement. The rate statement sets the ratio of the number of packets to be sampled on an average. For example, if you configure a rate of 10, on average every tenth packet (1 packet out of 10) is sampled.

The run-length statement specifies the number of matching packets to sample following the initial one-packet trigger event. Configuring a run length greater than 0 allows you to sample packets following those already being sampled.

Note:

The run-length statement is not supported on MX Series routers with Modular Port Concentrators (MPCs) and T4000 router with Type 5 FPC.

You can also send the sampled packets to a specified host using the cflowd version 5 and 8 formats or the version 9 format as defined in RFC 3954. For more information, see Directing Traffic Sampling Output to a Server Running the cflowd Application and Collecting Traffic Sampling Output in the Cisco Systems NetFlow Services Export Version 9 Format.

Junos OS does not sample packets originating from the router. If you configure a sampling filter and apply it to the output side of an interface, then only the transit packets going through that interface are sampled. Packets that are sent from the Routing Engine to the Packet Forwarding Engine are not sampled.

When you apply a firewall filter to a loopback interface, the filter might block responses from the Monitoring Services PIC. To allow responses from the Monitoring Services PIC to pass through for sampling purposes, configure a term in the firewall filter to include the Monitoring Services PIC’s IP address.

Note:

Targeted broadcast does not work when the targeted broadcast option forward-and-send-to-re and the traffic sampling option sampling are configured on the same egress interface of an M320 router, a T640 router, or an MX960 router. To overcome this scenario, you must either disable one of the these options or enable the sampling option with the targeted broadcast option forward-only on the egress interface. For information about targeted broadcast, see Understanding Targeted Broadcast.

Related Documentation