[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring Input Interfaces, Monitoring Services Interfaces, and Export Interfaces

After creating the input filter, you need to configure the interfaces where traffic will enter the router. To enable passive flow monitoring for SONET/SDH input interfaces, include the passive-monitor-mode statement at the [edit interfaces so-fpc/pic/port unit unit-number] hierarchy level. This mode disables the router from participating in the network as an active device. On SONET/SDH interfaces, passive monitor mode suppresses SONET keepalives.

For ATM2 IQ interfaces, passive monitor mode suppresses the sending and receiving of ATM Operations, Administration, and Maintenance (OAM) and Integrated Local Management Interface (ILMI) control messages. To enable passive flow monitoring for ATM2 IQ input interfaces, include the passive-monitor-mode statement at the [edit interfaces at-fpc/pic/port] hierarchy level. ATM passive monitoring supports the following interface encapsulation types: Cisco-compatible ATM Network Layer Protocol ID (NLPID) (atm-cisco-nlpid), ATM NLPID (atm-nlpid), ATM Point-to-Point Protocol (PPP) over ATM Adaptation Layer 5 (AAL5)/ logical link control (LLC) (atm-ppp-llc), ATM PPP over raw AAL5 (atm-ppp-vc-mux), ATM LLC/ subnetwork attachment point (SNAP) (atm-snap), and ATM virtual circuit (VC) multiplexing (atm-vc-mux).

Ethernet-based interfaces support both per-port passive monitoring and per-VLAN passive monitoring. For Fast Ethernet interfaces, include the passive-monitor-mode statement at the [edit interfaces fe-fpc/pic/port] hierarchy level. For Gigabit Ethernet interfaces, include the passive-monitor-mode statement at the [edit interfaces ge-fpc/pic/port] hierarchy level. On Ethernet-based interfaces, passive monitor mode disables the Routing Engine from receiving packets and prevents the routing table from transmitting packets. You can verify this by the presence of the No-receive and No-transmit interface flags in the output of the show interfaces (fe | ge)-fpc/pic/port command.

Note: The following restrictions apply to passive flow monitoring on Ethernet-based interfaces:

  • No special encapsulation types are allowed, so you must configure Ethernet encapsulations only.
  • When you configure the passive-monitor-mode statement, destination MAC address filters applied to incoming interfaces are disabled by default.
  • The flow-control statement at the [edit interfaces ge-fpc/pic/port gigether-options] or [edit interfaces fe-fpc/pic/port fastether-options] hierarchy level does not work when passive flow monitoring is enabled.

In addition to passive monitor mode, apply the previously defined firewall filter to the interface with the filter statement at the [edit interfaces interface-name-fpc/pic/port unit unit-number family inet] hierarchy level:

[edit]interfaces {so-0/0/0 {description “SONET/SDH input interface”;encapsulation ppp;unit 0 {passive-monitor-mode;family inet {filter {input input-monitoring-filter;}}}}at-1/0/0 {description “ATM2 IQ input interface”;passive-monitor-mode;atm-options {pic-type atm2;vpi 0 {maximum-vcs 255;}}unit 0 {encapsulation atm-snap;vci 0.100;family inet {filter {input input-monitoring-filter;}}}}ge-2/0/0 {description “Gigabit Ethernet input interface”;passive-monitor-mode;unit 0 {family inet {filter {input input-monitoring-filter;}}}}}

Configure the interfaces on the Monitoring Services PIC or Monitoring Services II PIC with the family inet statement at the [edit interfaces mo-fpc/pic/port unit unit-number] hierarchy level. The statement allows the interfaces to process IPv4 traffic received from the input interfaces.

When you use VRF instances, you need to configure two logical interfaces. The first (unit 0) is part of the inet.0 routing table and sources the flow packets. The second (unit 1) is configured as part of the VRF instance so the monitoring services interface can serve as a valid next hop for packets received in the instance.

You can also capture options packets and time-to-live (TTL) exceeded information when the monitoring services interface processes flow records. To configure, include the receive-options-packets and receive-ttl-exceeded statements at the [edit interfaces mo-fpc/pic/port unit unit-number family inet] hierarchy level:

[edit]interfaces {mo-4/0/0 {unit 0 {family inet {receive-options-packets;receive-ttl-exceeded;}}unit 1 {family inet;}}mo-4/1/0 {unit 0 {family inet;}unit 1 {family inet;}}mo-4/2/0 {unit 0 {family inet;}unit 1 {family inet;}}mo-4/3/0 {unit 0 {family inet;}unit 1 {family inet;}}}

You must also configure the export interface where flow packets exit the monitoring station and are sent to the flow server.

On output interfaces, you can apply a firewall filter that leads to a filter-based forwarding routing instance. This is useful if you want to port-mirror traffic to multiple Monitoring Services PICs or flow collection services interfaces. To configure, include the output statement at the [edit interfaces interface-name unit logical-unit-number family inet filter] hierarchy level. For more information, see Using Filter-Based Forwarding to Export Monitored Traffic to Multiple Destinations.

[edit]interfacesfe-3/0/0 {description “export interface to flow server”;unit 0 {family inet;address ip-address;filter {output output-filter-name;}}}

Published: 2010-04-15

[an error occurred while processing this directive]