Manufacturer: Juniper
Model(s): Juniper MX Series
Version(s):
Notes:
- The flow-monitoring application performs traffic flow monitoring and enables lawful interception of traffic between two routers or switches. Traffic flows can either be passively monitored by an offline router or switch or actively monitored by a router participating in the network.
- This example shows a sample configuration that allows you to configure active monitoring on a logical M-series, MX-series, T-series, or PTX Series system.
- There is also an example for Configuring Flow Monitoring on an MX Series Router with MS-MIC and MS-MPC at https://www.juniper.net/documentation/us/en/software/junos/flow-monitoring/topics/example/jflow-v9-configuring-on-ms-mic.html.
Configuration steps
- Under forwarding-options sampling set the input sampling rate to 1. for each family (inet, inet6, mpls, etc.) set the flow-server to the IP address of the Scrutinizer collector, UDP port and flow version. If using version 9 be sure to include the template to be used. Lastly, set the source-address for the flow records to use.
[edit forwarding-options]
sampling {
instance inst1 {
input {
rate 1;
}
family inet;
output {
flow-server 198.51.100.2 {
port 2055;
version9 {
template {
ipv4;
}
}
}
}
interface sp-0/1/0 {
source-address 10.11.12.13;
}
}
}
family mpls;
output {
flow-server 198.51.100.2 {
port 2055;
version9 {
template {
mpls;
}
}
}
}
interface sp-0/1/0 {
source-address 10.11.12.13;
}
}
}
- Under forwarding-options services flow-monitoring set the version and define template settings. Set the flow-active-timeout to 60 seconds, flow-inactive-timeout to 30 seconds, the packet and seconds to refresh the template.
[edit forwarding-options]
services {
flow-monitoring {
version9 {
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 30;
ipv4-template;
template-refresh-rate {
packets 1000;
seconds 10;
}
option-refresh-rate {
packets 1000;
seconds 10;
}
}
template mpls {
mpls-template;
}
}
}
}
- The configuration for the logical router uses the input parameters and the output interface for sampling from the primary router. Each logical router should have separate template definitions for the flow-server configuration. The following section shows the configuration on the logical router:
logical-system {
ls-1 {
firewall {
family inet {
filter test-sample {
term term-1 {
then {
sample;
accept;
}
}
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
filter {
input test-sample;
output test-sample;
}
}
}
}
}
forwarding-options {
sampling {
instance sample-inst1 {
family inet;
output {
flow-server 198.51.100.2 {
port 2055;
version9 {
template {
ipv4-ls1;
}
}
}
}
}
}
family mpls;
output {
flow-server 198.51.100.2 {
port 2055;
version9 {
template {
mpls-ls1;
}
}
}
}
}
}
}
services {
flow-monitoring {
version9 {
template ipv4-ls1 {
flow-active-timeout 60;
flow-inactive-timeout 60;
ipv4-template;
template-refresh-rate {
packets 1000;
seconds 10;
}
option-refresh-rate {
packets 1000;
seconds 10;
}
}
template mpls-ls1 {
mpls-template;
}
}
}
}
}
}
Configuration Statements
sampling – Configure traffic sampling
instance <name> – Configure inline-monitoring instance parameters. You can use these instances along with firewall filters to monitor different streams of traffic at different sampling rates from the same interface.
input rate <number> – Configure traffic sampling on a logical interface. rate sets the ratio of the number of packets to be sampled. For example, if you specify a rate of 10, every tenth packet (1 packet out of 10) is sampled.
family <protocol> – Configure the protocol family to be sampled. IPv4 (inet) is supported for most purposes, but you can configure family mpls to collect and export MPLS label information, family inet6 to collect and export IPv6 traffic using flow aggregation version 9, and vpls to collect and export VPLS information, and bridge to collect and export bridge information.
output – Configure cflowd or flow monitoring, output files and interfaces, and flow properties.
flow-server <host> <port> <version> <template> – Collect an aggregate of sampled flows and send the aggregate to a specified host system that runs the collection utility cfdcollect. Specify a host system to collect sampled flows using the version 9 format.
interface <name> – Specify the output interface for monitored traffic.
source-address <host> – Specify the source address for monitored packets.
flow-monitoring – Specify the active monitoring properties for flow aggregation version 9 or IPFIX.
flow-active-timeout <seconds> – Set the interval after which an active flow is exported.
flow-inactive-timeout <seconds> – Set the interval of inactivity that marks a flow inactive.
ipv4-template – Template for monitoring IPv4 flows.
template-refresh-rate <packets> <seconds> – Specify the frequency at which the flow generator sends updates about template definitions to the flow collector. Specify either the number of packets or the number of seconds.
option-refresh-rate <packets> <seconds> – Specify the frequency at which the flow generator sends updates about template options, like sampling rate, to the flow collector. Specify the refresh rate, in either the number of packets or seconds.
logical-system <name> – Specify the logical system used by the probes.
filter <filter name> – Apply a firewall filter to an interface. You can also use filters for encrypted traffic.