Configuring Passive Flow Monitoring
On routing platforms containing the Monitoring Services PIC or the Monitoring Services II PIC, you can configure flow monitoring for traffic passing through the routing platform. This type of monitoring method is passive monitoring.
To configure flow monitoring, include the monitoring statement at the [edit forwarding-options hierarchy level:
[edit forwarding-options] monitoring group-name { family inet { output { cflowd hostname { port port-number; } export-format cflowd-version-5; flow-active-timeout seconds; flow-export-destination { cflowd-collector; } flow-inactive-timeout seconds; interface interface-name { engine-id number; engine-type number; input-interface-index number; output-interface-index number; source-address address; } } } }
To configure a passive monitoring group, include the monitoring statement and specify a group name. To configure monitoring on a
specified address family, include the family statement
and specify an address family. To specify an interface to monitor
incoming traffic, include the input statement. To configure
the monitoring information that is sent out, include the output statement. To configure the output flow aggregation, include the cflowd statement. For more information about flow aggregation,
see Directing Traffic Sampling Output
to a Server Running the cflowd Application. To specify
the format of the monitoring information sent out, include the export-format statement and specify a version number. To configure
the interval before exporting an active flow, include the flow-active-timeout statement. The default value for flow-active-timeout is
1800 seconds. To enable flow collection, include the flow-export-destination statement. To configure the interval before a flow is considered
inactive, include the flow-inactive-timeout statement.
The default value for flow-inactive-timeout is 60 seconds.
To configure the interface that sends out the monitored information,
include the interface statement. Flow monitoring is supported
for Monitoring Services PIC interfaces only.
When you apply a firewall filter to a loopback interface, the filter might block responses from the Monitoring Services PIC. To allow responses from the Monitoring Services PIC to pass through for monitoring purposes, configure a term in the firewall filter to include the Monitoring Services PIC’s IP address. For more detailed information about configuring firewall filters, see Guidelines for Configuring Firewall Filters and Guidelines for Applying Standard Firewall Filters.