Inline Flow Monitoring for MX MPC’s

This article will show a sample configuration and give some cavets of inline jflow monitoring using the ipfix format.

From the Junos 10.2 release notes:
Inline flow monitoring support (MX240, MX480, and MX960 only)—Adds the capability to support flow monitoring and sampling services inline in the data path, without the need for a services PIC, on MX Series Modular Port Concentrators (MPCs).

To configure inline flow monitoring, include the inline-jflow statement at the [edit forwarding-options sampling instance instance-name family inet output] hierarchy level. Inline sampling exclusively supports a new format called version-ipfix that uses UDP as the transport protocol. When you configure inline sampling, you must include the version-ipfix statement at the [edit forwarding-options sampling instance instance-name family inet output flow-server address] hierarchy level and also at the [edit services flow-monitoring] hierarchy level. The following operational commands include new inline fpc keywords to display inline configuration information: show services accounting errors, show services accounting flow, and show services accounting status.

Topology:

Configuration:

Flow Collector is configured as 42.0.0.2/30 for VLAN 2.
Notice that FPC3 is a MPC and has the sampling instance configured. Traffic must be transiting the router to be accounted as a flow.

For more documentation on inline flow monitoring please see the juniper techpub link below.
http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/inline-flow-monitoring.html

Outputs:

In the above setup, the flow is from Smashing to Vegas:

Packets leave the interface toward the collector, which is being simulated for testing purposes:

Caveats:

From lab testing on 10.4R2, this feature is not supported in a virtual-router routing-instance. In addition, it is only supported in a VRF routing-instance if the collector-facing interface is in main instance.

About the author

Prasanna

Leave a Comment