Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Inline Active Flow Monitoring on IRB Interfaces

You can perform inline active flow monitoring for IPv4 and IPv6 traffic on the integrated routing and bridging (IRB) interfaces on PTX Series routers.

Overview

On PTX Series routers, you can perform inline active flow monitoring for IPv4 and IPv6 traffic on the integrated routing and bridging (IRB) interfaces. Both IPFIX and version 9 templates for the flow monitoring are supported. For a description of the fields included in the templates, see Understand Inline Active Flow Monitoring.

Understand Inline Active Flow Monitoring on IRB interfaces

You can enable inline active flow monitoring by configuring the IPFIX or V9 templates on IRB interfaces.

Sampling on an IRB Interface with Traffic Routed to a Tunnelled Core

Figure 1 illustrates sampling on an IRB interface where the traffic is routed to a tunnelled core, primarily an MPLS tunnel. The packets are entering irb.10 on which you can enable ingress sampling. The packets can be forwarded to a next hop which is not a part of any user-defined VLAN.

Figure 1: Sampling on an IRB Interface Routing Traffic to a Tunnelled CoreSampling on an IRB Interface Routing Traffic to a Tunnelled Core

Layer 2 bridging and Layer 3 IP routing on an IRB interface

Figure 2 illustrates the topology where Layer 2 bridging and Layer 3 IP routing are supported on the same interface.

Figure 2: Layer 2 Bridging and Layer 3 IP Routing on the Same IRB InterfaceLayer 2 Bridging and Layer 3 IP Routing on the Same IRB Interface

PC1 and PC2 are in VLAN RED (ID 10) and PC3 is in VLAN BLUE (ID 20).

For traffic moving from PC1 to PC3 or from PC2 to PC3, an IRB interface must be configured with a logical unit with an address in the subnet for VLAN RED and a logical unit with an address in the subnet for VLAN BLUE. The switch automatically directs routes to these subnets and uses these routes to forward traffic between VLANs. If traffic is flowing from VLAN RED to VLAN BLUE, you can configure ingress sampling on irb.10 and egress sampling on irb.20.

Figure 3 illustrates sampling in a topology where Layer 2 bridging and Layer 3 IP routing are supported on the same interface. The interfaces, et-0/0/36.0 and irb.10 belong to VLAN ID 2. The interfaces, et-0/0/48 and irb.20 belong to VLAN ID 3. Packets are entering irb.10 and exiting on irb.20. Hence, you can configure ingress sampling on irb.10 and egress sampling on irb.20.

Figure 3: Sampling on an IRB Interface Supporting Bridging and RoutingSampling on an IRB Interface Supporting Bridging and Routing

Configure Inline Active Flow Monitoring on IRB Interfaces on PTX Series Routers

Configure the Template to Specify Output Properties

Configure a template to specify the output properties for the flow records:

  1. Configure the template name.

    For example:

  2. (Optional) Configure the interval after which an active flow is exported.

    For example:

  3. (Optional) Configure the interval of activity that marks a flow as inactive.

    For example:

  4. Specify the template type.

    For example:

Configure the Sampling Instance

Configure a sampling instance:

  1. Configure the sampling instance name.

    For example:

  2. Configure the protocol family for the sampling instance.

    For example:

  3. Set the ratio of the number of packets to be sampled. For example, if you specify a rate of 10, every tenth packet (1 packet out of 10) is sampled.

    For example:

  4. Specify the source address for the traffic to be sampled.

    For example:

  5. Specify the output address and port for a flow server.

    For example:

  6. Specify the template to use with the sampling instance.

    For example:

Assign the Sampling Instance to an FPC

Assign the sampling instance to the FPC on which you want to implement flow monitoring.

For example:

Configure a Firewall Filter

Configure a firewall filter to specify the family of traffic to accept and sample.

  1. Configure the firewall filter name and specify the family of traffic.

    For example:

  2. Configure a term to sample and accept packets.

    For example:

Associate a Layer 3 Interface with the VLAN to Route Traffic

Assign the IRB Interface to the VLAN.

For example:

For example, if you are configuring inline flow monitoring using IRB while supporting layer 2 bridging and layer 3 IP routing on the same interface (See Figure 3):

Assign the Firewall Filter to the Monitored Interface

Assign the input firewall filter to the interface you want to monitor. Also, configure the VLANs for which the interface can carry traffic.

For example, if you are configuring inline flow monitoring using IRB while supporting layer 2 bridging and layer 3 IP routing on the same interface (See Figure 3):

Release History Table
Release
Description
22.2R1-EVO
Starting in Junos OS Evolved Release 22.2R1 on the PTX10003 router, you can perform inline active flow monitoring for IPv4 and IPv6 traffic on integrated routing and bridging (IRB) interfaces.
21.3R1-EVO
Starting in Junos OS Evolved Release 21.3R1 on the PTX10001-36MR, PTX10004, and PTX10008 routers, you can perform inline active flow monitoring for IPv4 and IPv6 traffic on integrated routing and bridging (IRB) interfaces.
19.1R1
Starting in Junos OS Release 19.1R1, on PTX Series routers, you can perform inline active flow monitoring for IPv4 and IPv6 traffic on integrated routing and bridging (IRB) interfaces.