Example: Configuring Dynamic Flow Capture on MX Series Routers
The following example includes all parts of a complete dynamic flow capture configuration.
Configure the dynamic flow capture (DFC) PIC interface:
[edit interfaces dfc-0/0/0]
unit 0 {
family inet {
filter {
output high; #Firewall filter to route control packets
# through 'network-control' forwarding class. Control packets
# are loss sensitive.
}
address 10.1.0.0/32 { # DFC PIC address
destination 10.36.100.1; # DFC PIC address used by
# the control source to correspond with the
# monitoring platform
}
}
unit 1 { # receive data packets on this logical interface
family inet;
family inet6;
}
unit 2 { # send out copies of matched packets on this logical interface
family inet;
}
Configure the capture group:
services dynamic-flow-capture {
capture-group g1 {
interfaces dfc-0/0/0;
input-packet-rate-threshold 90k;
pic-memory-threshold percentage 80;
control-source cs1 {
source-addresses 10.36.41.1;
service-port 2400;
notification-targets {
10.36.41.1 port 2100;
}
shared-key "$ABC123";
allowed-destinations cd1;
}
content-destination cd1 {
address 10.36.70.2;
ttl 244;
}
}
}
Configure filter-based forwarding (FBF) to the dynamic flow capture PIC interface, logical unit 1.
For more information about configuring passive monitoring interfaces, see Enabling Passive Flow Monitoring on M Series, MX Series or T Series Routers.
interfaces so-1/2/0 {
encapsulation ppp;
unit 0 {
passive-monitor-mode;
family inet {
filter {
input catch;
}
}
}
}
Configure the firewall filter:
firewall {
filter catch {
interface-specific;
term def {
then {
count counter;
routing-instance fbf_inst;
}
}
}
family inet {
filter high {
term all {
then forwarding-class network-control;
}
}
}
}
Configure a forwarding routing instance. The next hop points specifically to the logical
interface corresponding to unit 1, because only this particular logical
unit is expected to relay monitored data to
the
dynamic flow capture PIC.
routing-instances fbf_inst {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop dfc-0/0/0.1;
}
}
}
Configure routing table groups:
[edit]
routing-options {
interface-routes {
rib-group inet common;
}
rib-groups {
common {
import-rib [ inet.0 fbf_inst.inet.0 ];
}
}
forwarding-table {
export pplb;
}
}
Configure interfaces to the control source and content destination:
interfaces fe-4/1/2 {
description "to cs1 from dfc";
unit 0 {
family inet {
address 10.36.41.2/30;
}
}
}
interfaces ge-7/0/0 {
description "to cd1 from dfc";
unit 0 {
family inet {
address 10.36.70.1/30;
}
}
}