Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Inline Active Flow Monitoring of MPLS-over-UDP Flows on PTX Series Routers

You can enable inline active flow monitoring that reports the inner payload of MPLS-over-UDP flows on PTX Series routers and QFX10002-60C switches.

MPLS-over-UDP Flow Monitoring Overview

Starting with Junos OS Release 18.1R1 on PTX Series routers with an FPC3, PTX10K-LC1101, PTX10K-LC1102, or PTX1000 card, you can perform inline active flow monitoring for MPLS-over-UDP flows to look past the tunnel header to sample and report on the inner payload at both the transit and egress nodes of the tunnel.

Starting with Junos OS Release 19.4R1, on the PTX10002-60C, you can perform inline active flow monitoring for MPLS-over-UDP flows to look past the tunnel header to sample and report on the inner payload at both the transit and egress nodes of the tunnel.

Starting with Junos OS Release 19.4R1, the PTX10002-60C supports inline active flow monitoring for MPLS, MPLS-IPv4, MPLS-IPv6, and MPLS-over-UDP traffic. Both IPFIX and version 9 templates are supported.

Starting with Junos OS Release 21.2R1, the QFX10002-60C supports inline active flow monitoring for MPLS, MPLS-IPv4, MPLS-IPv6, and MPLS-over-UDP traffic. Both IPFIX and version 9 templates are supported.

For a description of the fields included in the templates, see Understand Inline Active Flow Monitoring. Only ingress sampling is supported.

MPLS-over-UDP is not supported on the PTX10001-36MR, PTX10003, PTX10004, and PTX10008 (with the JNP10008-SF3) routers.

Benefits of Using MPLS-Over-UDP Flow Monitoring

  • Gather and export detailed information on even the original IPv4 or IPv6 payload of the MPLS-over-UDP flow.

Flow Monitoring Scenarios for MPLS-over-UDP

Monitoring for MPLS-over-UDP tunnels includes the following scenarios:

  • The MPLS-over-UDP flow is carried through a full IP network, using IPv4 endpoints on PTX Series routers (see Figure 1). The inner payload may be IPv4 or IPv6. Figure 2 shows the encapsulated packet. Flow monitoring reports the inner IP header and payload, in addition to the tunnel and MPLS fields.

    You can enable ingress monitoring for the MPLS-over-UDP tunnel at its transit and egress nodes. For example, in Figure 1, you can enable ingress monitoring on routers R4, R5, R6, and R7.

    Figure 1: MPLS-over-UDP in Full IP NetworkMPLS-over-UDP in Full IP Network
    Figure 2: Encapsulated Packet for MPLS-over-UDP in Full IP NetworkEncapsulated Packet for MPLS-over-UDP in Full IP Network

  • The MPLS-over-UDP flow is carried through an IP-MPLS-IP network, using IPv4 endpoints on PTX Series routers (see Figure 3). The inner payload may be IPv4 or IPv6. In the inner MPLS network, the MPLS-over-UDP flow is encapsulated in an RSVP-TE label-switched path (LSP). Figure 4 shows the encapsulated packet. Flow monitoring reports the inner IP header and payload, in addition to the RSVP label, tunnel, and MPLS fields.

    You can enable ingress monitoring for the MPLS-over-UDP tunnel at its transit and egress nodes. For example, in Figure 3, you can enable ingress monitoring on routers R4, R5, R6, R7, R8, and R9.

    Figure 3: MPLS-over-UDP Over IP-MPLS-IP NetworkMPLS-over-UDP Over IP-MPLS-IP Network
    Figure 4: MPLS-over-UDP in RSVP-TE LSP PacketMPLS-over-UDP in RSVP-TE LSP Packet

Configuring Inline Active Flow Monitoring of MPLS-over-UDP Flows

(Junos OS only) Configuring inline active monitoring of MPLS-over-UDP flows includes the following tasks:

Configuring the Template to Specify Output Properties

Configure a template to specify the output properties for the flow records:

  1. Configure the template name.
  2. (Optional) Configure the interval after which an active flow is exported.
  3. (Optional) Configure the interval of activity that marks a flow as inactive.
  4. (Optional) Configure the frequency at which the flow generator sends updates about template definitions to the flow collector. Specify either number of packets or number of seconds.
  5. (Optional) Configure the refresh rate in either number of packets or number of seconds.
  6. Enable flow monitoring of MPLS-over-UDP flows.
  7. Specify the template type.

    • If you are monitoring an MPLS-over-UDP flow that is carried through a full IP network (see Figure 1), use the ipv4-template:

    • If you are monitoring an MPLS-over-UDP flow that is carried through an IP-MPLS-IP network (see Figure 3):

      For the IP network transit and egress nodes (for example, R4, R5, R8, and R9 in Figure 3), use the ipv4-template type.

      For the transit and egress nodes where the MPLS-over-UDP flow is encapsulated in an RSVP-TE LSP (for example R6 and R7 in Figure 3), use one of the following templates:

      • Starting in Junos OS Release 18.2R1:

      • In Junos OS Release 18.1:

  8. Enable the learning of next-hop addresses so that the true outgoing interface (OIF) is reported.

Configuring the Sampling Instance

Configure a sampling instance:

  1. Configure the sampling instance name.
  2. Configure the MPLS protocol family for the sampling instance.
  3. Set the ratio of the number of packets to be sampled. For example, if you specify a rate of 10, every tenth packet (1 packet out of 10) is sampled.
  4. Specify the source address for the traffic to be sampled.
  5. Specify the flow export rate of monitored packets in kpps.
  6. Specify the output address and port for a flow server.
  7. Specify the template to use with the sampling instance.

Assigning the Sampling Instance to an FPC

Assign the sampling instance to the FPC on which you want to implement flow monitoring.

Configuring a Firewall Filter

Configure a firewall filter to accept and sample MPLS traffic.

  1. Configure the MPLS firewall filter name.
  2. Configure a term to sample and accept MPLS packets.

Assigning the Firewall Filter to the Monitored Interface

Assign the input firewall filter to the interface you want to monitor.
Release History Table
Release
Description
21.2R1
Starting with Junos OS Release 21.2R1, the QFX10002-60C supports inline active flow monitoring for MPLS, MPLS-IPv4, MPLS-IPv6, and MPLS-over-UDP traffic. Both IPFIX and version 9 templates are supported.
19.4R1
Starting with Junos OS Release 19.4R1, on the PTX10002-60C, you can perform inline flow monitoring for MPLS-over-UDP flows to look past the tunnel header to sample and report on the inner payload at both the transit and egress nodes of the tunnel.
19.4R1
Starting with Junos OS Release 19.4R1, the PTX10002-60C supports inline active flow monitoring for MPLS, MPLS-IPv4, MPLS-IPv6, and MPLS-over-UDP traffic. Both IPFIX and version 9 templates are supported.
18.1R1
Starting with Junos OS Release 18.1R1 on PTX Series routers with an FPC3, PTX10K-LC1101, PTX10K-LC1102, or PTX1000 card, you can perform inline flow monitoring for MPLS-over-UDP flows to look past the tunnel header to sample and report on the inner payload at both the transit and egress nodes of the tunnel.