Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

inband-flow-telemetry

Syntax

Hierarchy Level

Description

Configure Inband Flow Analyzer 2.0 (IFA 2.0). IFA 2.0 provides insights about complex networks by collecting per-hop flow data on the data plane. IFA uses probe packets to collect network-wide flow data. IFA generates probe packets by sampling the traffic flow of interest. IFA probe packets are representative packets of the original flow and possess the exact same characteristics as the original flow. This means that IFA packets traverse the same path in the network and the same queues in the networking element as the original packet would. Because the IFA probe packets traverse the same network path as the original flow, the packets experience similar latency and congestion.

IFA uses the following processing nodes to monitor and analyze flows:

  • IFA initiator node (also known as ingress node)
  • IFA transit node
  • IFA terminating node (also known as egress node)

Use the inband-flow-telemetry configuration options to configure the IFA nodes.

Options

clock-source (ntp|ptp)

Configure the clock source protocol to enable more accurate timestamping. The QFX5120-48YM switch supports PTP as well as NTP; all of the other QFX5120 switch models support NTP only.

Default: ntp
device-id (id-number|auto)

(Mandatory for all IFA nodes) Specify a unique device identifier for each hop within an IFA zone. You must configure this value for all three IFA node types: IFA initiator, IFA transit, and IFA terminating. If you configure auto, then the device ID is internally generated from the router ID or the management IP address.

Range: 1-1,048,575
flow-type (l3|vxlan)

(Mandatory for IFA initiator node and terminating node and optional for transit node) Specify the IFA flow type—l3 or vxlan. If you configure the flow type as vxlan, and the incoming traffic is L3, or vice versa, then the IFA nodes do not behave as expected. This is because you cannot initiate IFA probe packets with invalid fields.

You cannot configure both L3 or VXLAN flows on the same device. This restriction is applicable for the IFA initiator and terminating nodes (generally leaf nodes).

You don't need to configure flow-type for a transit node (generally spine nodes).

Default: l3
hop-limit value

(Optional) Configure the maximum allowed hops in an IFA zone. The initiator node initializes this field. The hop limit is decremented at each hop. If the hop limit of the incoming packets is 0, the current node does not insert the metadata.

You can avoid the metadata insertion at the transit node by using the hop-limit configuration.

The IFA terminating node does not perform a hop-limit check. Even if the incoming IFA packet has hop-limit set to 0, the IFA terminating node inserts the metadata and reduces the hop limit by 1. In this case, the hop-limit value resets to 255. The hop-limit option cannot have a negative value.

  • Range: 1-250

  • Default: 250
meta-data-stack-length value

(Optional) Configure the maximum allowed length of the metadata stack in multiples of four octets. The initiator node initializes this field. Each node in the path compares the current length with the maximum allowed length. If the current length equals or exceeds the maximum length, the transit node must stop inserting the metadata.

  • Range: 8-255

  • Default: 240 (for 30 hops)
no-ipv6-address-match

(Optional) Optimize IFA filter group processing by removing the IPv6 source and destination address match qualifiers from the IFA filter group. IFA cannot be initiated or terminated with these two qualifiers, but you can initiate or terminate IFA with the remaining qualifiers.

Default: off (this statement is not included in the IFA configuration unless you specifically configure it)
profile ifa-profile-name

IFA profile name.                                                                                                                                               
sample-rate value

Configure the average number of samples obtained in one second. For example, if you configure the sample rate as 1000, then out of 1000 packets one packet is sampled per second. You cannot have different sample rates for different flows on an IFA initiator node enabled on a port. All flows within a port must have the same sample rate.

Range: 1-16,777,215
collector

Configure a collector for IFA 2.0 probe packets. The monitored packets are exported to the collector in IPFIX format. By default, Junos OS supports a maximum packet length of 256 bytes starting with the Ethernet header. An IFA IPFIX packet contains IFA headers (8 bytes), IFA metadata (variable length), and the originally monitored packet (256 bytes).

Configure the following collector-related options:

  • source-address ipv4-address—IPv4 source address.
  • destination-address ipv4-address—IPv4 destination address.
  • destination-port port-number—Destination port value.

    Range: 1-65,535.

  • maximum-clip-length length—Number of bytes of the original flow packet that should be exported in the IPFIX packet. Because the maximum MTU is 9000 bytes at the IFA termination node, the maximum clip length for the IPFIX packet is equal to or less than: 9000 bytes - (IFA header length + IFA metadata header length + IFA metadata stack length).

    Range: 64 to 9000 bytes

    Default: 256 bytes

  • mtu size—Size in bytes of the maximum transmission unit for IPFIX packets leaving the IFA termination node. Any packet exceeding 9000 bytes in length is dropped.

    Range: 256 to 9000 bytes

    Default: 9000 bytes

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 21.4R1.

clock-source, maximum-clip-length, mtu, and no-ipv6-address-match options introduced in Junos OS Release 22.2R1.

Related Documentation