This article will show a sample configuration and give some cavets of inline jflow monitoring using the ipfix format.
From the Junos 10.2 release notes:
Inline flow monitoring support (MX240, MX480, and MX960 only)—Adds the capability to support flow monitoring and sampling services inline in the data path, without the need for a services PIC, on MX Series Modular Port Concentrators (MPCs).
To configure inline flow monitoring, include the inline-jflow statement at the [edit forwarding-options sampling instance instance-name family inet output] hierarchy level. Inline sampling exclusively supports a new format called version-ipfix that uses UDP as the transport protocol. When you configure inline sampling, you must include the version-ipfix statement at the [edit forwarding-options sampling instance instance-name family inet output flow-server address] hierarchy level and also at the [edit services flow-monitoring] hierarchy level. The following operational commands include new inline fpc keywords to display inline configuration information: show services accounting errors, show services accounting flow, and show services accounting status.
Topology:
|
1 |
Smashing---3/0/0-xe-3/1/0---Mand---3/2/0-xe-3/3/0---(switch)---Vegas & Flow Collector |
Configuration:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
Smashing> show configuration interfaces { xe-3/0/0 { unit 0 { family inet { address 1.0.0.1/30; } } } } routing-options { static { route 0.0.0.0/0 next-hop 1.0.0.2; } } Mand> show configuration chassis { fpc 3 { sampling-instance sample-ins1; } } interfaces { xe-3/1/0 { unit 0 { family inet { sampling { input; } address 1.0.0.2/30; } } } xe-3/2/0 { vlan-tagging; unit 2 { vlan-id 2; family inet { address 42.0.0.1/30; } } unit 11 { vlan-id 11; family inet { address 11.0.0.1/30; } } } lo0 { unit 0 { family inet { address 47.255.255.206/32; } } } } forwarding-options { sampling { instance { sample-ins1 { input { rate 1; } family inet { output { flow-server 42.0.0.2 { port 2055; version-ipfix { template { ipv4; } } } inline-jflow { source-address 47.255.255.206; flow-export-rate 400; } } } } } } } services { flow-monitoring { version-ipfix { template ipv4 { flow-active-timeout 60; flow-inactive-timeout 60; template-refresh-rate { packets 1000; seconds 10; } option-refresh-rate { packets 1000; seconds 10; } ipv4-template; } } } } Vegas> show configuration interfaces { xe-0/3/0 { vlan-tagging; unit 11 { vlan-id 11; family inet { address 11.0.0.2/30; } } } } routing-options { static { route 1.0.0.1/32 next-hop 11.0.0.1; } } |
Flow Collector is configured as 42.0.0.2/30 for VLAN 2.
Notice that FPC3 is a MPC and has the sampling instance configured. Traffic must be transiting the router to be accounted as a flow.
For more documentation on inline flow monitoring please see the juniper techpub link below.
http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/inline-flow-monitoring.html
Outputs:
In the above setup, the flow is from Smashing to Vegas:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Smashing> traceroute 11.0.0.2 traceroute to 11.0.0.2 (11.0.0.2), 30 hops max, 40 byte packets 1 1.0.0.2 (1.0.0.2) 21.103 ms 0.313 ms 0.315 ms 2 11.0.0.2 (11.0.0.2) 0.295 ms 0.421 ms 0.295 ms This is seen as a flow: Mand> show services accounting flow inline-jflow fpc-slot 3 Flow information FPC Slot: 3 Flow packets: 6, Flow bytes: 240 Active flows: 6, Total flows: 6 Flows exported: 0, Flows packets exported: 0 Flows inactive timed out: 0, Flows active timed out: 0 |
Packets leave the interface toward the collector, which is being simulated for testing purposes:
|
1 2 3 4 5 6 7 8 9 10 11 |
Mand> monitor traffic interface xe-3/3/0.2 no-resolve size 9999 detail 13:34:42.458318 In IP (tos 0x0, ttl 255, id 58049, offset 0, flags [none], proto: UDP (17), length: 128) 47.255.255.206.33018 > 42.0.0.2.2055: UDP, length 100 13:34:42.458319 In IP (tos 0x0, ttl 255, id 58050, offset 0, flags [none], proto: UDP (17), length: 128) 47.255.255.206.33018 > 42.0.0.2.2055: UDP, length 100 13:34:42.458320 In IP (tos 0x0, ttl 255, id 58051, offset 0, flags [none], proto: UDP (17), length: 76) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 48 13:34:42.458437 In IP (tos 0x0, ttl 255, id 58052, offset 0, flags [none], proto: UDP (17), length: 68) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 40 13:34:42.458438 In IP (tos 0x0, ttl 255, id 58053, offset 0, flags [none], proto: UDP (17), length: 76) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 48 13:34:42.458440 In IP (tos 0x0, ttl 255, id 58054, offset 0, flags [none], proto: UDP (17), length: 68) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 40 13:34:42.458441 In IP (tos 0x0, ttl 255, id 58055, offset 0, flags [none], proto: UDP (17), length: 76) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 48 13:34:42.458443 In IP (tos 0x0, ttl 255, id 58056, offset 0, flags [none], proto: UDP (17), length: 68) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 40 13:34:42.458444 In IP (tos 0x0, ttl 255, id 58057, offset 0, flags [none], proto: UDP (17), length: 76) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 48 13:34:42.458445 In IP (tos 0x0, ttl 255, id 58058, offset 0, flags [none], proto: UDP (17), length: 68) 47.255.255.206.4102 > 42.0.0.2.2055: UDP, length 40 |
Caveats:
From lab testing on 10.4R2, this feature is not supported in a virtual-router routing-instance. In addition, it is only supported in a VRF routing-instance if the collector-facing interface is in main instance.
Leave a Reply