Configuring Passive Flow Monitoring
Table 1 shows which Juniper Networks PICs and routers support passive flow monitoring. The PICs receive passively monitored network traffic from an input interface (SONET/SDH, ATM2 IQ, Fast Ethernet, Gigabit Ethernet, or 10-Gigabit Ethernet), convert the received packets into flow records, and export them to a flow server for further analysis.
PIC Type |
M40e |
M160 |
T Series/M320 |
---|---|---|---|
Monitoring Services PIC |
Yes |
Yes |
No |
Monitoring Services II PIC |
Yes |
Yes |
Yes |
Monitoring Services III PIC |
Yes |
Yes |
Yes |
MultiServices 400 PIC (Type 2) |
Yes |
No |
Yes |
The key configuration hierarchy statement for passive
flow monitoring is the monitoring
statement found at the [edit forwarding-options]
hierarchy level. At minimum, you
must configure a VRF routing instance to direct the traffic to a monitoring
services interface for flow processing.
However, there are several options you can use that add complexity to passive flow monitoring. For example, you can configure the router to direct traffic into a routing instance and deliver the traffic into a monitoring group. You can also use port mirroring and filter-based forwarding to copy and redirect traffic. Optionally, you can configure the monitoring station to encrypt flow output before it is sent to a flow server for processing, to send flow records to a flow collector, or to process on-demand monitoring requests with dynamic flow capture.