Stateless Flow Latency Monitoring

Stateless flow latency monitoring monitors packet residence time—the time a packet takes to travel from the input interface to the output interface on the switch. You configure a residence-time range comprising values that significantly exceed expected latency values. The software mirrors (copies) packets whose latency falls within your configured residence-time range to an external collector for analysis.

Stateless monitoring mirrors all packets that fall within the configured latency range to the collector.

Latency monitoring is supported for BUM traffic.

Use Feature Explorer to confirm platform and release support for specific features.

Review Platform-Specific Stateless Flow Latency Monitoring Behavior for notes related to your platform.

Benefits of Stateless Flow Latency Monitoring

• Help monitor packets that cross a desired latency threshold.

• AI-ML data center administrators might find this feature particularly useful for monitoring RDMA over Converged Ethernet version 2 (ROCEv2) flows.

How Does Stateless Flow Latency Monitoring Work?

The packet forwarding pipeline on the switch has three main stages:

• Ingress pipeline

• MMU

• Egress pipeline

Packet latency occurs at all three stages, but the latency from the ingress and egress pipelines is typically (1) minimal and (2) consistent. Any significant switch latency usually occurs at the MMU stage, primarily due to packet buffering and scheduling delays.

Residence time is measured as Tx timestamp - Rx timestamp. The Rx timestamp is inserted at the beginning of packet ingress. The Tx timestamp is inserted at the end of the MMU pipeline.

The stateless flow latency monitoring feature operates as follows:

1. It detects a packet flow that has a residence-time value in the range you configured.

   • The packet flow is emitted from the output interface.

   • The packets in this flow can be L2 or L3 packets.

   • You can control the exported data rate by configuring an optional sample rate. See Configure Stateless Flow Latency Monitoring.

2. It mirrors (copies) packets from that flow, encapsulates the packets in IPFIX format, and sends the mirrored packets to the collector address that you've assigned.

   • Mirroring occurs through a port-mirroring and firewall-filter–based part of the configuration. Match-condition actions for this setup are residence-time and port-mirror-instance. You can also assign an optional count action; see details in Configure Stateless Flow Latency Monitoring.

   • Residence time (in nanoseconds) and the egress queue number are included with the mirrored packet as part of IPFIX; these values can also help with the flow analysis.

   • Original packet headers are included in the IPFIX export. An original packet is truncated to the size of a single cell—which is 208 bytes—and exported. The export includes L2, L3, L4, and IB BTH (the last in the case of RoCEv2). If the packet size is less than 208 bytes, the full packet is exported.

Caveats and Limitations of the Stateless Flow Latency Monitoring Feature

Caveats

• If the closing value of the latency range you configure is less than the normal pipeline latency, all packets are mirrored to the collector. See Platform-Specific Stateless Flow Latency Monitoring Behavior for our recommendation of how to configure range values to capture just the packets you need to capture.

• If you enable this feature on multiple egress ports, when those ports are congested, an egress mirror port might get congested and tail drops could happen.

• If packets are dropped due to congestion at the MMU, those flows or packets are not eligible for latency monitoring.

• Hardware resources used for this feature such as TCAM, mirror MTP, and loopback profile are shared resources and are used in an FCFS manner. If the required hardware resources are unavailable, this feature doesn't work.

• A filter with a residence-time match can interface-bind only in the output direction. Also, the bindpoint cannot be under a VLAN.

• The collector device must have an IPv4 address.

• As egress filters (output direction) are not supported over VxLAN ports, flow latency monitoring is not supported on those ports.

• For packets that fall in the configured latency range, only port-mirror-instance and count actions are supported in the firewall filter configuration. The software doesn't do a commit check on those filter actions.

• On the collector port, queue transmit statistics for flow latency monitoring IPFIX packets do not behave as expected. Although these packets are sent through a multicast queue, they are counted under unicast queue 0 (best-effort). This discrepancy is due to a hardware limitation. However, drop counters are correctly incremented on the corresponding multicast queues.
• The maximum bandwidth for flow latency monitoring IPFIX traffic is capped at 100 Gbps per switch. This figure includes the additional internal loopback header overhead introduced between the first and second pass. The limitation arises because the EPRC bandwidth is set to 100 Gbps in the default profile.

How to View Your Monitoring Configuration and Outputs

Use the following show commands to view your monitoring configuration and to see information related to latency monitoring.

• No link title

• show forwarding-options port-mirroring

• show firewall (QFX)

• show configuration | display set | match filter

WHAT's NEXT

Configure Stateless Flow Latency Monitoring

Platform-Specific Stateless Flow Latency Monitoring Behavior

Use the following table to review platform-specific behaviors for your platforms.