[an error occurred while processing this directive][an error occurred while processing this directive]

Version 9 Formats and Fields

A detailed explanation of active flow monitoring version 9 packet formats and fields is shown as follows:

The JUNOS Software supports the following version 9 template formats:

Table 1: Flow Monitoring Version 9 Template Formats

Template

Fields

IPv4

Flow selectors:

  • Source and destination IP address
  • Source and destination address prefix mask lengths
  • Source and destination port numbers
  • IP protocol and IP type of service
  • ICMP type

Flow nonselectors:

  • TCP flags
  • Input and output SNMP
  • Input bytes
  • Input packets
  • Start time
  • End time

MPLS

Flow selectors:

  • MPLS label 1
  • MPLS label 2
  • MPLS label 3

Flow nonselectors:

  • Input and output SNMP
  • Input bytes
  • Input packets
  • Start time
  • End time

MPLS_IPv4

Flow selectors:

  • MPLS label 1
  • MPLS label 2
  • MPLS label 3

Flow nonselectors:

  • Input and output SNMP
  • Input bytes
  • Input packets
  • Start time
  • End time

IPv6

Flow selectors:

  • IP protocol and IP type of service
  • Source and destination port numbers
  • Input SNMP
  • Source and destination IPv6 address
  • ICMP type

Flow nonselectors:

  • Input bytes
  • Input packets
  • TCP flags
  • Output SNMP
  • Source and destination autonomous system
  • Last and first switched
  • IPv6 source and destination mask
  • IP protocol version
  • IPv6 next hop

Figure 1: Version 9 Flow Header Format

Image g016785.gif

Table 2: Version 9 Flow Header Fields

Field

Description

Version

9

Count

Total number of records in the protocol data unit (PDU) or packet. This number includes all of the options FlowSet records, template FlowSet records, and data FlowSet records.

sysUptime

Current time elapsed, in milliseconds, since the router started.

UNIX seconds

Current seconds since 0000 UTC 1970.

Flow sequence number

Sequence counter of total flows received.

Source ID

32-bit value that identifies the data exporter. Version 9 uses the integrated field diagnostics (IFD) SNMP index of the PIC or device that is exporting the data flow. This field is equivalent to engine type and engine ID fields found in versions 5 and 8.

Figure 2: Version 9 Template FlowSet Format

Image g016786.gif

Table 3: Version 9 Template FlowSet Fields

Field

Description

FlowSet ID

FlowSet type. FlowSet ID 0 is reserved for the Template FlowSet.

Length

FlowSet length. Individual template FlowSets might contain multiple template records, which means that the length of template FlowSets varies.

Template ID

Unique template ID assigned to each newly generated template. Templates numbered 256 and higher define data formats. Templates numbered 0 through 255 define FlowSet IDs.

Field Count

Fields in the template record. This field allows the collector to determine the end of the current template record and the start of the next.

Field Type

Field type. These are defined in Table 4.

Field Length

Length, in bytes, of the corresponding field type.

Table 4: Field Type Definitions Supported in the JUNOS Software

Field Type

Description

1

IN_BYTES: The number of bytes associated with an IP flow. By default, the length is 4 bytes.

2

IN_PKTS: The number of packets associated with an IP flow. By default, the length is 4 packets.

4

PROTOCOL: The IP protocol byte.

5

TOS: The type of service byte setting of an incoming packet.

6

TCP_FLAGS: The cumulative TCP flags associated with a flow.

7

L4_SRC_PORT: The TCP/UDP source port.

8

IPv4_SRC_ADDR: The IPv4 source address.

9

SRC_MASK: The number of contiguous bits in the source subnet mask.

10

INPUT_SNMP: The IFD SNMP input interface index. By default, the length is 2.

11

L4_DST_PORT: The TCP/UDP destination port number.

12

IPV4_DST_ADDR: The IPv4 destination address.

13

DST_MASK: The number of contiguous bits in the destination subnet mask.

14

OUTPUT_SNMP: The IFD SNMP output interface index. By default, the length is 2.

16

SRC_AS: The source autonomous system number. This is always set to zero.

17

DST_AS: The destination autonomous system number. This is always set to zero.

21

LAST_SWITCHED: The uptime of the device (in milliseconds) at which the last packet of the flow was switched.

22

FIRST_SWITCHED: The uptime of the device (in milliseconds) at which the first packet of the flow was switched.

29

IPV6_SRC_MASK: The length of the IPv6 source mask in contiguous bits.

30

IPV6_DST_MASK: The length of the IPv6 destination mask in contiguous bits.

32

ICMP_TYPE: The ICMP type.

34

SAMPLING_INTERVAL: The rate at which packets are sampled. As an example, a rate of 100 means that one packet is sampled for every 100 packets in the data flow.

35

SAMPLING_ALGORITHM: The type of algorithm being used. Ox01 indicates deterministic sampling and 0x02 indicates random sampling.

60

IP_PROTOCOL_VERSION: The IP protocol version being used.

62

IPV6_NEXT_HOP: The IPv6 address of the next-hop router.

70

MPLS_LABEL_1:The first MPLS label in the stack.

71

MPLS_LABEL_2: The second MPLS label in the stack.

72

MPLS_LABEL_3: The third MPLS label in the stack.

Figure 3: Version 9 Data FlowSet Format

Image g016787.gif

Table 5: Version 9 Data FlowSet Format

Field

Description

FlowSet ID = Template ID

Data FlowSet that associated with a FlowSet ID. The FlowSet ID maps to a previously generated template ID. The flow collector must use the FlowSet ID to find the corresponding template record and decode the flow records from the FlowSet.

Length

FlowSet length. Data FlowSets are fixed in length.

Record Number - Field Value Number

Flow data records, each containing a set of field values. The template record identified by the FlowSet ID dictates the type and length of the field values.

Padding

Bytes (in zeros) that the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary.

Figure 4: Version 9 Options Template Format

Image g016788.gif

Table 6: Version 9 Options Template Format

Field

Description

FlowSet ID

FlowSet type. FlowSet ID 1 is reserved for the options template.

Length

FlowSet length. Option template FlowSets are fixed in length.

Template ID

Template ID of the options template. Options template values are greater than 255.

Option Scope Length

Length, in bytes, of any scope field definition that is part of the options template record.

Scope 1 Field Type

Relevant process. The JUNOS Software supports the system process (1).

Scope 1 Field Length

Length, in bytes, of the option field.

Padding

Bytes the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary.

Figure 5: Active Flow Monitoring Version 9 Options Data Record Format

Image g016789.gif

Table 7: Active Flow Monitoring Version 9 Options Data Record Format

Field

Description

FlowSet ID = Template ID

ID that precedes each options data flow record. The FlowSet ID maps to a previously generated template ID. The collector must use the FlowSet ID to find the corresponding template record and decode the options data flow records from the FlowSet.

Length

FlowSet length. Option FlowSets are fixed in length.

Number of Flow Data Records

Remainder of the options data FlowSet is a collection of flow data records, each containing a set of field values. The template record identified by the FlowSet ID dictates the type and length of the field values.

Padding

Bytes (in zeros) the exporter inserts so that the subsequent FlowSet starts at a 4-byte aligned boundary.


Published: 2010-04-15

[an error occurred while processing this directive]