Flow Monitoring
Uploaded by
rodrigo raffaldiFlow Monitoring
Uploaded by
rodrigo raffaldiMonitoring, Sampling, and Collection Services
Interfaces Feature Guide for Routing Devices
Published: 2014-10-12
Copyright © 2014, Juniper Networks, Inc.
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Copyright © 2014, Juniper Networks, Inc.
All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii Copyright © 2014, Juniper Networks, Inc.
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Part 1 Flow Monitoring and Flow Collection Services
Chapter 1 Monitoring Traffic Using Active Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . 3
Active Flow Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Configuring Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Configuring Flow-Monitoring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Configuring Flow-Monitoring Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Directing Traffic to Flow-Monitoring Interfaces . . . . . . . . . . . . . . . . . . . . . 8
Exporting Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Configuring Time Periods when Flow Monitoring is Active and
Inactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Example: Configuring Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Example: Configuring Active Monitoring on Logical Systems . . . . . . . . . . . . . . . . . 10
Configuring Services Interface Redundancy with Flow Monitoring . . . . . . . . . . . . . 13
Flow Offloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 2 Monitoring Traffic Using Passive Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . 17
Passive Flow Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Enabling Passive Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Passive Flow Monitoring for MPLS Encapsulated Packets . . . . . . . . . . . . . . . 20
Removing MPLS Labels from Incoming Packets . . . . . . . . . . . . . . . . . . . . 21
Example: Enabling IPv4 Passive Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . 22
Example: Enabling IPv6 Passive Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . 24
Chapter 3 Processing and Exporting Multiple Records Using Flow Collection . . . . . . . 27
Flow Collection Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Configuring Flow Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Configuring Destination FTP Servers for Flow Records . . . . . . . . . . . . . . . . . . 28
Configuring a Packet Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring File Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Copyright © 2014, Juniper Networks, Inc. iii
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Configuring Interface Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configuring Transfer Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configuring Retry Attempts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Sending cflowd Records to Flow Collector Interfaces . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring Flow Collection Mode and Interfaces on Services PICs . . . . . . . . . . . 32
Part 2 Flow Capture Services
Chapter 4 Dynamically Capturing Packet Flows Using Junos Capture Vision . . . . . . . 35
Understanding Junos Capture Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Junos Capture Vision Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Liberal Sequence Windowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Intercepting IPv6 Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring Junos Capture Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring the Capture Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring the Content Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring the Control Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring the DFC PIC Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring the Firewall Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring Tracing Options for Junos Capture Vision Events . . . . . . . . . . . . 42
Configuring Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Limiting the Number of Duplicates of a Packet . . . . . . . . . . . . . . . . . . . . . . . . 43
Example: Configuring Junos Capture Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 5 Detecting Threats and Intercepting Flows Using Junos Packet Vision . . . . 47
Understanding Junos Packet Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Junos Packet Vision Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Configuring Junos Packet Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring the Junos Packet Vision Interface . . . . . . . . . . . . . . . . . . . . . . . . . 49
Strengthening Junos Packet Vision Security . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Restrictions on Junos Packet Vision Services . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring FlowTapLite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Examples: Configuring Junos Packet Vision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Part 3 Sampling, Discard Accounting, and Port Mirroring Services
Chapter 6 Sampling Data Using Traffic Sampling and Discard Accounting . . . . . . . . . 59
Configuring Traffic Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configuring Firewall Filter for Traffic Sampling . . . . . . . . . . . . . . . . . . . . . . . . 59
Configuring Traffic Sampling on a Logical Interface . . . . . . . . . . . . . . . . . . . . 61
Disabling Traffic Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Sampling Once . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Preserving Prerewrite ToS Value for Egress Sampled or Mirrored
Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring Traffic Sampling Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Traffic Sampling Output Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Tracing Traffic Sampling Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
iv Copyright © 2014, Juniper Networks, Inc.
Table of Contents
Traffic Sampling Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Example: Sampling a Single SONET/SDH Interface . . . . . . . . . . . . . . . . 66
Example: Sampling All Traffic from a Single IP Address . . . . . . . . . . . . . 67
Example: Sampling All FTP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Sampling Instance Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring Discard Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Chapter 7 Sampling Data Using Inline Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Understanding Inline Active Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Inline Active Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Inline Active Flow Monitoring Limitations and Restrictions . . . . . . . . . . . . . . . 74
IPFIX and Version 9 Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Fields Included in the IPFIX IPv4 Template . . . . . . . . . . . . . . . . . . . . . . . . 75
Fields Included in the IPFIX IPv6 Template . . . . . . . . . . . . . . . . . . . . . . . . 76
Fields Included in the Version 9 IPv4 Template . . . . . . . . . . . . . . . . . . . . . 77
Configuring Inline Active flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring Inline Active Flow Monitoring on MX80 Routers . . . . . . . . . . . . . . . . . 82
Chapter 8 Sampling Data Using Flow Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Understanding Flow Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Enabling Flow Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd . . . . . . . . . . . 86
Configuring Flow Aggregation to Use Version 9 Flow Templates . . . . . . . . . . . . . . 91
Configuring the Traffic to Be Sampled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring the Version 9 Template Properties . . . . . . . . . . . . . . . . . . . . . . . . 92
Customizing Template ID, Observation Domain ID, and Source ID for Version
9 flow Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Fields Included in Each Template Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
MPLS Sampling Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Examples: Configuring Version 9 Flow Templates . . . . . . . . . . . . . . . . . . . . . . 97
Configuring Flow Aggregation to Use IPFIX Flow Templates . . . . . . . . . . . . . . . . . 101
Configuring the IPFIX Template Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Customizing Template ID, Observation Domain ID, and Source ID for IPFIX
flow Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Fields Included in the IPv4 Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Fields Included in the IPv6 Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Example: Configuring an IPFIX Flow Templates and Flow Sampling . . . . . . 105
Configuring Observation Domain ID and Source ID for Version 9 and IPFIX
Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring Template ID and Options Template ID for Version 9 and IPFIX
Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Inclusion of Fragmentation Identifier and IPv6 Extension Header Elements in
IPFIX Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Copyright © 2014, Juniper Networks, Inc. v
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Directing Replicated Flows to Multiple Flow Servers . . . . . . . . . . . . . . . . . . . . . . . 116
Directing Replicated Routing Engine–Based Sampling Flows to Multiple
Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Directing Replicated Version 9 Flow Aggregates to Multiple Servers . . . . . . . 117
Logging cflowd Flows Before Export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Chapter 9 Sending Packets for Analysis Using Port Mirroring . . . . . . . . . . . . . . . . . . . . 121
Understanding Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Configuring Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Port Mirroring with Next-Hop Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Configuring Inline Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Filter-Based Forwarding with Multiple Monitoring Interfaces . . . . . . . . . . . . 127
Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Configuring Port Mirroring on Services Interfaces . . . . . . . . . . . . . . . . . . . . . 128
Examples: Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Defining a Next-Hop Group for Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Example: Multiple Port Mirroring with Next-Hop Groups Configuration . . . . . . . . 138
Part 4 Real-Time Performance Monitoring and Video Monitoring
Services
Chapter 10 Monitoring Traffic Using Real-Time Performance Monitoring . . . . . . . . . . 145
Real-Time Performance Monitoring Services Overview . . . . . . . . . . . . . . . . . . . . 145
Configuring RPM Probes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Configuring RPM Receiver Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Limiting the Number of Concurrent RPM Probes . . . . . . . . . . . . . . . . . . . . . . . . . 152
Configuring RPM Timestamping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Configuring TWAMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Configuring TWAMP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Configuring TWAMP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Configuring BGP Neighbor Discovery Through RPM . . . . . . . . . . . . . . . . . . . . . . . 158
Examples: Configuring BGP Neighbor Discovery Through RPM . . . . . . . . . . . . . . 160
Tracing RPM Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Configuring the RPM Log File Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Configuring the Number and Size of RPM Log Files . . . . . . . . . . . . . . . . . . . . 162
Configuring Access to the Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Configuring a Regular Expression for Lines to Be Logged . . . . . . . . . . . . . . . 162
Configuring the Trace Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Examples: Configuring Real-Time Performance Monitoring . . . . . . . . . . . . . . . . . 163
Enabling RPM for the Junos OS extension-provider package . . . . . . . . . . . . . . . . 168
Chapter 11 Testing the Performance of Network Devices Using RFC 2544-Based
Benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
RFC2544-Based Benchmarking Tests Overview . . . . . . . . . . . . . . . . . . . . . . . . . 169
Layer 2 RFC2544-Based Benchmarking Tests Overview . . . . . . . . . . . . . . . . . . . . 171
vi Copyright © 2014, Juniper Networks, Inc.
Table of Contents
Supported RFC2544-Based Benchmarking Statements on MX104 Routers . . . . 174
Configuring an RFC 2544-Based Benchmarking Test . . . . . . . . . . . . . . . . . . . . . . 175
Configuring a Test Name for an RFC 2544-Based Benchmarking Test for a
IPv4 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Configuring a Test Name for an RFC 2544-Based Benchmarking Test for
an Ethernet Pseudowire: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Example: Configuring an RFC 2544-Based Benchmarking Test for Layer 3 IPv4
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Example: Configuring an RFC 2544-Based Benchmarking Test for UNI Direction
of Ethernet Pseudowires . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Example: Configuring an RFC 2544-Based Benchmarking Test for NNI Direction
of Ethernet Pseudowires . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Example: Configuring RFC2544-Based Benchmarking Tests for Layer 2 E-LAN
Services in Bridge Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Chapter 12 Tracking Streaming Media Traffic Using Inline Video Monitoring . . . . . . . 225
Inline Video Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Configuring Inline Video Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Configuring Media Delivery Indexing Criteria . . . . . . . . . . . . . . . . . . . . . . . . . 227
Configuring Interface Flow Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Inline Video Monitoring Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Part 5 Configuration Statements and Operational Commands
Chapter 13 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
[edit forwarding-options] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
[edit interfaces] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
[edit services dynamic-flow-control] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . 243
[edit services flow-collector] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
[edit services flow-monitoring] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . 245
[edit services flow-tap] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
[edit services rpm] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
address (Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
address (Services Dynamic Flow Capture) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
aggregate-export-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
allowed-destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
analyzer-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
analyzer-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
archive-sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
authentication-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
autonomous-system-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
capture-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
cflowd (Discard Accounting) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
client-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
content-destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
control-source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Copyright © 2014, Juniper Networks, Inc. vii
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
core-dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
data-fill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
data-format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
data-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
destination (Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
destination-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
destination-ipv4-address (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . 268
destination-mac-address (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . 268
destination-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
destination-udp-port (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . 270
destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
direction (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
disable (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
dscp-code-point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
duplicates-dropped-periodicity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
dynamic-flow-capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
engine-id (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
engine-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
export-format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
extension-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
family (Monitoring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
family (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
family (Sampling) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
file (Sampling) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
file (Trace Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
file-specification (File Format) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
file-specification (Interface Mapping) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
filename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
filename-prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
flow-active-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
flow-collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
flow-export-destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
flow-export-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
flow-inactive-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
flow-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
flow-table-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
flow-tap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
ftp (Flow Collector Files) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
ftp (Transfer Log Files) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
g-duplicates-dropped-periodicity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
g-max-duplicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
hard-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
hard-limit-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
hardware-timestamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
history-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
host-outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
udp-tcp-port-swap (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . 301
viii Copyright © 2014, Juniper Networks, Inc.
Table of Contents
in-service (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
inactivity-timeout (Services RPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
inline-jflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
input (Port Mirroring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
input (Sampling) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
input-interface-index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
input-packet-rate-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
instance (Sampling) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
interface (Accounting or Sampling) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
interface (Services Flow Tap) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
interface-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
interfaces (Services Dynamic Flow Capture) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
interfaces (Video Monitoring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
ip-swap (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
ipv4-flow-table-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
ipv4-template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
ipv6-flow-table-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
ipv6-extended-attrib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
ipv6-template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
label-position . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
local-dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
logical-system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
match . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
max-connection-duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
max-duplicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
max-packets-per-second . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
maximum-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
maximum-connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
maximum-connections-per-client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
maximum-packet-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
maximum-sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
maximum-sessions-per-connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
minimum-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
mode (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
moving-average-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
mpls-ipv4-template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
mpls-template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
multiservice-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
name-format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
next-hop (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
next-hop-group (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
no-filter-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
no-remote-trace (Trace Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
no-syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
notification-targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
observation-domain-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
one-way-hardware-timestamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
option-refresh-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Copyright © 2014, Juniper Networks, Inc. ix
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
options-template-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
output (Accounting) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
output (Monitoring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
output (Port Mirroring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
output (Sampling) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
output-interface-index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
passive-monitor-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
password (Flow Collector File Servers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
password (Transfer Log File Servers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
peer-as-billing-template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
pic-memory-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
pop-all-labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
port (Flow Monitoring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
port (RPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
port (TWAMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
pre-rewrite-tos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
probe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
probe-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
probe-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
probe-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
probe-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
probe-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
rate (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
receive-options-packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
receive-ttl-exceeded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
reflect-mode (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
required-depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
retry (Services Flow Collector) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
retry-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
rfc2544-benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
routing-instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
routing-instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
rpm (Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
rpm (Services) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
run-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
sample-once . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
sampling (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
sampling (Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
server-inactivity-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
service-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
service-type (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
services (RPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
shared-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
soft-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
soft-limit-clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
source-address (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
source-address (Services) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
x Copyright © 2014, Juniper Networks, Inc.
Table of Contents
source-addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
source-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
source-ipv4-address (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . 367
source-mac-address (RFC2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . 367
source-udp-port (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
stamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
target (Services RPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
tests (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
test-interface (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
test-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
test-name (RFC 2544 Benchmarking) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
traceoptions (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
traceoptions (RPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
transfer-log-archive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
twamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
twamp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
template (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
template-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
template-refresh-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
trio-flow-offload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
udp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
username (Services) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
variant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
version9 (Forwarding Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
video-monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
world-readable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Chapter 14 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
clear passive-monitoring statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
clear services accounting statistics inline-jflow . . . . . . . . . . . . . . . . . . . . . . . . . . 398
clear services accounting statistics inline-jflow . . . . . . . . . . . . . . . . . . . . . . . . . . 399
clear services dynamic-flow-capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
clear services flow-collector statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
clear services rpm twamp server connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
clear services video-monitoring mdi errors fpc-slot . . . . . . . . . . . . . . . . . . . . . . . 403
clear services video-monitoring mdi statistics fpc-slot . . . . . . . . . . . . . . . . . . . . 404
request services flow-collector change-destination primary interface . . . . . . . . 405
request services flow-collector change-destination secondary interface . . . . . 406
request services flow-collector test-file-transfer . . . . . . . . . . . . . . . . . . . . . . . . . 407
Copyright © 2014, Juniper Networks, Inc. xi
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show forwarding-options next-hop-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
show forwarding-options port-mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
show interfaces (Dynamic Flow Capture) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
show interfaces (Flow Collector) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
show interfaces (Flow Monitoring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
show passive-monitoring error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
show passive-monitoring flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
show passive-monitoring memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
show passive-monitoring status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
show passive-monitoring usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
show services accounting aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
show services accounting aggregation template . . . . . . . . . . . . . . . . . . . . . . . . . 442
show services accounting errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
show services accounting flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
show services accounting flow-detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
show services accounting memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
show services accounting packet-size-distribution . . . . . . . . . . . . . . . . . . . . . . . 459
show services accounting status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
show services accounting usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
show services dynamic-flow-capture content-destination . . . . . . . . . . . . . . . . 466
show services dynamic-flow-capture control-source . . . . . . . . . . . . . . . . . . . . . 468
show services dynamic-flow-capture statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 470
show services flow-collector file interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
show services flow-collector input interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
show services flow-collector interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
show services rpm active-servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
show services rpm history-results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
show services rpm probe-results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
show services rpm rfc2544-benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
show services rpm rfc2544-benchmarking test-id . . . . . . . . . . . . . . . . . . . . . . . 498
show services rpm twamp server connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
show services rpm twamp server session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
show services video-monitoring mdi errors fpc-slot . . . . . . . . . . . . . . . . . . . . . . . 519
show services video-monitoring mdi flows fpc-slot . . . . . . . . . . . . . . . . . . . . . . . 521
show services video-monitoring mdi stats fpc-slot . . . . . . . . . . . . . . . . . . . . . . . 525
test services rpm rfc2544-benchmarking test . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Part 6 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
xii Copyright © 2014, Juniper Networks, Inc.
List of Figures
Part 1 Flow Monitoring and Flow Collection Services
Chapter 1 Monitoring Traffic Using Active Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 1: Active Monitoring Configuration Topology . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 2 Monitoring Traffic Using Passive Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . 17
Figure 2: Passive Monitoring Application Topology . . . . . . . . . . . . . . . . . . . . . . . . . 18
Part 2 Flow Capture Services
Chapter 4 Dynamically Capturing Packet Flows Using Junos Capture Vision . . . . . . . 35
Figure 3: Junos Capture Vision Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 5 Detecting Threats and Intercepting Flows Using Junos Packet Vision . . . . 47
Figure 4: Junos Packet Vision Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Part 3 Sampling, Discard Accounting, and Port Mirroring Services
Chapter 6 Sampling Data Using Traffic Sampling and Discard Accounting . . . . . . . . . 59
Figure 5: Configuring Sampling Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Chapter 9 Sending Packets for Analysis Using Port Mirroring . . . . . . . . . . . . . . . . . . . . 121
Figure 6: Active Flow Monitoring—Multiple Port Mirroring with Next-Hop Groups
Topology Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Part 4 Real-Time Performance Monitoring and Video Monitoring
Services
Chapter 11 Testing the Performance of Network Devices Using RFC 2544-Based
Benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Figure 7: E-LAN and E-Line Reflection in Metro Solution . . . . . . . . . . . . . . . . . . . . 171
Figure 8: RFC 2544-Based Benchmarking Test for a Layer 3 IPv4 Service . . . . . . 179
Figure 9: RFC 2544-Based Benchmarking Test for UNI Direction of an Ethernet
Pseudowire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Figure 10: RFC 2544-Based Benchmarking Test for NNI Direction of an Ethernet
Pseudowire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Figure 11: Layer 2 reflection Simple Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Copyright © 2014, Juniper Networks, Inc. xiii
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
xiv Copyright © 2014, Juniper Networks, Inc.
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Part 3 Sampling, Discard Accounting, and Port Mirroring Services
Chapter 8 Sampling Data Using Flow Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Table 3: Example of Observation Domain ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Table 4: Values of Template and Option Template IDs for IPFIX Flows . . . . . . . . . 111
Table 5: Values of Template and Option Template IDs for Version 9 Flows . . . . . . 111
Table 6: Values of Template and Option Template IDs for IPFIX Flows . . . . . . . . . 112
Table 7: Values of IPv6 Options and Extension Headers in Packets . . . . . . . . . . . 115
Part 4 Real-Time Performance Monitoring and Video Monitoring
Services
Chapter 10 Monitoring Traffic Using Real-Time Performance Monitoring . . . . . . . . . . 145
Table 8: RPM Tracing Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Chapter 11 Testing the Performance of Network Devices Using RFC 2544-Based
Benchmarking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Table 9: Supported Network Topologies for RFC2544 Benchmarking Tests . . . . 170
Table 10: MAC Address Swapping Behavior for E-LAN and E-Line Services . . . . . 172
Table 11: Supported RFC2544-Based Benchmarking Reflector Statements on
MX104 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Chapter 12 Tracking Streaming Media Traffic Using Inline Video Monitoring . . . . . . . 225
Table 12: MPC Flow Monitoring Capacity by Model . . . . . . . . . . . . . . . . . . . . . . . . 227
Part 5 Configuration Statements and Operational Commands
Chapter 14 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Table 13: show forwarding-options next-hop-group Output Fields . . . . . . . . . . 408
Table 14: show forwarding-options port-mirroring Output Fields . . . . . . . . . . . . . 411
Table 15: Dynamic Flow Capture show interfaces Output Fields . . . . . . . . . . . . . 413
Table 16: Flow Collector Show interfaces Output Fields . . . . . . . . . . . . . . . . . . . . 417
Table 17: Flow Monitoring show interfaces Output Fields . . . . . . . . . . . . . . . . . . . 423
Table 18: show passive-monitoring error Output Fields . . . . . . . . . . . . . . . . . . . . 428
Table 19: show passive-monitoring flow Output Fields . . . . . . . . . . . . . . . . . . . . 430
Table 20: show passive-monitoring memory Output Fields . . . . . . . . . . . . . . . . 432
Table 21: show passive-monitoring status Output Fields . . . . . . . . . . . . . . . . . . . 434
Table 22: show passive-monitoring usage Output Fields . . . . . . . . . . . . . . . . . . 436
Copyright © 2014, Juniper Networks, Inc. xv
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 23: show services accounting aggregation Output Fields . . . . . . . . . . . . . 439
Table 24: show services accounting aggregation template Output Fields . . . . . 442
Table 25: show services accounting errors Output Fields . . . . . . . . . . . . . . . . . . 443
Table 26: show services accounting flow Output Fields . . . . . . . . . . . . . . . . . . . . 447
Table 27: show services accounting flow-detail Output Fields . . . . . . . . . . . . . . 453
Table 28: show services accounting memory Output Fields . . . . . . . . . . . . . . . . 457
Table 29: show services accounting packet-size-distribution Output Fields . . . 459
Table 30: show services accounting status Output Fields . . . . . . . . . . . . . . . . . . 461
Table 31: show services accounting usage Output Fields . . . . . . . . . . . . . . . . . . 464
Table 32: show services dynamic-flow-capture content-destination Output
Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Table 33: show services dynamic-flow-capture control-source Output Fields . . 468
Table 34: show services dynamic-flow-capture statistics Output Fields . . . . . . 470
Table 35: show services flow-collector file interface Output Fields . . . . . . . . . . . 473
Table 36: show services flow-collector input interface Output Fields . . . . . . . . . 475
Table 37: show services flow-collector interface Output Fields . . . . . . . . . . . . . . 477
Table 38: show services rpm active-servers Output Fields . . . . . . . . . . . . . . . . . 483
Table 39: show services rpm history-results Output Fields . . . . . . . . . . . . . . . . . 484
Table 40: show services rpm probe-results Output Fields . . . . . . . . . . . . . . . . . . 487
Table 41: show services rpm rfc2544-benchmarking Output Fields . . . . . . . . . . 494
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields . . . . 499
Table 43: show services rpm twamp server connection Output Fields . . . . . . . . 515
Table 44: show services rpm twamp server session Output Fields . . . . . . . . . . . 517
Table 45: show services video-monitoring mdi errors fpc-slot Output Fields . . . 519
Table 46: show services mdi flows Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . 522
Table 47: show services video-monitoring mdi stats fpc-slot Output Fields . . . . 525
xvi Copyright © 2014, Juniper Networks, Inc.
About the Documentation
• Documentation and Release Notes on page xvii
• Supported Platforms on page xvii
• Using the Examples in This Manual on page xvii
• Documentation Conventions on page xix
• Documentation Feedback on page xxi
• Requesting Technical Support on page xxi
Documentation and Release Notes
®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Supported Platforms
For the features described in this document, the following platforms are supported:
• M Series
• MX Series
• T Series
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. The example does not become
active until you commit the candidate configuration.
Copyright © 2014, Juniper Networks, Inc. xvii
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
If the example configuration contains the top level of the hierarchy (or multiple
hierarchies), the example is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the load merge relative command. These procedures are
described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.
For example, copy the following configuration to a file and name the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the
load merge configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.
commit {
file ex-script-snippet.xsl; }
xviii Copyright © 2014, Juniper Networks, Inc.
About the Documentation
2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the
load merge relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see the CLI User Guide.
Documentation Conventions
Table 1 on page xix defines notice icons used in this guide.
Table 1: Notice Icons
Icon Meaning Description
Informational note Indicates important features or instructions.
Caution Indicates a situation that might result in loss of data or hardware damage.
Warning Alerts you to the risk of personal injury or death.
Laser warning Alerts you to the risk of personal injury from a laser.
Tip Indicates helpful information.
Best practice Alerts you to a recommended use or implementation.
Table 2 on page xx defines the text and syntax conventions used in this guide.
Copyright © 2014, Juniper Networks, Inc. xix
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 2: Text and Syntax Conventions
Convention Description Examples
Bold text like this Represents text that you type. To enter configuration mode, type the
configure command:
user@host> configure
Fixed-width text like this Represents output that appears on the user@host> show chassis alarms
terminal screen.
No alarms currently active
Italic text like this • Introduces or emphasizes important • A policy term is a named structure
new terms. that defines match conditions and
• Identifies guide names. actions.
• Junos OS CLI User Guide
• Identifies RFC and Internet draft titles.
• RFC 1997, BGP Communities Attribute
Italic text like this Represents variables (options for which Configure the machine’s domain name:
you substitute a value) in commands or
configuration statements. [edit]
root@# set system domain-name
domain-name
Text like this Represents names of configuration • To configure a stub area, include the
statements, commands, files, and stub statement at the [edit protocols
directories; configuration hierarchy levels; ospf area area-id] hierarchy level.
or labels on routing platform • The console port is labeled CONSOLE.
components.
< > (angle brackets) Encloses optional keywords or variables. stub <default-metric metric>;
| (pipe symbol) Indicates a choice between the mutually broadcast | multicast
exclusive keywords or variables on either
side of the symbol. The set of choices is (string1 | string2 | string3)
often enclosed in parentheses for clarity.
# (pound sign) Indicates a comment specified on the rsvp { # Required for dynamic MPLS only
same line as the configuration statement
to which it applies.
[ ] (square brackets) Encloses a variable for which you can community name members [
substitute one or more values. community-ids ]
Indention and braces ( { } ) Identifies a level in the configuration [edit]
hierarchy. routing-options {
static {
route default {
; (semicolon) Identifies a leaf statement at a
nexthop address;
configuration hierarchy level.
retain;
}
}
}
GUI Conventions
xx Copyright © 2014, Juniper Networks, Inc.
About the Documentation
Table 2: Text and Syntax Conventions (continued)
Convention Description Examples
Bold text like this Represents graphical user interface (GUI) • In the Logical Interfaces box, select
items you click or select. All Interfaces.
• To cancel the configuration, click
Cancel.
> (bold right angle bracket) Separates levels in a hierarchy of menu In the configuration editor hierarchy,
selections. select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
• Online feedback rating system—On any page at the Juniper Networks Technical
Documentation site at http://www.juniper.net/techpubs/index.html, simply click the
stars to rate the content, and use the pop-up form to provide us with information about
your experience. Alternately, you can use the online feedback form at
https://www.juniper.net/cgi-bin/docbugreport/.
• E-mail—Send your comments to [email protected]. Include the document
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
Copyright © 2014, Juniper Networks, Inc. xxi
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: http://www2.juniper.net/kb/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xxii Copyright © 2014, Juniper Networks, Inc.
PART 1
Flow Monitoring and Flow Collection
Services
• Monitoring Traffic Using Active Flow Monitoring on page 3
• Monitoring Traffic Using Passive Flow Monitoring on page 17
• Processing and Exporting Multiple Records Using Flow Collection on page 27
Copyright © 2014, Juniper Networks, Inc. 1
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
2 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 1
Monitoring Traffic Using Active Flow
Monitoring
• Active Flow Monitoring Overview on page 3
• Configuring Flow Monitoring on page 6
• Example: Configuring Active Monitoring on Logical Systems on page 10
• Configuring Services Interface Redundancy with Flow Monitoring on page 13
• Flow Offloading on page 15
Active Flow Monitoring Overview
Using a Juniper Networks M Series Multiservice Edge or T Series Core Router or EX9200
switch, a selection of PICs (including the Monitoring Services PIC, Adaptive Services [AS]
PIC, Multiservices PIC, or Multiservices DPC) and other networking hardware, you can
monitor traffic flow and export the monitored traffic. Monitoring traffic allows you to do
the following:
• Gather and export detailed information about IP version 4 (IPv4) traffic flows between
source and destination nodes in your network.
• Sample all incoming IPv4 traffic on the monitoring interface and present the data in
cflowd record format.
• Perform discard accounting on an incoming traffic flow.
• Encrypt or tunnel outgoing cflowd records, intercepted IPv4 traffic, or both.
• Direct filtered traffic to different packet analyzers and present the data in its original
format (port mirror).
NOTE: Monitoring Services PICs, AS PICs, and Multiservices PICs must be
mounted on an Enhanced Flexible PIC Concentrator (FPC) in an M Series
or T Series router.
Multiservices DPCs installed in Juniper Networks MX Series 3D Universal
Edge Routers support the same functionality, with the exception of the
passive monitoring and flow-tap features.
Copyright © 2014, Juniper Networks, Inc. 3
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Although the Monitoring Services PIC was designed initially for use as an offline passive
flow monitoring tool, it can also be used in an active flow monitoring topology. In contrast,
the AS or Multiservices PIC is designed exclusively for active flow monitoring. To use
either the Monitoring Services PIC, AS PIC, or Multiservices PIC for active flow monitoring,
you must install the PIC in an M Series or T Series router. The router participates in both
the monitoring application and in the normal routing functionality of the network.
Starting with Junos OS Release 11.4, support for active monitoring is extended to logical
systems running on T Series and MX Series routers. A logical system is a partition created
from a physical router that performs independent routing tasks. Several logical systems
in a single router with their own interfaces, policies, instances, and routing tables can
perform functions handled by several different routers. A shared services PIC handles
flows from all the logical systems. Only version 9 flows, IPv4, and MPLS templates are
supported. See “Example: Configuring Active Monitoring on Logical Systems” on page 10
for a sample configuration that enables active monitoring on a logical system.
Specified packets can be filtered and sent to the monitoring interface. For the Monitoring
Services PIC, the interface name contains the mo- prefix. For the AS or Multiservices PIC,
the interface name contains the sp- prefix.
NOTE: If you upgrade from the Monitoring Services PIC to the Adaptive
Services or Multiservices PIC for active flow monitoring, you must change
the name of your monitoring interface from mo-fpc/pic/port to sp-fpc/pic/port.
The major active flow monitoring actions you can configure at the [edit forwarding-options]
hierarchy level are as follows:
• Sampling, with the [edit forwarding-options sampling] hierarchy. This option sends a
copy of the traffic stream to an AS or Monitoring Services PIC, which extracts limited
information (such as the source and destination IP address) from some of the packets
in a flow. The original packets are forwarded to the intended destination as usual.
• Discard accounting, with the [edit forwarding-options accounting] hierarchy. This option
quarantines unwanted packets, creates cflowd records that describe the packets, and
discards the packets instead of forwarding them.
• Port mirroring, with the [edit forwarding-options port-mirroring] hierarchy. This option
makes one full copy of all packets in a flow and delivers the copy to a single destination.
The original packets are forwarded to the intended destination.
• Multiple port mirroring, with the [edit forwarding-options next-hop-group] hierarchy.
This option allows multiple copies of selected traffic to be delivered to multiple
destinations. (Multiple port mirroring requires a Tunnel Services PIC.)
Unlike passive flow monitoring, you do not need to configure a monitoring group. Instead,
you can send filtered packets to a monitoring services or adaptive services interface (mo-
or sp-) by using sampling or discard accounting. Optionally, you can configure port
mirroring or multiple port mirroring to direct packets to additional interfaces.
4 Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Monitoring Traffic Using Active Flow Monitoring
These active flow monitoring options provide a wide variety of actions that can be
performed on network traffic flows. However, the following restrictions apply:
• The router or switch can perform sampling or port mirroring at any one time.
• The router or switch can perform forwarding or discard accounting at any one time.
Because the Monitoring Services, AS, and Multiservices PICs allow only one action to be
performed at any one time, the following configuration options are available:
• Sampling and forwarding
• Sampling and discard accounting
• Port mirroring and forwarding
• Port mirroring and discard accounting
• Sampling and port mirroring on different sets of traffic
Figure 1 on page 5 shows a sample topology.
Figure 1: Active Monitoring Configuration Topology
cflowd server
.1
10.60.2.x
.2 fe-1/0/0
mo-2/0/0.0
10.1.1.x 10.2.2.x
.1 .2 .1 .2
1 F 2
ge-2/3/0 ge-3/0/0
Active monitoring router
(J Series, M Series,
or T Series) g003104
Accepted and forwarded traffic
Sampled traffic
In Figure 1 on page 5, traffic from Router 1 arrives on the monitoring router’s Gigabit
Ethernet ge-2/3/0 interface. The exit interface on the monitoring router leading to
destination Router 2 is ge-3/0/0, but this could be any interface type (such as SONET,
Gigabit Ethernet, and so on). The export interface leading to the cflowd server is fe-1/0/0.
To enable active monitoring, configure a firewall filter on the interface ge-2/3/0 with the
following match conditions:
• Traffic matching certain firewall conditions is sent to the Monitoring Services PIC using
filter-based forwarding. This traffic is quarantined and not forwarded to other routers.
• All other traffic is port-mirrored to the Monitoring Services PIC. Port mirroring copies
each packet and sends the copies to the port-mirroring next hop (in this case, a
Monitoring Services PIC). The original packets are forwarded out of the router as usual.
Copyright © 2014, Juniper Networks, Inc. 5
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Configuring Flow Monitoring on page 6
Documentation
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Configuring Services Interface Redundancy with Flow Monitoring on page 13
• Example: Configuring Active Monitoring on Logical Systems on page 10
Configuring Flow Monitoring
The flow-monitoring application performs traffic flow monitoring and enables lawful
interception of traffic between two routers or switches. Traffic flows can either be
passively monitored by an offline router or switch or actively monitored by a router
participating in the network.
To configure flow monitoring you need to do the following:
• Configuring Flow-Monitoring Interfaces on page 6
• Configuring Flow-Monitoring Properties on page 7
• Example: Configuring Flow Monitoring on page 9
Configuring Flow-Monitoring Interfaces
To enable flow monitoring on the Monitoring Services PIC, include the mo-fpc/pic/port
statement at the [edit interfaces] hierarchy level:
mo-fpc/pic/port {
unit logical-unit-number {
family inet {
address address {
destination address;
}
filter {
group filter-group-number;
input filter-name;
output filter-name;
}
sampling {
[ input output ];
}
}
}
multiservice-options {
(core-dump | no-core-dump);
(syslog | no-syslog);
flow-control-options {
down-on-flow-control;
dump-on-flow-control;
reset-on-flow-control;
}
}
}
6 Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Monitoring Traffic Using Active Flow Monitoring
Specify the physical and logical location of the flow-monitoring interface. You cannot
use unit 0, because it is already used by internal processes. Specify the source and
destination addresses. The filter statement allows you to associate an input or output
filter or a filter group that you have already configured for this purpose. The sampling
statement specifies the traffic direction: input, output, or both.
The multiservice-options statement allows you to configure properties related to
flow-monitoring interfaces:
• Include the core-dump statement to enable storage of core files in /var/tmp.
• Include the syslog statement to enable storage of system logging information in
/var/log.
NOTE: Boot images for monitoring services interfaces are specified at the
[edit chassis images pic] hierarchy level. You must include the following
configuration to make the flow monitoring feature operable:
[edit system]
ntp {
boot-server ntp.juniper.net;
server 172.17.28.5;
}
processes {
ntp enable;
}
For more information, see the Junos OS Administration Library for Routing
Devices.
• Include the flow-control-options statement to configure flow control.
Configuring Flow-Monitoring Properties
To configure flow-monitoring properties, include the monitoring statement at the [edit
forwarding-options] hierarchy level:
monitoring name {
family inet {
output {
cflowd hostname port port-number;
export-format format;
flow-active-timeout seconds;
flow-export-destination {
collector-pic;
}
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
input-interface-index number;
output-interface-index number;
source-address address;
Copyright © 2014, Juniper Networks, Inc. 7
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
}
}
A monitoring instance is a named entity that specifies collector information under the
monitoring name statement. The following sections describe the properties you can
configure:
• Directing Traffic to Flow-Monitoring Interfaces on page 8
• Exporting Flows on page 8
• Configuring Time Periods when Flow Monitoring is Active and Inactive on page 9
Directing Traffic to Flow-Monitoring Interfaces
To direct traffic to a flow-monitoring interface, include the interface statement at the
[edit forwarding-options monitoring name output] hierarchy level. By default, the Junos
OS automatically assigns values for the engine-id and engine-type statements:
• engine-id—Monitoring interface location.
• engine-type—Platform-specific monitoring interface type.
The source-address statement specifies the traffic source for transmission of cflowd
information; you must configure it manually. If you provide a different source-address
statement for each monitoring services output interface, you can track which interface
processes a particular cflowd record.
By default, the input-interface-index value is the SNMP index of the input interface. You
can override the default by including a specific value. The input-interface-index and
output-interface-index values are exported in fields present in the cflowd version 5 flow
format.
Exporting Flows
To direct traffic to a flow collection interface, include the flow-export-destination
statement. For more information about flow collection, see Flow Collection.
To configure the cflowd version number, include the export-format statement at the [edit
forwarding-options monitoring name output] hierarchy level. By default, version 5 is used.
Version 8 enables the router software to aggregate the flow information using broader
criteria and reduce cflowd traffic. Version 8 aggregation is performed periodically (every
few seconds) on active flows and when flows are allowed to expire. Because the
aggregation is performed periodically, active timeout events are ignored.
For more information on cflowd properties, see “Enabling Flow Aggregation” on page 86.
8 Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Monitoring Traffic Using Active Flow Monitoring
Configuring Time Periods when Flow Monitoring is Active and Inactive
To configure time periods for active flow monitoring and intervals of inactivity, include
the flow-active-timeout and flow-inactive-timeout statements at the [edit
forwarding-options monitoring name output] hierarchy level:
• The flow-active-timeout statement specifies the time interval between flow exports
for active flows. If the interval between the time the last packet was received and the
time the flow was last exported exceeds the configured value, the flow is exported.
This timer is needed to provide periodic updates when a flow has a long duration. The
active timeout setting enables the router to retain the start time for the flow as a
constant and send out periodic cflowd reports. This in turn allows the collector to
register the start time and determine that a flow has survived for a duration longer
than the configured active timeout.
NOTE: In active flow monitoring, the cflowd records are exported after a
time period that is a multiple of 60 seconds and greater than or equal to
the configured active timeout value. For example, if the active timeout
value is 90 seconds, the cflowd records are exported at 120-second
intervals. If the active timeout value is 150 seconds, the cflowd records are
exported at 180-second intervals, and so forth.
• The flow-inactive-timeout statement specifies the interval of inactivity for a flow that
triggers the flow export. If the interval between the current time and the time that the
last packet for this flow was received exceeds the configured inactive timeout value,
the flow is allowed to expire.
If the flow stops transmitting for longer than the configured inactive timeout value, the
router or switch purges it from the flow table and exports the cflowd record. As a result,
the flow is forgotten as far as the PIC is concerned and if the same 5-tuple appears
again, it is assigned a new start time and considered a new flow.
Both timers are necessary. The active timeout setting is needed to provide information
for flows that constantly transmit packets for a long duration. The inactive timeout setting
enables the router or switch to purge flows that have become inactive and would waste
tracking resources.
NOTE: The router must contain an Adaptive Services, Multiservices, or
Monitoring Services PIC for the flow-active-timeout and flow-inactive-timeout
statements to take effect.
Example: Configuring Flow Monitoring
The following is an example of flow-monitoring properties configured to support input
SONET/SDH interfaces, output monitoring services interfaces, and export to cflowd for
flow analysis. To complete the configuration, you also need to configure the interfaces
and set up a virtual private network (VPN) routing and forwarding (VRF) instance. For a
Copyright © 2014, Juniper Networks, Inc. 9
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
complete example, see the Junos OS, Release 14.2. For information on cflowd, see
“Enabling Flow Aggregation” on page 86.
[edit forwarding-options]
monitoring group1 {
family inet {
output {
cflowd 192.168.245.2 port 2055;
export-format cflowd-version-5;
flow-active-timeout 60;
flow-inactive-timeout 30;
interface mo-4/0/0.1 {
engine-id 1;
engine-type 1;
input-interface-index 44;
output-interface-index 54;
source-address 192.168.245.1;
}
interface mo-4/1/0.1 {
engine-id 2;
engine-type 1;
input-interface-index 45;
output-interface-index 55;
source-address 192.168.245.1;
}
interface mo-4/2/0.1 {
engine-id 3;
engine-type 1;
input-interface-index 46;
output-interface-index 56;
source-address 192.168.245.1;
}
interface mo-4/3/0.1 {
engine-id 4;
engine-type 1;
input-interface-index 47;
output-interface-index 57;
source-address 192.168.245.1;
}
}
}
}
Related • Active Flow Monitoring Overview on page 3
Documentation
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Configuring Services Interface Redundancy with Flow Monitoring on page 13
• Example: Configuring Active Monitoring on Logical Systems on page 10
Example: Configuring Active Monitoring on Logical Systems
This example shows a sample configuration that allows you to configure active monitoring
on a logical system. The following section shows the configuration on the master router:
10 Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Monitoring Traffic Using Active Flow Monitoring
[edit forwarding-options]
sampling {
instance inst1 {
input {
rate 1;
}
family inet;
output {
flow-server 2.2.2.2 {
port 2055;
version9 {
template {
ipv4;
}
}
}
}
interface sp-0/1/0 {
source-address 10.11.12.13;
}
}
}
family mpls;
output {
flow-server 2.2.2.2 {
port 2055;
version9 {
template {
mpls;
}
}
}
}
interface sp-0/1/0 {
source-address 10.11.12.13;
}
}
}
services {
flow-monitoring {
version9 {
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
ipv4-template;
template-refresh-rate {
packets 1000;
seconds 10;
}
option-refresh-rate {
packets 1000;
seconds 10;
}
}
template mpls {
mpls-template;
Copyright © 2014, Juniper Networks, Inc. 11
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
}
}
}
The configuration for the logical router uses the input parameters and the output interface
for sampling from the master router. Each logical router should have separate template
definitions for the flow-server configuration. The following section shows the configuration
on the logical router:
logical-systems {
ls-1 {
firewall {
family inet {
filter test-sample {
term term-1 {
then {
sample;
accept;
}
}
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
filter {
input test-sample;
output test-sample;
}
}
}
}
}
forwarding-options {
sampling {
instance sample-inst1 {
family inet;
output {
flow-server 2.2.2.2 {
port 2055;
version9 {
template {
ipv4-ls1;
}
}
}
}
}
}
family mpls;
output {
flow-server 2.2.2.2 {
port 2055;
12 Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Monitoring Traffic Using Active Flow Monitoring
version9 {
template {
mpls-ls1;
}
}
}
}
}
}
}
services {
flow-monitoring {
version9 {
template ipv4-ls1 {
flow-active-timeout 60;
flow-inactive-timeout 60;
ipv4-template;
template-refresh-rate {
packets 1000;
seconds 10;
}
option-refresh-rate {
packets 1000;
seconds 10;
}
}
template mpls-ls1 {
mpls-template;
}
}
}
}
}
}
Related • Active Flow Monitoring Overview on page 3
Documentation
• Configuring Flow Monitoring on page 6
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Configuring Services Interface Redundancy with Flow Monitoring on page 13
Configuring Services Interface Redundancy with Flow Monitoring
Active monitoring services configurations on AS, Multiservices PICs, and Multiservices
DPCs support redundancy. To configure redundancy, you specify a redundancy services
PIC (rsp) interface in which the primary AS or Multiservices PIC is active and a secondary
PIC is on standby. If the primary PIC fails, the secondary PIC becomes active, and all
service processing is transferred to it. If the primary PIC is restored, it remains on standby
and does not preempt the secondary PIC; you need to manually restore the services to
the primary PIC. To determine which PIC is currently active, issue the show interfaces
redundancy command.
Copyright © 2014, Juniper Networks, Inc. 13
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
NOTE: On flow-monitoring configurations, the only service option supported
is warm standby, in which one backup PIC supports multiple working PICs.
Recovery times are not guaranteed, because the configuration must be
completely restored on the backup PIC after a failure is detected. However,
configuration is preserved and available on the new active PIC.
As with the other services that support warm standby, you can issue the
request interfaces (revert | switchover) command to switch manually between
the primary and secondary flow monitoring interfaces.
For more information, see Configuring AS or Multiservices PIC Redundancy. For information
on operational mode commands, see the CLI Explorer.
A sample configuration follows.
interface {
rsp0 {
redundancy-options {
primary sp-0/0/0;
secondary sp-1/3/0;
}
unit 0 {
family inet;
}
}
}
interface {
ge-0/2/0 {
unit 0 {
family inet {
filter {
input as_sample;
}
}
address 10.58.255.49/28;
}
}
}
forwarding-options {
sampling {
instance instance1 { # named instances of sampling parameters
input {
rate 1;
run-length 0;
max-packets-per-second 65535;
}
family inet {
output {
flow-server 10.10.10.2 {
port 5000;
version 5;
}
flow-active-timeout 60;
14 Copyright © 2014, Juniper Networks, Inc.
Chapter 1: Monitoring Traffic Using Active Flow Monitoring
interface rsp0 {
source-address 10.10.10.1;
}
}
}
}
}
}
firewall {
filter as_sample {
term t1 {
then {
sample;
accept;
}
}
}
}
Related • Active Flow Monitoring Overview on page 3
Documentation
• Configuring Flow Monitoring on page 6
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Example: Configuring Active Monitoring on Logical Systems on page 10
Flow Offloading
The Junos OS enables you to configure flow offloading for PICS on MX Series routers
using Modular Port Concentrator (MPCs) with Modular Interface Cards (MICs). Flows
are offloaded to Fast Update Filters (FUFs) on the Packet Forwarding Engine. Offloading
produces the greatest benefits when applied to long-lasting or high-bandwidth flows.
The maximum number of active offloads is 200,000 per PIC. When offloaded flows are
deleted, more flows can be offloaded.
To configure flow offloading:
• At the [edit interfaces interface-name services-options] hierarchy level, enter the
trio-flow-offload minimum-bytes minimum-bytes statement.
user@host# edit services interface-name
[edit services interface-name services-options]
user@host# set trio-flow-offload minimum-bytes minimum- bytes
In the following example, flows are offloaded when they consist of no less than 1024
bytes:
user@host# edit services ms-0/1/0
[edit services ms-0/1/0 services-options]
user@host# set trio-flow-offload minimum-bytes 1024
Related • trio-flow-offload on page 388
Documentation
Copyright © 2014, Juniper Networks, Inc. 15
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
16 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 2
Monitoring Traffic Using Passive Flow
Monitoring
• Passive Flow Monitoring Overview on page 17
• Enabling Passive Flow Monitoring on page 18
Passive Flow Monitoring Overview
Using a Juniper Networks M Series Multiservice Edge or T Series Core Router, a selection
of PICs (including the Monitoring Services PIC, Adaptive Services [AS] PIC, Multiservices
PIC, or Multiservices DPC) and other networking hardware, you can monitor traffic flow
and export the monitored traffic. Monitoring traffic allows you to do the following:
• Gather and export detailed information about IP version 4 (IPv4) traffic flows between
source and destination nodes in your network.
• Sample all incoming IPv4 traffic on the monitoring interface and present the data in
cflowd record format.
• Perform discard accounting on an incoming traffic flow.
• Encrypt or tunnel outgoing cflowd records, intercepted IPv4 traffic, or both.
• Direct filtered traffic to different packet analyzers and present the data in its original
format (port mirror).
NOTE: Monitoring Services PICs, AS PICs, and Multiservices PICs must be
mounted on an Enhanced Flexible PIC Concentrator (FPC) in an M Series
or T Series router.
Multiservices DPCs installed in Juniper Networks MX Series 3D Universal
Edge Routers support the same functionality, with the exception of the
passive monitoring and flow-tap features.
The router used for passive monitoring does not route packets from the monitored
interface, nor does it run any routing protocols related to those interfaces; it only receives
traffic flows, collects intercepted traffic, and exports it to cflowd servers and packet
analyzers. Figure 2 on page 18 shows a typical topology for the passive flow-monitoring
application.
Copyright © 2014, Juniper Networks, Inc. 17
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Figure 2: Passive Monitoring Application Topology
1
cflowd
collector
S
Passive monitoring Packet analy
zer
S
station
(M40e, M160,
M320, or T Series
router)
Packet analy
zer
2
g015501
S Optical Splitter
Traffic travels normally between Router 1 and Router 2. To redirect IPv4 traffic, you insert
an optical splitter on the interface between these two routers. The optical splitter copies
and redirects the traffic to the monitoring station, which is an M40e, M160, M320, or T
Series router. The optical cable connects only the receive port on the monitoring station,
never the transmit port. This configuration allows the monitoring station to receive traffic
from the router being monitored but never to transmit it back.
If you are monitoring traffic flow, the Internet Processor II application-specific integrated
circuit (ASIC) in the router forwards a copy of the traffic to the Monitoring Services,
Adaptive Services, or Multiservices PIC in the monitoring station. If more than one
monitoring PIC is installed, the monitoring station distributes the load of the incoming
traffic across the multiple PICs. The monitoring PICs generate flow records in cflowd
version 5 format, and the records are then exported to the cflowd collector.
If you are performing lawful interception of traffic between the two routers, the Internet
Processor II ASIC filters the incoming traffic and forwards it to the Tunnel Services PIC.
Filter-based forwarding is then applied to direct the traffic to the packet analyzers.
Optionally, the intercepted traffic or the cflowd records can be encrypted by the ES PIC
or IP Security (IPsec) services and then sent to a cflowd server or packet analyzer.
Related • Enabling Passive Flow Monitoring on page 18
Documentation
Enabling Passive Flow Monitoring
You can monitor IPv4 traffic from another router if you have the following components
installed in an M Series, MX Series, or T Series router:
• Monitoring Services, Adaptive Services, or Multiservices PICs to perform the service
processing
• SONET/SDH, Fast Ethernet, or Gigabit Ethernet PICs as transit interface
18 Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Monitoring Traffic Using Passive Flow Monitoring
On SONET/SDH interfaces, you enable passive flow monitoring by including the
passive-monitor-mode statement at the [edit interfaces so-fpc/pic/port unit
logical-unit-number] hierarchy level:
[edit interfaces so-fpc/pic/port unit logical-unit-number]
passive-monitor-mode;
On Asynchronous Transfer Mode (ATM), Fast Ethernet, or Gigabit Ethernet interfaces,
you enable passive flow monitoring by including the passive-monitor-mode statement
at the [edit interfaces interface-name] hierarchy level:
[edit interfaces interface-name]
passive-monitor-mode;
IPv6 passive monitoring is not supported on Monitoring Services PICs. You must configure
port mirroring to forward the packets from the passive monitored ports to other interfaces.
Interfaces configured on the following FPCs and PIC support IPv6 passive monitoring on
the T640 and T1600 routers:
• Enhanced Scaling FPC2
• Enhanced Scaling FPC3
• Enhanced II FPC1
• Enhanced II FPC2
• Enhanced II FPC3
• Enhanced Scaling FPC4
• Enhanced Scaling FPC4.1
• 4-port 10-Gigabit Ethernet LAN/WAN PIC with XFP (supported on both WAN-PHY
and LAN-PHY mode for both IPv4 and IPv6 addresses)
• Gigabit Ethernet PIC with SFP
• 10-Gigabit Ethernet PIC with XENPAK (T1600 router)
• SONET/SDH OC192/STM64 PIC (T1600 router)
• SONET/SDH OC192/STM64 PICs with XFP (T1600 router)
• SONET/SDH OC48c/STM16 PIC with SFP (T1600 router)
• SONET/SDH OC48/STM16 (Multi-Rate)
• SONET/SDH OC12/STM4 (Multi–Rate) PIC with SFP
• Type 1 SONET/SDH OC3/STM1 (Multi–Rate) PIC with SFP
To configure port mirroring, include the port-mirroring statement at the [edit
forwarding-options] hierarchy level.
Copyright © 2014, Juniper Networks, Inc. 19
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
When you configure an interface in passive monitoring mode, the Packet Forwarding
Engine silently drops packets coming from that interface and destined to the router itself.
Passive monitoring mode also stops the Routing Engine from transmitting any packet
from that interface. Packets received from the monitored interface can be forwarded to
monitoring interfaces. If you include the passive-monitor-mode statement in the
configuration:
• The ATM interface is always up, and the interface does not receive or transmit incoming
control packets, such as Operation, Administration, and Maintenance (OAM) and
Interim Local Management Interface (ILMI) cells.
• The SONET/SDH interface does not send keepalives or alarms and does not participate
actively on the network.
• Gigabit and Fast Ethernet interfaces can support both per-port passive monitoring and
per-VLAN passive monitoring. The destination MAC filter on the receive port of the
Ethernet interfaces is disabled.
• Ethernet encapsulation options are not allowed.
• Ethernet interfaces do not support the stacked-vlan-tagging statement for both IPv4
and IPv6 packets in passive monitoring mode.
On monitoring services interfaces, you enable passive flow monitoring by including the
family statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy
level, specifying the inet option:
[edit interfaces interface-name unit logical-unit-number]
family inet;
For the monitoring services interface, you can configure multiservice physical interface
properties. For more information, see “Configuring Flow-Monitoring Interfaces” on page 6.
For conformity with the cflowd record structure, you must include the
receive-options-packets and receive-ttl-exceeded statements at the [edit interfaces
interface-name unit logical-unit-number family inet] hierarchy level:
[edit interfaces interface-name unit logical-unit-number family inet]
receive-options-packets;
receive-ttl-exceeded;
For more information, see the following sections:
• Passive Flow Monitoring for MPLS Encapsulated Packets on page 20
• Example: Enabling IPv4 Passive Flow Monitoring on page 22
• Example: Enabling IPv6 Passive Flow Monitoring on page 24
Passive Flow Monitoring for MPLS Encapsulated Packets
On monitoring services interfaces, you can process MPLS packets that have not been
assigned label values and have no corresponding entry in the mpls.0 routing table. This
allows you to assign a default route to unlabeled MPLS packets.
To configure a default label value for MPLS packets, include the default-route statement
at the [edit protocols mpls interface interface-name label-map] hierarchy level:
20 Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Monitoring Traffic Using Passive Flow Monitoring
[edit protocols mpls interface interface-name label-map]
default-route {
(next-hop (address | interface-name | address/interface-name)) | (reject | discard);
(pop | (swap <out-label>);
class-of-service value;
preference preference;
type type;
}
For more information about static labels, see the Junos OS MPLS Applications Library for
Routing Devices.
Removing MPLS Labels from Incoming Packets
The Junos OS can forward only IPv4 packets to a Monitoring Services, Adaptive Services,
or Multiservices PIC. IPv4 and IPv6 packets with MPLS labels cannot be forwarded to a
monitoring PIC. By default, if packets with MPLS labels are forwarded to the monitoring
PIC, they are discarded. To monitor IPv4 and IPv6 packets with MPLS labels, you must
remove the MPLS labels as the packets arrive on the interface.
You can remove up to two MPLS labels from an incoming packet by including the
pop-all-labels statement at the [edit interfaces interface-name (atm-options |
fastether-options | gigether-options | sonet-options) mpls] hierarchy level:
[edit interfaces interface-name (atm-options | fastether-options | gigether-options |
sonet-options) mpls]
pop-all-labels {
required-depth [ numbers ];
}
By default, the pop-all-labels statement takes effect for incoming packets with one or
two labels. You can specify the number of MPLS labels that an incoming packet must
have for the pop-all-labels statement to take effect by including the required-depth
statement at the [edit interfaces interface-name (atm-options | fastether-options |
gigether-options | sonet-options) mpls pop-all-labels] hierarchy level:
[edit interfaces interface-name (atm-options | fastether-options | gigether-options |
sonet-options) mpls pop-all-labels]
required-depth [ numbers ];
The required depth can be 1, 2, or [ 1 2 ]. If you include the required-depth 1 statement, the
pop-all-labels statement takes effect for incoming packets with one label only. If you
include the required-depth 2 statement, the pop-all-labels statement takes effect for
incoming packets with two labels only. If you include the required-depth [ 1 2 ] statement,
the pop-all-labels statement takes effect for incoming packets with one or two labels.
A required depth of [ 1 2 ] is equivalent to the default behavior of the pop-all-labels
statement.
When you remove MPLS labels from incoming packets, note the following:
• The pop-all-labels statement has no effect on IP packets with three or more MPLS
labels.
• When you enable MPLS label removal, you must configure all ports on a PIC with the
same label popping mode and required depth.
Copyright © 2014, Juniper Networks, Inc. 21
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• You use the pop-all-labels statement to enable passive monitoring applications, not
active monitoring applications.
• You cannot apply MPLS filters or accounting to the MPLS labels because the labels
are removed as soon as the packet arrives on the interface.
• On ATM2 interfaces, you must use a label value greater than 4095 because the lower
range of MPLS labels is reserved for label-switched interface (LSI) and virtual private
LAN service (VPLS) support. For more information, see the Junos OS VPNs Library for
Routing Devices.
• The following ATM encapsulation types are not supported on interfaces with MPLS
label removal:
• atm-ccc-cell-relay
• atm-ccc-vc-mux
• atm-mlppp-llc
• atm-tcc-snap
• atm-tcc-vc-mux
• ether-over-atm-llc
• ether-vpls-over-atm-llc
Example: Enabling IPv4 Passive Flow Monitoring
The following example shows a complete configuration for enabling passive flow
monitoring on an Ethernet interface.
In this example, the Gigabit Ethernet interface can accept all Ethernet packets. It strips
VLAN tags (if there are any) and up to two MPLS labels blindly, and passes IPv4 packets
to the monitoring interface. With this configuration, it can monitor IPv4, VLAN+IPv4,
VLAN+MPLS+IPv4, and VLAN+MPLS+MPLS+IPv4 labeled packets.
The Fast Ethernet interface can accept only packets with VLAN ID 100. All other packets
are dropped. With this configuration, it can monitor VLAN (ID=100)+IPv4, VLAN
(ID=100)+MPLS+IPv4, and VLAN (ID=100)+MPLS+MPLS+IPv4 labeled packets.
[edit firewall]
family inet {
filter input-monitoring-filter {
term def {
then {
count counter;
accept;
}
}
}
}
[edit interfaces]
ge-0/0/0 {
passive-monitor-mode;
gigether-options {
22 Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Monitoring Traffic Using Passive Flow Monitoring
mpls {
pop-all-labels;
}
}
unit 0 {
family inet {
filter {
input input-monitoring-filter;
}
}
}
}
fe-0/1/0 {
passive-monitor-mode;
vlan-tagging;
fastether-options {
mpls {
pop-all-labels required-depth [ 1 2 ];
}
}
unit 0 {
vlan-id 100;
family inet {
filter {
input input-monitoring-filter;
}
}
}
}
mo-1/0/0 {
unit 0 {
family inet {
receive-options-packets;
receive-ttl-exceeded;
}
}
unit 1 {
family inet;
}
}
[edit forwarding-options]
monitoring mon1 {
family inet {
output {
export-format cflowd-version-5;
cflowd 50.0.0.2 port 2055;
interface mo-1/0/0.0 {
source-address 50.0.0.1;
}
}
}
}
[edit routing-instances]
monitoring-vrf {
instance-type vrf;
interface ge-0/0/0.0;
Copyright © 2014, Juniper Networks, Inc. 23
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
interface fe-0/1/0.0;
interface mo-1/0/0.1;
route-distinguisher 68:1;
vrf-import monitoring-vrf-import;
vrf-export monitoring-vrf-export;
routing-options {
static {
route 0.0.0.0/0 next-hop mo-1/0/0.1;
}
}
}
[edit policy-options]
policy-statement monitoring-vrf-import {
then {
reject;
}
}
policy-statement monitoring-vrf-export {
then {
reject;
}
}
Example: Enabling IPv6 Passive Flow Monitoring
The following example shows a complete configuration for enabling IPv6 passive flow
monitoring on an Ethernet interface.
In this example, the Gigabit Ethernet interface can accept all Ethernet packets. It strips
VLAN tags (if there are any) and up to two MPLS labels blindly, and passes IPv6 packets
to the monitoring interface. With this configuration, the Gigabit Ethernet interface can
monitor IPv6, VLAN+IPv6, VLAN+MPLS+IPv6, and VLAN+MPLS+MPLS+IPv6 labeled
packets.
The vlan-tagged Gigabit Ethernet interface can accept only packets with VLAN ID 100.
All other packets are dropped. With this configuration, it can monitor VLAN (ID=100)+IPv6,
VLAN (ID=100)+MPLS+IPv6, and VLAN (ID=100)+MPLS+MPLS+IPv6 labeled packets.
[edit interfaces]
xe-0/1/0 {
passive-monitor-mode;
unit 0 {
family inet6 {
filter {
input port-mirror6;
}
address 2001::1/128;
}
}
}
xe-0/1/2 {
passive-monitor-mode;
vlan-tagging;
unit 0 {
vlan-id 100;
24 Copyright © 2014, Juniper Networks, Inc.
Chapter 2: Monitoring Traffic Using Passive Flow Monitoring
family inet6 {
filter {
input port-mirror6;
}
}
}
}
xe-0/1/1 {
unit 0 {
family inet6 {
address 2000::1/128;
}
}
}
[edit firewall]
family inet6 {
filter port-mirror6 {
term term2 {
then {
count count_pm;
port-mirror;
accept;
}
}
}
}
[edit forwarding options]
port-mirroring {
input {
rate 1;
}
family inet6 {
output {
interface xe-0/1/1.0 {
next-hop 2000::3;
}
no-filter-check;
}
}
}
Related • Passive Flow Monitoring Overview on page 17
Documentation
Copyright © 2014, Juniper Networks, Inc. 25
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
26 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 3
Processing and Exporting Multiple Records
Using Flow Collection
• Flow Collection Overview on page 27
• Configuring Flow Collection on page 28
• Sending cflowd Records to Flow Collector Interfaces on page 31
• Configuring Flow Collection Mode and Interfaces on Services PICs on page 32
Flow Collection Overview
You can process and export multiple cflowd records with a flow collector interface. You
create a flow collector interface on a Monitoring Services II or Multiservices 400 PIC. The
flow collector interface combines multiple cflowd records into a compressed ASCII data
file and exports the file to an FTP server. To convert a services PIC into a flow collector
interface, include the flow-collector statement at the [edit chassis fpc fpc-slot pic pic-slot
monitoring-services application] hierarchy level.
You can use the services PIC for either flow collection or monitoring, but not for both
types of service simultaneously. When converting the PIC between service types, you
must configure the flow-collector statement, take the PIC offline, and then bring the PIC
back online. Restarting the router does not enable the new service type.
A flow collector interface, designated by the cp-fpc/pic/port interface name, requires
three logical interfaces for correct operation. Units 0 and 1 are used to send the
compressed ASCII data files to an FTP server, while Unit 2 is used to receive cflowd
records from a monitoring services interface.
NOTE: Unlike conventional interfaces, the address statement at the [edit
interfaces cp-fpc/pic/port unit unit-number family inet] hierarchy level
corresponds to the IP address of the Routing Engine. Likewise, the destination
statement at the [edit interfaces cp-fpc/pic/port unit unit-number family inet
address ip-address] hierarchy level corresponds to the IP address of the flow
collector interface. As a result, you must configure the destination statement
for Unit 0 and 1 with local addresses that can reach the FTP server. Similarly,
configure the destination statement for Unit 2 with a local IP address so it
can reach the monitoring services interface that sends cflowd records.
Copyright © 2014, Juniper Networks, Inc. 27
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
To activate flow collector services after the services PIC is converted into a flow collector,
include the flow-collector statement at the [edit services] hierarchy level.
After you activate the flow collector, you need to configure the following components:
• Destination of the FTP server
• File specifications
• Input interface-to-flow collector interface mappings
• Transfer log settings
Related • Configuring Flow Collection on page 281
Documentation
• Sending cflowd Records to Flow Collector Interfaces on page 31
• Configuring Flow Collection Mode and Interfaces on Services PICs on page 32
Configuring Flow Collection
This section describes the following tasks for configuring flow collection:
• Configuring Destination FTP Servers for Flow Records on page 28
• Configuring a Packet Analyzer on page 29
• Configuring File Formats on page 29
• Configuring Interface Mappings on page 30
• Configuring Transfer Logs on page 30
• Configuring Retry Attempts on page 31
Configuring Destination FTP Servers for Flow Records
Flow collection destinations are where the compressed ASCII data files are sent after
the cflowd records are collected and processed. To specify the destination FTP server,
include the destinations statement at the [edit services flow-collector] hierarchy level.
You can specify up to two FTP server destinations and include the password for each
configured server. If two FTP servers are configured, the first server in the configuration
is the primary server and the second is a backup server.
To configure a destination for flow collection files, include the destinations statement
at the [edit services flow-collector] hierarchy level:
[edit services flow-collector]
destinations {
ftp:url {
password "password";
}
}
To specify the destination FTP server, include the ftp:url statement. The value url is the
FTP server address for the primary flow collection destination and can include macros.
28 Copyright © 2014, Juniper Networks, Inc.
Chapter 3: Processing and Exporting Multiple Records Using Flow Collection
When you include macros in the ftp:url statement, a directory can be created only for a
single level. For example, the path ftp://10.2.2.2/%m/%Y expands to
ftp://10.2.2.2/01/2005, and the software attempts to create the directory 01/2005 on
the destination FTP server. If the 01/ directory already exists on the destination FTP server,
the software creates the /2005/ directory one level down. If the 01/ directory does not
exist on the destination FTP server, the software cannot create the /2005/ directory, and
the FTP server destination will fail. For more information about macros, see ftp.
To specify the FTP server password, include the password “password” statement. The
password must be enclosed in quotation marks. You can specify up to two destination
FTP servers. The first destination specified is considered the primary destination.
Configuring a Packet Analyzer
You can specify values for the IP address and identifier of a packet analyzer to which the
flow collector interface sends traffic for analysis. The values you specify here override
any default values configured elsewhere.
To configure an IP address and identifier for the packet analyzer, include the
analyzer-address and analyzer-id statements at the [edit services flow-collector] hierarchy
level:
[edit services flow-collector]
analyzer-address address;
analyzer-id name;
Configuring File Formats
You configure data file formats, name formats, and transfer characteristics for the flow
collection files. File records are sent to the destination FTP server when the timer expires
or when a preset number of records are received, whichever comes first.
To configure the flow collection file format, include the file-specification statement at
the [edit services flow-collector] hierarchy level:
[edit services flow-collector]
file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
To set the data file format, include the data-format statement. To set the file name
format, include the name-format statement. To set the export timer and file size
thresholds, include the transfer statement and specify values for the timeout and
record-level options.
For example, you can specify the name format as follows:
Copyright © 2014, Juniper Networks, Inc. 29
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
[edit services flow-collector file-specification variant variant-number]
name-format "cFlowd-py69Ni69-0-%D_%T-%I_%N.bcp.bi.gz";
In this example, cFlowd-py69Ni69-0 is the static portion used verbatim, %D is the date
in YYYYMMDD format, %T is the time in HHMMSS format, %I is the value of ifAlias, %N
is the generation number, and bcp.bi.gz is a user-configured string. A number of macros
are supported for expressing the date and time information in different ways; for a
complete list, see the summary section for name-format.
Configuring Interface Mappings
You can match an input interface with a flow collector interface and apply the preset
file specifications to the input interface.
To configure an interface mapping, include the interface-map statement at the [edit
services flow-collector] hierarchy level:
[edit services flow-collector]
interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
collector interface-name;
file-specification variant-number;
}
}
To configure the default flow collector and file specifications for all input interfaces,
include the file-specification and collector statements at the [edit services flow-collector
interface-map] hierarchy level. To override the default settings and apply flow collector
and file specifications to a specific input interface, include the file-specification and
collector statements at the [edit services flow-collector interface-map interface-name]
hierarchy level.
Configuring Transfer Logs
You can configure the filename, export interval, maximum size, and destination FTP
server for log files containing the transfer activity history for a flow collector interface.
To configure a transfer log, include the transfer-log-archive statement at the [edit services
flow-collector] hierarchy level:
[edit services flow-collector]
transfer-log-archive {
archive-sites {
ftp:url {
password "password";
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
30 Copyright © 2014, Juniper Networks, Inc.
Chapter 3: Processing and Exporting Multiple Records Using Flow Collection
To configure the destination for archiving files, include the archive-sites statement. Specify
the filename as follows:
[edit services flow-collector transfer-log]
filename "cFlowd-py69Ni69-0-%D_%T";
where cFlowd-py69Ni69-0 is the static portion used verbatim, %D is the date in
YYYYMMDD format, and %T is the time in HHMMSS format.
You can optionally include the following statements:
• filename-prefix—Sets a standard prefix for all the logged files.
• maximum-age—Specifies the duration a file remains on the server. The range is 1 through
360 minutes.
Configuring Retry Attempts
You can specify values for situations in which the flow collector interface needs more
than one attempt to transfer log files to the FTP server:
• Maximum number of retry attempts
• Amount of time the flow collector interface waits between successive retries
To configure retry settings, include the retry and retry-delay statements at the [edit
services flow-collector] hierarchy level:
retry number;
retry-delay seconds;
The retry value can be from 0 through 10. The retry-delay value can be from 0 through
60 seconds.
Related • Flow Collection Overview on page 27
Documentation
• Sending cflowd Records to Flow Collector Interfaces on page 31
• Configuring Flow Collection Mode and Interfaces on Services PICs on page 32
• Example: Configuring Flow Collection
Sending cflowd Records to Flow Collector Interfaces
To specify a flow collector interface as the destination for cflowd records coming from
a services PIC, include the collector-pic statement at the [edit forwarding-options
monitoring group-name family inet output flow-export-destination] hierarchy level:
[edit forwarding-options monitoring group-name family inet output flow-export-destination]
collector-pic;
You can select either the flow collector interface or a cflowd server as the destination
for cflowd records, but not both at the same time.
Copyright © 2014, Juniper Networks, Inc. 31
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Flow Collection Overview on page 27
Documentation
• Configuring Flow Collection on page 28
• Configuring Flow Collection Mode and Interfaces on Services PICs on page 32
• Example: Configuring Flow Collection
Configuring Flow Collection Mode and Interfaces on Services PICs
You can select the services PIC to run in either flow collection mode or monitoring mode,
but not both.
To set the services PIC to run in flow collection mode, include the flow-collector statement
at the [edit chassis fpc slot-number pic pic-number monitoring-services application]
hierarchy level:
[edit chassis fpc slot-number pic pic-number monitoring-services application]
flow-collector;
For further information on configuring chassis properties, see the Junos OS Administration
Library for Routing Devices.
To specify flow collection interfaces, you configure the cp interface at the [edit interfaces]
hierarchy level:
[edit interfaces]
cp-fpc/pic/port {
...
}
Related • Flow Collection Overview on page 27
Documentation
• Configuring Flow Collection on page 28
• Sending cflowd Records to Flow Collector Interfaces on page 31
• Example: Configuring Flow Collection
32 Copyright © 2014, Juniper Networks, Inc.
PART 2
Flow Capture Services
• Dynamically Capturing Packet Flows Using Junos Capture Vision on page 35
• Detecting Threats and Intercepting Flows Using Junos Packet Vision on page 47
Copyright © 2014, Juniper Networks, Inc. 33
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
34 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 4
Dynamically Capturing Packet Flows
Using Junos Capture Vision
• Understanding Junos Capture Vision on page 35
• Configuring Junos Capture Vision on page 37
• Example: Configuring Junos Capture Vision on page 43
Understanding Junos Capture Vision
Junos Capture Vision (known as dynamic flow capture in Junos OS Releases earlier than
13.2) enables you to capture packet flows on the basis of dynamic filtering criteria.
Specifically, you can use this feature to forward passively monitored packet flows that
match a particular filter list to one or more destinations using an on-demand control
protocol.
This topic contains the following sections:
• Junos Capture Vision Architecture on page 35
• Liberal Sequence Windowing on page 36
• Intercepting IPv6 Flows on page 37
Junos Capture Vision Architecture
The architecture consists of one or more control sources that send requests to a Juniper
Networks router to monitor incoming data, and then forward any packets that match
specific filter criteria to a set of one or more content destinations. The architectural
components are defined as follows:
• Control source—A client that monitors electronic data or voice transfer over the network.
The control source sends filter requests to the Juniper Networks router using the
Dynamic Task Control Protocol (DTCP), specified in draft-cavuto-dtcp-03.txt at
http://www.ietf.org/internet-drafts. The control source is identified by a unique identifier
and an optional list of IP addresses.
• Monitoring platform—A T Series or M320 router containing one or more Dynamic Flow
Capture (DFC) PICs, which support dynamic flow capture processing. The monitoring
platform processes the requests from the control sources, creates the filters, monitors
Copyright © 2014, Juniper Networks, Inc. 35
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
incoming data flows, and sends the matched packets to the appropriate content
destinations.
• Content destination—Recipient of the matched packets from the monitoring platform.
Typically the matched packets are sent using an IP Security (IPsec) tunnel from the
monitoring platform to another router connected to the content destination. The
content destination and the control source can be physically located on the same host.
For more information on IPsec tunnels, see Junos VPN Site Secure.
NOTE: The Junos Capture Vision PIC (either a Monitoring Services III PIC or
Multiservices 400 PIC) forwards the entire packet content to the content
destination, rather than to a content record as is done with cflowd or flow
aggregation version 9 templates.
Figure 3 on page 36 shows a sample topology. The number of control sources and content
destinations is arbitrary.
Figure 3: Junos Capture Vision Topology
Liberal Sequence Windowing
Each DTCP packet (add, delete, list, and refresh packets) contains a 64-bit sequence
number to identify the order of the packets. Because the network is connectionless, the
DTCP packets can arrive out of order to the router running the Junos Capture Vision
application.
The liberal sequence window feature implements a negative window for the sequence
numbers received in the DTCP packets. It enables the Junos Capture Vision application
to accept not only DTCP packets with sequence numbers greater than those previously
received, but also DTCP packets with lesser sequence numbers, up to a certain limit. This
limit is the negative window size; the positive and negative window sizes are +256 and
–256 respectively, relative to the current maximum sequence number received. No
36 Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Dynamically Capturing Packet Flows Using Junos Capture Vision
configuration is required to activate this feature; the window sizes are hard-coded and
nonconfigurable.
Intercepting IPv6 Flows
Starting with Junos OS Release 11.4, Junos Capture Vision also supports intercepting IPv6
flows in M320, T320, T640, and T1600 routers with a Multiservices 400 or Multiservices
500 PIC. Junos Capture Vision can intercept passively monitored IPv6 traffic only. All
support for IPv4 interception remains the same. The interception of IPv6 traffic happens
in the same way the filters capture IPv4 flows. With the introduction of IPv6 interception,
both IPv4 and IPv6 filters can coexist. The mediation device, however, cannot be located
in an IPv6 network.
Junos Capture Vision does not support interception of VPLS and MPLS traffic. The
application cannot intercept Address Resolution Protocol (ARP) or other Layer 2 exception
packets. The interception filter can be configured to timeout based on factors like total
time (seconds), idle time (seconds), total packets or total data transmitted (bytes).
Related • Configuring Junos Capture Vision on page 37
Documentation
• Example: Configuring Junos Capture Vision on page 43
Configuring Junos Capture Vision
This section describes the following tasks for configuring Junos Capture Vision:
• Configuring the Capture Group on page 37
• Configuring the Content Destination on page 38
• Configuring the Control Source on page 39
• Configuring the DFC PIC Interface on page 40
• Configuring the Firewall Filter on page 41
• Configuring System Logging on page 41
• Configuring Tracing Options for Junos Capture Vision Events on page 42
• Configuring Thresholds on page 42
• Limiting the Number of Duplicates of a Packet on page 43
Configuring the Capture Group
A capture group defines a profile of Junos Capture Vision configuration information. The
static configuration includes information about control sources, content destinations,
and notification destinations. Dynamic configuration is added through interaction with
control sources using a control protocol.
To configure a capture group, include the capture-group statement at the [edit services
dynamic-flow-capture] hierarchy level:
capture-group client-name {
content-destination identifier {
address address;
Copyright © 2014, Juniper Networks, Inc. 37
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destinations ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
duplicates-dropped-periodicity seconds;
input-packet-rate-threshold rate;
interfaces interface-name;
max-duplicates number;
pic-memory-threshold percentage percentage;
}
To specify the capture-group, assign it a unique client-name that associates the information
with the requesting control sources.
Configuring the Content Destination
You must specify a destination for the packets that match DFC PIC filter criteria. To
configure the content destination, include the content-destination statement at the [edit
services dynamic-flow-capture capture-group client-name] hierarchy level:
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
Assign the content-destination a unique identifier. You must also specify its IP address
and you can optionally include additional settings:
• address—The DFC PIC interface appends an IP header with this destination address
on the matched packet (with its own IP header and contents intact) and sends it out
to the content destination.
• ttl—The time-to-live (TTL) value for the IP-IP header. By default, the TTL value is 255.
Its range is 0 through 255.
• Congestion thresholds—You can specify per-content destination bandwidth limits that
control the amount of traffic produced by the DFC PIC during periods of congestion.
The thresholds are arranged in two pairs: hard-limit and hard-limit-target, and soft-limit
and soft-limit-clear. You can optionally include one or both of these paired settings.
All four settings are 10–second average bandwidth values in bits per second. Typically
38 Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Dynamically Capturing Packet Flows Using Junos Capture Vision
soft-limit-clear < soft-limit < hard-limit-target < hard-limit. When the content bandwidth
exceeds the soft-limit setting:
1. A congestion notification message is sent to each control source of the criteria that
point to this content destination
2. If the control source is configured for syslog, a system log message is generated.
3. A latch is set, indicating that the control sources have been notified. No additional
notification messages are sent until the latch is cleared, when the bandwidth falls
below the soft-limit-clear value.
When the bandwidth exceeds the hard-limit value:
1. Junos Capture Vision begins deleting criteria until the bandwidth falls below the
hard-limit-target value.
2. For each criterion deleted, a CongestionDelete notification is sent to the control
source for that criterion.
3. If the control source is configured for syslog, a log message is generated.
The application evaluates criteria for deletion using the following data:
• Priority—Lower priority criteria are purged first, after adjusting for control source
minimum priority.
• Bandwidth—Higher bandwidth criteria are purged first.
• Timestamp—The more recent criteria are purged first.
Configuring the Control Source
You configure information about the control source, including allowed source addresses
and destinations and authentication key values. To configure the control source
information, include the control-source statement at the [edit services
dynamic-flow-capture capture-group client-name] hierarchy level:
control-source identifier {
allowed-destinations [ destination-identifiers ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
Assign the control-source statement a unique identifier. You can also include values for
the following statements:
• allowed-destinations—One or more content destination identifiers to which this control
source can request that matched data be sent in its control protocol requests. If you
do not specify any content destinations, all available destinations are allowed.
• minimum-priority—Value assigned to the control source that is added to the priority of
the criteria in the DTCP ADD request to determine the total priority for the criteria. The
Copyright © 2014, Juniper Networks, Inc. 39
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
lower the value, the higher the priority. By default, minimum-priority has a value of 0
and the allowed range is 0 through 254.
• notification-targets—One or more destinations to which the DFC PIC interface can log
information about control protocol-related events and other events such as PIC bootup
messages. You configure each notification-target entry with an IP address value and
a User Datagram Protocol (UDP) port number.
• service-port—UDP port number to which the control protocol requests are directed.
Control protocol requests that are not directed to this port are discarded by DFC PIC
interfaces.
• shared-key—20-byte authentication key value shared between the control source and
the DFC PIC monitoring platform.
• source-addresses—One or more allowed IP addresses from which the control source
can send control protocol requests to the DFC PIC monitoring platform. These are /32
addresses.
Configuring the DFC PIC Interface
You specify the interface that interacts with the control sources configured in the same
capture group. A Monitoring Services III PIC can belong to only one capture group, and
you can configure only one PIC for each group.
To configure a DFC PIC interface, include the interfaces statement at the [edit services
dynamic-flow-capture capture-group client-name] hierarchy level:
interfaces interface-name;
You specify DFC interfaces using the dfc- identifier at the [edit interfaces] hierarchy level.
You must specify three logical units on each DFC PIC interface, numbered 0, 1, and 2. You
cannot configure any other logical interfaces.
• unit 0 processes control protocol requests and responses.
• unit 1 receives monitored data.
• unit 2 transmits the matched packets to the destination address.
The following example shows the configuration necessary to set up a DFC PIC interface
and intercept both IPv4 and IPv6 traffic:
[edit interfaces dfc-0/0/0]
unit 0 {
family inet {
filter {
output high; #Firewall filter to route control packets
# through 'network-control' forwarding class. Control packets
# are loss sensitive.
}
address 10.1.0.0/32 { # DFC PIC address
destination 10.36.100.1; # DFC PIC address used by
# the control source to correspond with the
# monitoring platform
40 Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Dynamically Capturing Packet Flows Using Junos Capture Vision
}
}
unit 1 { # receive data packets on this logical interface
family inet; # receive IPv4 traffic for interception
family inet6; # receive IPv6 traffic for interception
}
unit 2 { # send out copies of matched packets on this logical interface
family inet;
}
In addition, you must configure Junos Capture Vision to run on the DFC PIC in the correct
chassis location. The following example shows this configuration at the [edit chassis]
hierarchy level:
fpc 0 {
pic 0 {
monitoring-services application dynamic-flow-capture;
}
}
For more information on configuring chassis properties, see the Junos OS Administration
Library for Routing Devices.
Configuring the Firewall Filter
You can specify the firewall filter to route control packets through the network control
forwarding class. The control packets are loss sensitive. To configure the firewall filter,
include the following statements at the [edit] hierarchy level:
firewall {
family inet {
filter high {
term all {
then forwarding-class network-control;
}
}
}
}
Configuring System Logging
By default, control protocol activity is logged as a separate system log facility, dfc. To
modify the filename or level at which control protocol activity is recorded, include the
following statements at the [edit syslog] hierarchy level:
file dfc.log {
dfc any;
}
To cancel logging, include the no-syslog statement at the [edit services
dynamic-flow-capture capture-group client-name control-source identifier] hierarchy level:
no-syslog;
Copyright © 2014, Juniper Networks, Inc. 41
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
NOTE: Junos Capture Vision (dfc-) interface supports up to 10,000 filter
criteria. When more than 10,000 filters are added to the interface, the filters
are accepted, but system log messages are generated indicating that the
filter is full.
Configuring Tracing Options for Junos Capture Vision Events
You can enable tracing options for Junos Capture Vision events by including the
traceoptions statement at the [edit services dynamic-flow-capture] hierarchy level.
When you include the traceoptions configuration, you can also specify the trace file name,
maximum number of trace files, the maximum size of trace files, and whether the trace
file can be read by all users or not.
To enable tracing options for Junos Capture Vision events, include the following
configuration at the [edit services dynamic-flow-capture] hierarchy level:
traceoptions{
file filename <files number> <size size> <world-readable | non-world-readable>;
}
To disable tracing for Junos Capture Vision events, delete the traceoptions configuration
from the [edit services dynamic-flow-capture] hierarchy level.
NOTE: In Junos OS releases earlier than 9.2R1, tracing of Junos Capture Vision
was enabled by default, and the logs were saved to the/var/log/dfcd directory.
Configuring Thresholds
You can optionally specify threshold values for the following situations in which warning
messages will be recorded in the system log:
• Input packet rate to the DFC PIC interfaces
• Memory usage on the DFC PIC interfaces
To configure threshold values, include the input-packet-rate-threshold or
pic-memory-threshold statements at the [edit services dynamic-flow-capture
capture-group client-name] hierarchy level:
input-packet-rate-threshold rate;
pic-memory-threshold percentage percentage;
If these statements are not configured, no threshold messages are logged. The threshold
settings are configured for the capture group as a whole.
The range of configurable values for the input-packet-rate-threshold statement is 0
through 1 Mpps. The PIC calibrates the value accordingly; the Monitoring Services III PIC
caps the threshold value at 300 Kpps and the Multiservices 400 PIC uses the full
42 Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Dynamically Capturing Packet Flows Using Junos Capture Vision
configured value. The range of values for the pic-memory-threshold statement is 0 to
100 percent.
Limiting the Number of Duplicates of a Packet
You can optionally specify the maximum number of duplicate packets the DFC PIC is
allowed to generate from a single input packet. This limitation is intended to reduce the
load on the PIC when packets are sent to multiple destinations. When the maximum
number is reached, the duplicates are sent to the destinations with the highest criteria
class priority. Within classes of equal priority, criteria having earlier timestamps are
selected first.
To configure this limitation, include the max-duplicates statement at the [edit services
dynamic-flow-capture capture-group client-name] hierarchy level:
max-duplicates number;
You can also apply the limitation on a global basis for the DFC PIC by including the
g-max-duplicates statement at the [edit services dynamic-flow-capture] hierarchy level:
g-max-duplicates number;
By default, the maximum number of duplicates is set to 3. The range of allowed values
is 1 through 64. A setting for max-duplicates for an individual capture-group overrides the
global setting.
In addition, you can specify the frequency with which the application sends notifications
to the affected control sources that duplicates are being dropped because the threshold
has been reached. You configure this setting at the same levels as the maximum
duplicates settings, by including the duplicates-dropped-periodicity statement at the
[edit services dynamic-flow-capture capture-group client-name] hierarchy level or the
g-duplicates-dropped-periodicity statement at the [edit services dynamic-flow-capture]
hierarchy level:
duplicates-dropped-periodicity seconds;
g-duplicates-dropped-periodicity seconds;
As with the g-max-duplicates statement, the g-duplicates-dropped-periodicity statement
applies the setting globally for the application and is overridden by a setting applied at
the capture-group level. By default, the frequency for sending notifications is 30 seconds.
Related • Understanding Junos Capture Vision on page 35
Documentation
• Example: Configuring Junos Capture Vision on page 43
Example: Configuring Junos Capture Vision
The following example includes all parts of a complete Junos Capture Vision configuration.
Configure the Junos Capture Vision PIC interface:
[edit interfaces dfc-0/0/0]
unit 0 {
family inet {
Copyright © 2014, Juniper Networks, Inc. 43
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
filter {
output high; #Firewall filter to route control packets
# through 'network-control' forwarding class. Control packets
# are loss sensitive.
}
address 10.1.0.0/32 { # DFC PIC address
destination 10.36.100.1; # DFC PIC address used by
# the control source to correspond with the
# monitoring platform
}
}
unit 1 { # receive data packets on this logical interface
family inet;
family inet6;
}
unit 2 { # send out copies of matched packets on this logical interface
family inet;
}
Configure the capture group:
services dynamic-flow-capture {
capture-group g1 {
interfaces dfc-0/0/0;
input-packet-rate-threshold 90k;
pic-memory-threshold percentage 80;
control-source cs1 {
source-addresses 10.36.41.1;
service-port 2400;
notification-targets {
10.36.41.1 port 2100;
}
shared-key "$9$ASxdsYoX7wg4aHk";
allowed-destinations cd1;
}
content-destination cd1 {
address 10.36.70.2;
ttl 244;
}
}
}
Configur3 filter-based forwarding (FBF) to the Junos Capture Vision PIC interface, logical
unit 1.
For more information about configuring passive monitoring interfaces, see “Enabling
Passive Flow Monitoring” on page 18.
interfaces so-1/2/0 {
encapsulation ppp;
unit 0 {
passive-monitor-mode;
family inet {
filter {
input catch;
}
}
44 Copyright © 2014, Juniper Networks, Inc.
Chapter 4: Dynamically Capturing Packet Flows Using Junos Capture Vision
}
}
Configure the firewall filter:
firewall {
filter catch {
interface-specific;
term def {
then {
count counter;
routing-instance fbf_inst;
}
}
}
family inet {
filter high {
term all {
then forwarding-class network-control;
}
}
}
}
Configure a forwarding routing instance. The next hop points specifically to the logical
interface corresponding to unit 1, because only this particular logical unit is expected to
relay monitored data to the Junos Capture Vision PIC.
routing-instances fbf_inst {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop dfc-0/0/0.1;
}
}
}
Configure routing table groups:
[edit]
routing-options {
interface-routes {
rib-group inet common;
}
rib-groups {
common {
import-rib [ inet.0 fbf_inst.inet.0 ];
}
}
forwarding-table {
export pplb;
}
}
Configure interfaces to the control source and content destination:
interfaces fe-4/1/2 {
description "to cs1 from dfc";
Copyright © 2014, Juniper Networks, Inc. 45
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
unit 0 {
family inet {
address 10.36.41.2/30;
}
}
}
interfaces ge-7/0/0 {
description "to cd1 from dfc";
unit 0 {
family inet {
address 10.36.70.1/30;
}
}
}
Related • Understanding Junos Capture Vision on page 35
Documentation
• Configuring Junos Capture Vision on page 37
46 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 5
Detecting Threats and Intercepting Flows
Using Junos Packet Vision
• Understanding Junos Packet Vision on page 47
• Junos Packet Vision Architecture on page 48
• Configuring Junos Packet Vision on page 49
• Configuring FlowTapLite on page 52
• Examples: Configuring Junos Packet Vision on page 53
Understanding Junos Packet Vision
Junos Capture Vision (previously known as dynamic flow capture) enables you to capture
packet flows on the basis of dynamic filtering criteria, using Dynamic Tasking Control
Protocol (DTCP) requests. Junos Packet Vision is a Junos OS application that performs
lawful intercept of packet flows, using Dynamic Tasking Control Protocol (DTCP). The
application extends the use of DTCP to intercept IPv4 and IPv6 packets in an active
monitoring router and send a copy of packets that match filter criteria to one or more
content destinations. Junos Packet Vision was previously know as flow-tap application.
Junos Packet Vision data can be used in the following applications:
• Flexible trend analysis for detection of new security threats
• Lawful intercept
Junos Packet Vision is supported on M Series and T Series routers, except M160 and TX
Matrix routers. Junos Packet Vision filters are applied on all IPv4 traffic and do not add
any perceptible delay in the forwarding path. Junos Packet Vision filters can also be
applied on IPv6 traffic. For security, filters installed by one client are not visible to others
and the CLI configuration does not reveal the identity of the monitored target. A lighter
version of the application is supported on MX Series routers only.
Related • Junos Packet Vision Architecture on page 48
Documentation
• Configuring Junos Packet Vision on page 49
• Configuring FlowTapLite on page 52
• Examples: Configuring Junos Packet Vision on page 53
Copyright © 2014, Juniper Networks, Inc. 47
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Junos Packet Vision Architecture
The Junos Packet Vision (previously known as Flow-Tap) architecture consists of one
or more mediation devices that send requests to a Juniper Networks router to monitor
incoming data and forward any packets that match specific filter criteria to a set of one
or more content destinations:
• Mediation device—A client that monitors electronic data or voice transfer over the
network. The mediation device sends filter requests to the Juniper Networks router
using the DTCP. The clients are not identified for security reasons, but have permissions
defined by a set of special login classes. Each system can support up to 16 different
mediation devices for each user, up to a maximum of 64 mediation devices for the
whole system.
• Monitoring platform—An M Series or T Series router containing one or more Adaptive
Services (AS) or Multiservices PICs, which are configured to support the Junos Packet
Vision application. The monitoring platform processes the requests from the mediation
devices, applies the dynamic filters, monitors incoming data flows, and sends the
matched packets to the appropriate content destinations.
• Content destination—Recipient of the matched packets from the monitoring platform.
Typically the matched packets are sent using an IP Security (IPsec) tunnel from the
monitoring platform to another router connected to the content destination. The
content destination and the mediation device can be physically located on the same
host. For more information about IPsec tunnels, see Junos VPN Site Secure.
• Dynamic filters—Firewall filters automatically generated by the Packet Forwarding
Engine and applied to all routing instances. Each term in the filter includes a flow-tap
action that is similar to the existing sample or port-mirroring actions. As long as one of
the filter terms matches an incoming packet, the router copies the packet and forwards
it to the Adaptive Services or Multiservices PIC that is configured for Junos Packet
Vision service. The Adaptive Services or Multiservices PIC runs the packet through the
client filters and sends a copy to each matching content destination.
Following is a sample filter configuration; note that it is dynamically generated by the
router (no user configuration is required):
filter combined_LEA_filter {
term LEA1_filter {
from {
source-address 1.2.3.4;
destination-address 3.4.5.6;
}
then {
flow-tap;
}
}
term LEA2_filter {
from {
source-address 10.1.1.1;
source-port 23;
}
48 Copyright © 2014, Juniper Networks, Inc.
Chapter 5: Detecting Threats and Intercepting Flows Using Junos Packet Vision
then {
flow-tap;
}
}
}
Figure 4 on page 49 shows a sample topology that uses two mediation devices and two
content destinations.
Figure 4: Junos Packet Vision Topology
IP traffic
Juniper
Networks
router
Mediation LEA1 request Packet Forwarding
device 1 LEA1 response Engine filter
OK
Content
destination 1
Forwarded
Copied Original packet
packet packet
Mediation LEA2 request Flows matching
device 2 LEA2 response LEA1 installed
OK filters
Service PIC running
Content Routing
Flow-tap Service
destination 2 Flows matching
LEA2 installed
filters
g040869
LEA = Law Enforcing Authority
Related • Understanding Junos Packet Vision on page 47
Documentation
• [edit services flow-tap] Hierarchy Level on page 245
• Configuring Junos Packet Vision on page 49
• Examples: Configuring Junos Packet Vision on page 53
Configuring Junos Packet Vision
This topic explains Junos Packet Vision (previously known as Flow-Tap) configuration,
and contains the following sections:
• Configuring the Junos Packet Vision Interface on page 49
• Strengthening Junos Packet Vision Security on page 50
• Restrictions on Junos Packet Vision Services on page 51
Configuring the Junos Packet Vision Interface
To configure an adaptive services interface for flow-tap service, include the interface
statement at the [edit services flow-tap] hierarchy level:
Copyright © 2014, Juniper Networks, Inc. 49
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
interface sp-fpc/pic/port.unit-number;
You can assign any Adaptive Services or Multiservices PIC in the active monitoring router
for Junos Packet Vision, and use any logical unit on the PIC.
You can specify the type of traffic for which you want to apply the Junos Packet Vision
service by including the family inet | inet6 statement. If the family statement is not included,
the Junos Packet Vision service is, by default, applied to the IPv4 traffic. To apply Junos
Packet Vision service to IPv6 traffic, you must include the family inet6 statement in the
configuration. To enable the Junos Packet Vision service for IPv4 and IPv6 traffic, you
must explicitly configure the family statement for both inet and inet6 families.
NOTE: You cannot configure Junos Capture Vision (previously known as
dynamic flow capture) and Junos Packet Vision services on the same router
simultaneously.
You must also configure the logical interface at the [edit interfaces] hierarchy level:
interface sp-fpc/pic/port {
unit logical-unit-number {
family inet;
family inet6;
}
}
NOTE: If you do not include the family inet6 statement in the configuration,
IPv6 flows will not be intercepted.
Strengthening Junos Packet Vision Security
You can add an extra level of security to Dynamic Tasking Control Protocol (DTCP)
transactions between the mediation device and the router by enabling DTCP sessions
on top of the SSH layer. To configure SSH settings, include the flow-tap-dtcp statement
at the [edit system services] hierarchy level:
flow-tap-dtcp {
ssh {
connection-limit value;
rate-limit value;
}
}
To configure client permissions for viewing and modifying Junos Packet Vision
configurations and for receiving tapped traffic, include the permissions statement at the
[edit system login class class-name] hierarchy level:
permissions [permissions];
The permissions needed to use Junos Packet Vision features are as follows:
• flow-tap—Can view Junos Packet Vision configuration
50 Copyright © 2014, Juniper Networks, Inc.
Chapter 5: Detecting Threats and Intercepting Flows Using Junos Packet Vision
• flow-tap-control—Can modify Junos Packet Vision configuration
• flow-tap-operation—Can tap flows
You can also specify user permissions on a RADIUS server, for example:
Bob Auth-Type := Local, User-Password = = “abc123”
Juniper-User-Permissions = “flow-tap-operation”
For details on [edit system] and RADIUS configuration, see the Junos OS Administration
Library for Routing Devices.
Restrictions on Junos Packet Vision Services
The following restrictions apply to Junos Packet Vision services:
• You cannot configure Junos Capture Vision and Junos Packet Vision features on the
same router simultaneously.
• On routers that support LMNR-based FPCs, you cannot configure the Junos Packet
Vision for IPv6 along with port mirroring or sampling of IPv6 traffic. This restriction
applies even if the router does not have any LMNR-based FPC installed in it. However,
there is no restriction on configuring Junos Packet Vision on routers that are configured
for port mirroring or sampling of IPv4 traffic.
• Junos Packet Vision does not support interception of MPLS and virtual private LAN
service (VPLS).
• Junos Packet Vision cannot intercept Address Resolution Protocol (ARP) and other
Layer 2 exceptions.
• IPv4 and IPv6 intercept filters can coexist on a system, subject to a combined maximum
of 100 filters.
• When Junos Capture Vision process or the Adaptive Services or Multiservices PIC
configured for Junos Packet Vision restarts, all filters are deleted and the mediation
devices are disconnected.
• Only the first fragment of an IPv4 fragmented packet stream is sent to the content
destination.
• Port mirroring might not work in conjunction with Junos Packet Vision.
• Running the Junos Packet Vision over an IPsec tunnel on the same router can cause
packet loops and is not supported.
• M10i routers do not support the standard Junos Packet Vision, but do support
FlowTapLite (see “Configuring FlowTapLite” on page 52). Junos Packet Vision and
FlowTapLite cannot be configured simultaneously on the same chassis.
• PIC-based flow-tap is not supported on M7i and M10i routers equipped with an
Enhanced Compact Forwarding Engine Board (CFEB-E).
• You cannot configure Junos Packet Vision on channelized interfaces.
Related • Configuring FlowTapLite on page 52
Documentation
Copyright © 2014, Juniper Networks, Inc. 51
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Configuring FlowTapLite
A lighter version of the flow-tap application is available on MX Series routers and also
on M320 routers with Enhanced III Flexible PIC Concentrators (FPCs). All of the
functionality resides in the Packet Forwarding Engine rather than a service PIC or Dense
Port Concentrator (DPC).
NOTE: On M320 routers only, if the replacement of FPCs results in a mode
change, you must restart the dynamic flow capture process manually by
disabling and then re-enabling the CLI configuration.
FlowTapLite uses the same DTCP-SSH architecture to install the Dynamic Tasking
Control Protocol (DTCP) filters and authenticate the users as the original flow-tap
application and supports up to 3000 filters per chassis.
NOTE: The original flow-tap application and FlowTapLite cannot be used
at the same time.
To configure FlowTapLite, include the flow-tap statement at the [edit services] hierarchy
level:
flow-tap {
tunnel-interface interface-name;
}
For the Packet Forwarding Engine to encapsulate the intercepted packet, it must send
the packet to a tunnel logical (vt-) interface. You need to allocate a tunnel interface and
assign it to the dynamic flow capture process for FlowTapLite to use. To create the tunnel
interface, include the following configuration:
chassis {
fpc number {
pic number {
tunnel-services {
bandwidth (1g | 10g);
}
}
}
}
NOTE: Currently FlowTapLite supports only one tunnel interface per instance.
For more information about this configuration, see the Junos OS Administration Library
for Routing Devices.
To configure the logical interfaces and assign them to the dynamic flow capture process,
include the following configuration:
52 Copyright © 2014, Juniper Networks, Inc.
Chapter 5: Detecting Threats and Intercepting Flows Using Junos Packet Vision
interfaces {
vt-fpc/pic/port {
unit 0 {
family inet;
family inet6;
}
}
}
NOTE: If a service PIC or DPC is available, you can use its tunnel interface for
the same purpose.
NOTE: If you do not include the family intet6 statement in the configuration,
IPv6 flows will not be intercepted.
NOTE: With FlowTapLite configured and traceoptions enabled, if you add
more than two content destinations by including the X-JTAP-
CDEST-DEST-ADDRESS line in the Dynamic Tasking Control Protocol (DTCP)
parameter file and initiate a DTCP session by sending a DTCP ADD message,
a '400 BAD request' message is received. Although you can specify more
than two content destinations in the DTCP file that is sent from the mediation
device, this error message occurs when the DTCP ADD message is sent. This
behavior is expected with more than two content destinations. You must
specify only two content destinations per DTCP ADD message.
Related • Understanding Junos Packet Vision on page 47
Documentation
• [edit services flow-tap] Hierarchy Level on page 245
• Configuring Junos Packet Vision on page 49
• Examples: Configuring Junos Packet Vision on page 53
Examples: Configuring Junos Packet Vision
The following example shows all parts of a complete Junos Packet Vision configuration
with IPv4 and IPv6 flow intercepts
NOTE: The following example applies only to M Series and T Series routers,
except M160 and TX Matrix routers. For MX Series routers, because the
flow-tap application resides in the Packet Forwarding Engine rather than a
service PIC or Dense Port Concentrator (DPC), the Packet Forwarding Engine
must send the packet to a tunnel logical (vt-) interface to encapsulate the
intercepted packet. In such a scenario, you need to allocate a tunnel interface
and assign it to the dynamic flow capture process for FlowTapLite to use.
Copyright © 2014, Juniper Networks, Inc. 53
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
services {
flow-tap {
interface sp-1/2/0.100;
}
}
interfaces {
sp-1/2/0 {
unit 100 {
family inet;
family inet6;
}
}
}
system {
services {
flow-tap-dtcp {
ssh {
connection-limit 5;
rate-limit 5;
}
}
}
login {
class ft-class {
permissions flow-tap-operation;
}
user ft-user1 {
class ft-class;
authentication {
encrypted-password “xxxx”;
}
}
}
}
The following example shows a FlowTapLite configuration that intercepts IPv4 and IPv6
flows:
system {
login {
class flowtap {
permissions flow-tap-operation;
}
user ftap {
uid 2000;
class flowtap;
authentication {
encrypted-password "$1$nZfwNn4L$TWi/oxFwFZyOyyxN/87Jv0"; ##
SECRET-DATA
}
}
}
services {
flow-tap-dtcp {
ssh;
}
54 Copyright © 2014, Juniper Networks, Inc.
Chapter 5: Detecting Threats and Intercepting Flows Using Junos Packet Vision
}
}
chassis {
fpc 0 {
pic 0 {
tunnel-services {
bandwidth 10g;
}
}
}
}
interfaces {
vt-0/0/0 {
unit 0 {
family inet;
family inet6;
}
}
}
services {
flow-tap {
tunnel-interface vt-0/0/0.0;
}
}
Related • Understanding Junos Packet Vision on page 47
Documentation
• [edit services flow-tap] Hierarchy Level on page 245
• Configuring Junos Packet Vision on page 49
• Configuring FlowTapLite on page 52
Copyright © 2014, Juniper Networks, Inc. 55
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
56 Copyright © 2014, Juniper Networks, Inc.
PART 3
Sampling, Discard Accounting, and Port
Mirroring Services
• Sampling Data Using Traffic Sampling and Discard Accounting on page 59
• Sampling Data Using Inline Sampling on page 73
• Sampling Data Using Flow Aggregation on page 85
• Sending Packets for Analysis Using Port Mirroring on page 121
Copyright © 2014, Juniper Networks, Inc. 57
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
58 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 6
Sampling Data Using Traffic Sampling
and Discard Accounting
• Configuring Traffic Sampling on page 59
• Sampling Instance Configuration on page 69
• Configuring Discard Accounting on page 70
Configuring Traffic Sampling
Traffic sampling enables you to copy traffic to a Physical Interface Card (PIC) that
performs flow accounting while the router forwards the packet to its original destination.
You can configure the router to perform sampling in either of two locations:
• On the Routing Engine, using the sampled process. To select this method, use a filter
(input or output) with a matching term that contains the then sample statement.
• On the Monitoring Services, Adaptive Services, or Multiservices PIC.
NOTE: Routing Engine based sampling is not supported on VPN routing and
forwarding (VRF) instances.
The following sections provide configuration instructions for traffic sampling:
• Configuring Firewall Filter for Traffic Sampling on page 59
• Configuring Traffic Sampling on a Logical Interface on page 61
• Disabling Traffic Sampling on page 62
• Sampling Once on page 62
• Preserving Prerewrite ToS Value for Egress Sampled or Mirrored Packets on page 62
• Configuring Traffic Sampling Output on page 63
• Tracing Traffic Sampling Operations on page 65
• Traffic Sampling Examples on page 66
Configuring Firewall Filter for Traffic Sampling
To configure firewall filter for traffic sampling, you must perform the following tasks:
Copyright © 2014, Juniper Networks, Inc. 59
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• Create a firewall filter to apply to the logical interfaces being sampled by including the
filter statement at the [edit firewall family family-name] hierarchy level. In the filter
then statement, you must specify the action modifier sample and the action accept.
filter filter-name {
term term-name {
then {
sample;
accept;
}
}
}
For more information about firewall filter actions and action modifiers, see the Routing
Policies, Firewall Filters, and Traffic Policers Feature Guide for Routing Devices.
• Apply the filter to the interfaces on which you want to sample traffic by including the
address and filter statements at the [edit interfaces interface-name unit
logical-unit-number family family-name] hierarchy level:
address address {
}
filter {
input filter-name;
}
The following prerequisites apply to M, MX, and T Series routers when you configure
traffic sampling on interfaces and in firewall filters:
• If you configure a sample action in a firewall filter for an inet or inet6 family on an
interface without configuring the forwarding-options settings, operational problems
might occur if you also configure port mirroring or flow-tap functionalities. In such a
scenario, all the packets that match the firewall filter are incorrectly sent to the service
PIC.
• If you include the then sample statement at the [edit firewall family inet filter filter-name
term term-name] hierarchy level to specify a sample action in a firewall filter for IPv4
packets, you must also include the family inet statement at the [edit forwarding-options
sampling] hierarchy level or the instance instance-name family inet statement at the
[edit forwarding-options sampling] hierarchy level. Similarly, if you include the then
sample statement at the [edit firewall family inet6 filter filter-name term term-name]
hierarchy level to specify a sample action in a firewall filter for IPv6 packets, you must
also include family inet6 statement at the [edit forwarding-options sampling] hierarchy
level or the instance instance-name family inet6 statement at the [edit
forwarding-options sampling] hierarchy level. Otherwise, a commit error occurs when
you attempt to commit the configuration.
• Also, if you configure traffic sampling on a logical interface by including the sampling
input or sampling output statements at the [edit interface interface-name unit
logical-unit-number] hierarchy level, you must also include the family inet | inet6
statement at the [edit forwarding-options sampling] hierarchy level, or the instance
instance-name family inet | inet6 statement at the [edit forwarding-options sampling]
hierarchy level.
60 Copyright © 2014, Juniper Networks, Inc.
Chapter 6: Sampling Data Using Traffic Sampling and Discard Accounting
Configuring Traffic Sampling on a Logical Interface
To configure traffic sampling on any logical interface, enable sampling and specify a non
zero sampling rate by including the sampling statement at the [edit forwarding-options]
hierarchy level:
sampling {
input {
rate number;
run-length number;
max-packets-per-second number;
maximum-packet-length bytes;
}
When you use Routing Engine-based sampling, specify the threshold traffic value by
including the max-packets-per-second statement. The value is the maximum number of
packets to be sampled, beyond which the sampling mechanism begins dropping packets.
The range is from 0 through 65,535. A value of 0 instructs the Packet Forwarding Engine
not to sample any packets. The default value is 1000.
NOTE: When you configure active monitoring and specify a Monitoring
Services, Adaptive Services, or Multiservices PIC in the output statement, the
max-packets-per-second value is ignored.
Specify the sampling rate by setting the values for rate and run-length (see
Figure 5 on page 61).
Figure 5: Configuring Sampling Rate
The rate statement specifies the ratio of packets to be sampled. For example, if you
configure a rate of 10, x number of packets out of every 10 is sampled, where x=run length
+ 1. By default, the rate is 0, which means that no traffic is sampled.
Copyright © 2014, Juniper Networks, Inc. 61
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The run-length statement specifies the number of matching packets to sample following
the initial one-packet trigger event. By default, the run length is 0, which means that no
more traffic is sampled after the trigger event. The range is from 0 through 20. Configuring
a run length greater than 0 allows you to sample packets following those already being
sampled.
NOTE: The run-length and maximum-packet-length configuration statements
are not supported on MX80 routers.
If you do not include the input statement, sampling is disabled.
To collect the sampled packets in a file, include the file statement at the [edit
forwarding-options sampling output] hierarchy level. Output file formats are discussed
later in the chapter.
Disabling Traffic Sampling
To explicitly disable traffic sampling on the router, include the disable statement at the
[edit forwarding-options sampling] hierarchy level:
disable;
Sampling Once
To explicitly sample a packet for active monitoring only once, include the sample-once
statement at the [edit forwarding-options sampling] hierarchy level:
sample-once;
Setting this option avoids duplication of packets in cases where sampling is enabled at
both the ingress and egress interfaces and simplifies analysis of the sampled traffic.
Preserving Prerewrite ToS Value for Egress Sampled or Mirrored Packets
To preserve the prenormalized type-of-service (ToS) value in egress sampled or mirrored
packets, include the pre-rewrite-tos statement at the [edit forwarding-options sampling]
hierarchy level.
On MPC-based interfaces, you can configure ToS rewrite either using class-of-service
(CoS) configuration by including the rewrite-rules dscp rule_name statement at the [edit
class-of-service interfaces interface-name unit logical-unit-number] hierarchy level or using
firewall filter configuration by including the dscp statement at the [edit firewall family
family-name filter filter-name term term-name then] hierarchy level. If ToS rewrite is
configured, the egress mirrored or sampled copies contain the post-rewrite ToS values
by default. With the pre-rewrite-tos configuration, you can retain the prerewrite ToS value
in the sampled or mirrored packets.
62 Copyright © 2014, Juniper Networks, Inc.
Chapter 6: Sampling Data Using Traffic Sampling and Discard Accounting
NOTE:
• If ToS rewrite is configured on the egress interface by using both CoS and
firewall filter configuration, and if the pre-rewrite-tos statement is also
configured, then the egress sampled packets contain the DSCP value set
using the firewall filter configuration. However, if the pre-rewrite-tos
statement is not configured, the egress sampled packets contain the DSCP
value set by the CoS configuration.
• With the pre-rewrite-tos statement, you can configure retaining
prenormalization ToS values only for sampling done under family inet and
family inet6.
• This feature cannot be configured at the [edit logical-systems] hierarchy
level. It can be configured only at the global level under the
forwarding-option configuration.
• When ToS rewrite is configured by using a firewall filter on both ingress
and egress interfaces, the egress sampled packets contain the DSCP value
set by the ingress ToS rewrite configuration if the pre-rewrite-tos statement
is configured. However, if the pre-rewrite-tos statement is not configured,
the egress sampled packets contain the DSCP value set by the ToS rewrite
configuration for the egress firewall filter.
• If the pre-rewrite-tos statement is configured, and a deactivate or delete
operation is performed at the [edit forwarding-options] hierarchy level,
pre-rewrite-tos configuration still remains active. To disable the
pre-rewrite-tos configuration for such a case, you must explicitly deactivate
or delete the pre-rewrite-tos statement at the [edit forwarding-options
sampling] hierarchy level before performing a deactivate or delete operation
at the [edit forwarding-options] hierarchy level.
Configuring Traffic Sampling Output
To configure traffic sampling output, include the following statements at the [edit
forwarding-options sampling family (inet | inet6 | mpls) output] hierarchy level:
aggregate-export-interval seconds;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
extension-service service-name;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
Copyright © 2014, Juniper Networks, Inc. 63
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
To configure inline flow monitoring on MX Series routers, include the inline-jflow statement
at the [edit forwarding-options sampling instance instance-name family (inet | inet6 | mpls)
output] hierarchy level. Inline sampling exclusively supports a new format called IP_FIX
that uses UDP as the transport protocol. When you configure inline sampling, you must
include the version-ipfix statement at the [edit forwarding-options sampling instance
instance-name family (inet | inet6 | mpls) output flow-server address] hierarchy level and
also at the [edit services flow-monitoring] hierarchy level. For more information about
configuring inline flow monitoring, see “Configuring Inline Active flow Monitoring” on
page 78.
To direct sampled traffic to a flow-monitoring interface, include the interface statement.
The engine-id and engine-type statements specify the identity and type numbers of the
interface; they are dynamically generated based on the Flexible PIC Concentrator (FPC),
PIC, and slot numbers and the chassis type. The source-address statement specifies the
traffic source.
To configure flow sampling version 9 output, you need to include the template statement
at the [edit forwarding-options sampling output version9] hierarchy level. For information
on cflowd, see “Enabling Flow Aggregation” on page 86.
The aggregate-export-interval statement is described in “Configuring Discard Accounting”
on page 70, and the flow-active-timeout and flow-inactive-timeout statements are
described in “Configuring Flow Monitoring” on page 6.
Traffic sampling results are automatically saved to a file in the/var/tmp directory. To
collect the sampled packets in a file, include the file statement at the [edit
forwarding-options sampling family inet output] hierarchy level:
file {
disable;
filename filename;
files number;
64 Copyright © 2014, Juniper Networks, Inc.
Chapter 6: Sampling Data Using Traffic Sampling and Discard Accounting
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
Traffic Sampling Output Format
Traffic sampling output is saved to an ASCII text file. The following is an example of the
traffic sampling output that is saved to a file in the/var/tmp directory. Each line in the
output file contains information for one sampled packet. You can optionally display a
timestamp for each line.
The column headers are repeated after each group of 1000 packets.
# Apr 7 15:48:50
Time Dest Src Dest Src Proto TOS Pkt Intf IP TCP
addr addr port port len num frag flags
Apr 7 15:48:54 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:55 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:56 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:57 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:58 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
To set the timestamp option for the file my-sample, enter the following:
[edit forwarding-options sampling output file]
user@host# set filename my-sample files 5 size 2m world-readable stamp;
Whenever you toggle the timestamp option, a new header is included in the file. If you
set the stamp option, the Time field is displayed.
# Apr 7 15:48:50
# Time Dest Src Dest Src Proto TOS Pkt Intf IP TCP
# addr addr port port len num frag flags
# Feb 1 20:31:21
# Dest Src Dest Src Proto TOS Pkt Intf IP TCP
# addr addr port port len num frag flags
Tracing Traffic Sampling Operations
Tracing operations track all traffic sampling operations and record them in a log file in
the/var/log directory. By default, this file is named /var/log/sampled. The default file
size is 128K, and 10 files are created before the first one gets overwritten.
To trace traffic sampling operations, include the traceoptions statement at the [edit
forwarding-options sampling] hierarchy level:
traceoptions {
no-remote-trace;
file filename <files number> <size bytes> <match expression> <world-readable |
no-world-readable>;
}
Copyright © 2014, Juniper Networks, Inc. 65
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Traffic Sampling Examples
The following sections provide examples of configuring traffic sampling:
• Example: Sampling a Single SONET/SDH Interface on page 66
• Example: Sampling All Traffic from a Single IP Address on page 67
• Example: Sampling All FTP Traffic on page 68
Example: Sampling a Single SONET/SDH Interface
The following configuration gathers statistical sampling information from a small
percentage of all traffic on a single SONET/SDH interface and collects it in a file named
sonet-samples.txt.
Create the filter:
[edit firewall family inet]
filter {
input sample-sonet {
then {
sample;
accept;
}
}
}
Apply the filter to the SONET/SDH interface:
[edit interfaces]
so-0/0/1 {
unit 0 {
family inet {
filter {
input sample-sonet;
}
address 10.127.68.254/32 {
destination 172.16.74.7;
}
}
}
}
Finally, configure traffic sampling:
[edit forwarding-options]
sampling {
input {
family inet {
rate 100;
run-length 2;
}
}
family inet {
output {
file {
66 Copyright © 2014, Juniper Networks, Inc.
Chapter 6: Sampling Data Using Traffic Sampling and Discard Accounting
filename sonet-samples.txt;
files 40;
size 5m;
}
}
}
}
Example: Sampling All Traffic from a Single IP Address
The following configuration gathers statistical information about every packet entering
the router on a specific Gigabit Ethernet port originating from a single source IP address
of 172.16.92.31, and collects it in a file named samples-172-16-92-31.txt.
Create the filter:
[edit firewall family inet]
filter one-ip {
term get-ip {
from {
source-address 172.16.92.31;
}
then {
sample;
accept;
}
}
}
Apply the filter to the Gigabit Ethernet interface:
[edit interfaces]
ge-4/1/1 {
unit 0 {
family inet {
filter {
input one-ip;
}
address 10.45.92.254;
}
}
}
Finally, gather statistics on all the candidate samples; in this case, gather all statistics:
[edit forwarding-options]
sampling {
input {
family inet {
rate 1;
}
}
family inet {
output {
file {
filename samples-172-16-92-31.txt;
files 100;
Copyright © 2014, Juniper Networks, Inc. 67
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
size 100k;
}
}
}
}
Example: Sampling All FTP Traffic
The following configuration gathers statistical information about a moderate percentage
of packets using the FTP data transfer protocol in the output path of a specific T3
interface, and collects the information in a file named t3-ftp-traffic.txt.
Create a filter:
[edit firewall family inet]
filter ftp-stats {
term ftp-usage {
from {
destination-port [ftp ftp-data];
}
then {
sample;
accept;
}
}
}
Apply the filter to the T3 interface:
[edit interfaces]
t3-7/0/2 {
unit 0 {
family inet {
filter {
input ftp-stats;
}
address 10.35.78.254/32 {
destination 10.35.78.4;
}
}
}
}
Finally, gather statistics on 10 percent of the candidate samples:
[edit forwarding-options]
sampling {
input {
family inet {
rate 10;
}
}
family inet {
output {
file {
filename t3-ftp-traffic.txt;
files 50;
68 Copyright © 2014, Juniper Networks, Inc.
Chapter 6: Sampling Data Using Traffic Sampling and Discard Accounting
size 1m;
}
}
}
}
Related • Traffic Sampling, Forwarding, and Monitoring Overview
Documentation
• Sampling Instance Configuration on page 69
Sampling Instance Configuration
You can configure active sampling by defining a sampling instance that specifies a name
for the sampling parameters and bind the instance name to an FPC, MPC, or DPC. This
configuration enables you to define multiple named sampling parameter sets associated
with multiple destinations and protocol families per sampling destination. With the
cflowd version 5 and version 8 and flow aggregation version 9, you can use templates
to organize the data gathered from sampling.
To implement this feature, you include the instance statement at the [edit
forwarding-options sampling] hierarchy level.
The following considerations apply to the sampling instance configuration:
• This configuration is supported on the IP version 4 (inet), IP version 6 (ipv6), and MPLS
protocol families.
• You can configure the router to perform sampling in either of two locations:
• On the Routing Engine, using the sampled process. To select this method, use a filter
(input or output) with a matching term that contains the then sample statement.
• On the Monitoring Services, Adaptive Services, or Multiservices PIC. Specify the
interface name at the [forwarding-options sampling instance instance-name family
inet output interface] hierarchy level. You can configure the same or different services
PICs in a set of sampling instances.
• You can configure the rate and run-length options at the [edit forwarding-options
sampling input] hierarchy level to apply common values for all families on a global
basis. Alternatively, you can configure these options at the [edit forwarding-options
sampling instance instance-name input] hierarchy level to apply specific values for each
instance or at the [edit forwarding-options sampling instance instance-name family
family input] hierarchy level to apply specific values for each protocol family you
configure.
• For MX Series devices with Modular Port Concentrators (MPCs), port-mirrored or
sampled packets can be truncated (or clipped) to any length in the range of 1 through
255 bytes. Only the values 1 to 255 are valid for packet truncation on these devices.
For other devices, the range is from 0 through 9216. A maximum-packet-length value
of zero (0) represents that truncation is disabled, and the entire packet is mirrored or
sampled.
Copyright © 2014, Juniper Networks, Inc. 69
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
NOTE: The run-length and maximum-packet-length configuration statements
are not supported on MX80 routers.
To associate the defined instance with a particular FPC, MPC, or DPC, you include the
sampling-instance statement at the [edit chassis fpc number] hierarchy level, as in the
following example:
chassis {
fpc 2 {
sampling-instance samp1;
}
}
To associate a sampling instance with an FPC in the MX Series Virtual Chassis master
or backup router, use the sampling-instance instance-name statement at the [edit
chassis member member-number fpc slot slot-number] hierarchy level, where
member-number is 0 (for the master router) or 1 (for the backup router), and slot-number
is a number in the range 0 through 11.
Related • Traffic Sampling, Forwarding, and Monitoring Overview
Documentation
• Flow Monitoring Feature Guide for Routing Devices
• More Information About Flow Monitoring
• Configuring Active Flow Monitoring
• Configuring Flow Aggregation (cflowd)
• Configuring Traffic Sampling on page 59
• Example: Sampling Instance Configuration
• [edit forwarding-options sampling] Hierarchy Level
• Inline Flow Monitoring for Virtual Chassis Overview
Configuring Discard Accounting
Discard accounting is similar to traffic sampling, but varies from it in two ways:
• In discard accounting, the packet is intercepted by the monitoring PIC and is not
forwarded to its destination.
• Traffic sampling allows you to limit the number of packets sampled by configuring the
max-packets-per-second, rate, and run-length statements. Discard accounting does
not provide these options, and a high packet count can potentially overwhelm the
monitoring PIC.
A discard instance is a named entity that specifies collector information under the
accounting name statement. Discard instances are referenced in firewall filter term
statements by including the then discard accounting name statement.
70 Copyright © 2014, Juniper Networks, Inc.
Chapter 6: Sampling Data Using Traffic Sampling and Discard Accounting
Most of the other statements are also found at the [edit forwarding-options sampling]
hierarchy level. For information on cflowd, see “Enabling Flow Aggregation” on page 86.
The flow-active-timeout and flow-inactive-timeout statements are described in
“Configuring Flow Monitoring” on page 6.
To direct sampled traffic to a flow-monitoring interface, include the interface statement.
The engine-id and engine-type statements specify the accounting interface used on the
traffic, and the source-address statement specifies the traffic source.
You cannot use rate-limiting with discard accounting; however, you can specify the
duration of the interval for exporting aggregated accounting information by including the
aggregate-export-interval statement in the configuration. This enables you to put a
boundary on the amount of traffic exported to a flow-monitoring interface.
Related • Enabling Flow Aggregation on page 86
Documentation
• Configuring Flow Monitoring on page 6
Copyright © 2014, Juniper Networks, Inc. 71
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
72 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 7
Sampling Data Using Inline Sampling
• Understanding Inline Active Flow Monitoring on page 73
• Configuring Inline Active flow Monitoring on page 78
• Configuring Inline Active Flow Monitoring on MX80 Routers on page 82
Understanding Inline Active Flow Monitoring
This topic provides an overview of the inline active flow monitoring feature and IPFIX and
Version 9 flow collection templates used for inline active flow monitoring.
This topic contains the following sections:
• Inline Active Flow Monitoring on page 73
• Inline Active Flow Monitoring Limitations and Restrictions on page 74
• IPFIX and Version 9 Templates on page 75
Inline Active Flow Monitoring
The inline active flow monitoring is implemented on the Packet Forwarding Engine. All
the functions like flow creation, flow update, and flow records export are done by the
Packet Forwarding Engine. The flow records are sent out in industry standard IPFIX format.
Inline active flow monitoring provides for higher scalability and performance as the scaling
and performance are not dependent on the capacity of the services interface. It is also
cost effective in more than one way as there is no need to invest in additional hardware
or to dedicate a PIC slot for the services PIC. You can make full use of the available slots
for handling traffic on the device.
Junos OS Release 13.2 extends inline active flow monitoring support to VPLS flows. Now,
you can configure inline active flow monitoring for IPv4, IPv6, and VPLS traffic.
The inline active flow monitoring configuration can be broadly classified into four
categories:
1. Configurations at the [edit services flow-monitoring] hierarchy level—At this level, you
configure the template properties for inline flow monitoring.
2. Configurations at the [edit forwarding-options] hierarchy level—At this level, you
configure a sampling instance and associate the template (configured at the [edit
Copyright © 2014, Juniper Networks, Inc. 73
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
services flow-monitoring] hierarchy level) with the sampling instance. At this level,
you also configure the flow-server IP address and port number as well as the flow
export rate.
3. Configurations at the [edit chassis] hierarchy level—At this level, you associate the
sampling instance with the FPC on which the media interface is present. If you are
configuring sampling of IPv6 flows, you must also specify the flow hash table size.
4. Configurations at the [edit firewall] hierarchy level—At this level you configure a firewall
filter for the family of traffic to be sampled. You must attach this filter to the interface
on which you want to sample the traffic.
Inline active flow monitoring supports version 9 and IPFIX flow collection templates.
Support for version 9 template was introduced in Junos OS Release 13.2, and is limited
to IPv4 flows. IPFIX template is supported for IPv4, IPv6, and VPLS flows. IPFIX template
uses UDP as the transport protocol, whereas version 9 is transport protocol-independent.
Before you configure inline active flow monitoring, you should ensure that you have
adequately-sized hash tables for IPv4 and IPv6 flow sampling. These tables can use one
to fifteen 256k areas, and each table is assigned a default value of one such area. When
anticipated traffic volume requires larger tables, allocate larger tables.
Inline Active Flow Monitoring Limitations and Restrictions
The following limitations and restrictions apply to the inline active flow monitoring feature
in Junos OS:
• You can configure inline active flow monitoring only on MX Series routers with
Trio-based line cards and T4000 routers with Type 5 FPCs.
• You can apply Version 9 flow template only to IPv4 traffic.
• You can configure only one sampling instance on an Flexible PIC Concentrator (FPC).
• You can configure only one type of sampling–either PIC-based sampling or inline
sampling–per family in a sampling instance. However, you can configure PIC-based
and inline sampling for different families in a sampling instance.
• You can configure only one collector for inline active flow monitoring.
• The following considerations apply to the inline flow-monitoring instance configuration:
• Sampling run-length and clip-size are not supported.
• For inline configurations, each family can support only one collector.
• The user-defined sampling instance gets precedence over the global instance. When
a user-defined sampling instance is attached to the FPC, the global instance is
removed from the FPC and the user-defined sampling instance is applied to the FPC.
• On routers with Multiservices PICs or Multiservices DPCs, all fragments of a fragmented
IPv4 packet other than the first fragment of the packet are processed accurately by
the flow monitoring application running on MS-PIC or MS-DPC. The flow monitoring
mechanism handles such fragments accurately by setting the layer 4 related fields in
the associated flows to zero.
74 Copyright © 2014, Juniper Networks, Inc.
Chapter 7: Sampling Data Using Inline Sampling
• Flow records and templates cannot be exported if the flow collector is reachable
through any management interface.
• The flow collector should be reachable through the default routing table (inet.0 or
inet6.0). If the flow collector is reachable via a non-default VPN routing and forwarding
table (VRF), flow records and templates cannot be exported.
NOTE: Starting with Junos OS Release 13.3, you can configure the flow
collector to be reachable through non-default VRF instances apart from
being reachable over the default VRF instance. Flow records and templates
can be exported even with non-default VRF instances.
• If the destination of the sampled flow is reachable through multiple paths, the
IP_NEXT_HOP (Element ID 15) and OUTPUT_SNMP (Element ID 14) in the IPv4 flow
record would be set to the Gateway Address and SNMP Index of the first path seen in
the forwarding table.
• If the destination of the sampled flow is reachable through multiple paths, the
IP_NEXT_HOP(Element ID 15) and OUTPUT_SNMP (Element ID 14) in the IPv6 flow
records would be set to 0.
• The Incoming Interface (IIF) and Outgoing Interface (OIF) should be part of the same
VRF. If OIF is in a different VRF, DST_MASK (Element ID 13), DST_AS (Element ID 17),
IP_NEXT_HOP (Element ID 15), and OUTPUT_SNMP (Element ID 14) would be set to
0 in the flow records.
• Each Lookup Chip (LU) maintains and exports flows independent of other LUs. Traffic
received on a media interface is distributed across all LUs in a multi-LU platform. It is
likely that a single flow will be processed by multiple LUs. Therefore, each LU creates
a unique flow and exports it to the flow collector. This can cause duplicate flows records
to be seen on the flow collector. The flow collector should aggregate PKTS_COUNT
and BYTES_COUNT for duplicate flow records to derive a single flow record.
IPFIX and Version 9 Templates
The following sections list the fields included in IPFIX and Version 9 templates.
Fields Included in the IPFIX IPv4 Template
• IPv4 Source Address
• IPv4 Destination Address
• IPv4 TOS
• IPv4 Protocol
• L4 Source Port
• L4 Destination Port
• ICMP Type and Code
• Input Interface
Copyright © 2014, Juniper Networks, Inc. 75
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• VLAN ID
• IPv4 Source Mask
• IPv4 Destination Mask
• Source AS
• Destination AS
• IPv4 Next Hop Address
• TCP Flags
Output Interface
• Number of Flow Bytes
• Number of Flow Packets
• Minimum TTL (time to live)
• Maximum TTL (time to live)
• Flow Start Time
• Flow End Time
• Flow End Reason
• 802.1Q VLAN identifier (dot1qVlanId)
• 802.1Q Customer VLAN identifier (dot1qCustomerVlanId)
Fields Included in the IPFIX IPv6 Template
• IPv6 Source Address
• IPv6 Destination Address
• IPv6 TOS
• IPv6 Protocol
• L4 Source Port
• L4 Destination Port
• ICMP Type and Code
• Input Interface
• VLAN ID
• IPv6 Source Mask
• IPv6 Destination Mask
• Source AS
• Destination AS
• IPv6 Next Hop Address
• TCP Flags
76 Copyright © 2014, Juniper Networks, Inc.
Chapter 7: Sampling Data Using Inline Sampling
Output Interface
• Number of Flow Bytes
• Number of Flow Packets
• Minimum Hop Limits
• Maximum Hop Limits
• Flow Start Time
• Flow End Time
• Flow End Reason
• 802.1Q VLAN identifier (dot1qVlanId)
• 802.1Q Customer VLAN identifier (dot1qCustomerVlanId)
Fields Included in the Version 9 IPv4 Template
• IPv4 Source Address
• IPv4 Destination Address
• IPv4 TOS
• IPv4 Protocol
• L4 Source Port
• L4 Destination Port
• ICMP Type and Code
• Input Interface
• VLAN ID
• IPv4 Source Mask
• IPv4 Destination Mask
• Source AS
• Destination AS
• IPv4 Next Hop Address
• BGP IPv4 Next Hop Address
• TCP Flags
Output Interface
• Number of Flow Bytes
• Number of Flow Packets
• Time when the first packet of the flow was switched.
• Time when the last packet of flow was switched.
• Internet Protocol Version
Copyright © 2014, Juniper Networks, Inc. 77
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Configuring Inline Active Flow Monitoring
Documentation
• Configuring Inline Active Flow Monitoring on MX80 Routers on page 82
Configuring Inline Active flow Monitoring
The inline active flow monitoring is implemented on the Packet Forwarding Engine. All
the functions like flow creation, flow update, and flow records export are done by the
Packet Forwarding Engine. The flow records are sent out in industry standard IPFIX format.
The inline active flow monitoring configuration can be broadly classified into four
categories:
1. Configurations at the [edit services flow-monitoring] hierarchy level—At this level, you
configure the template properties for inline flow monitoring.
2. Configurations at the [edit forwarding-options] hierarchy level—At this level, you
configure a sampling instance and associate the template (configured at the [edit
services flow-monitoring] hierarchy level) with the sampling instance. At this level,
you also configure the flow-server IP address and port number as well as the flow
export rate.
3. Configurations at the [edit chassis] hierarchy level—At this level, you associate the
sampling instance with the FPC on which the media interface is present. If you are
configuring sampling of IPv6 flows, you mThe template properties inlucdust also
specify the flow hash table size.
4. Configurations at the [edit firewall] hierarchy level—At this level you configure a firewall
filter for the family of traffic to be sampled. You must attach this filter to the interface
on which you want to sample the traffic.
Before you configure inline active flow monitoring, you should ensure that you have
adequately-sized hash tables for IPv4 and IPv6 flow sampling. These tables can use one
to fifteen 256k areas, and each table is assigned a default value of one such area. When
anticipated traffic volume requires larger tables, allocate larger tables.
78 Copyright © 2014, Juniper Networks, Inc.
Chapter 7: Sampling Data Using Inline Sampling
NOTE: For Junos OS releases earlier than Release 12.1, the following points
are applicable for supporting backward compatibility when you configure
the IPv4 and IPv6 flow table sizes for inline active flow monitoring:
• If you do not configure the flow-table-size statement at the [edit chassis
fpc slot-number inline-services] hierarchy level, fifteen 256K entries are
allocated by default for the IPv4 flow table and one 1K entry is allocated
by default for the IPv6 flow table on the Packet Forwarding Engine.
• If you configure the ipv4-flow-table-size size statement at the [edit chassis
fpc slot-number inline-services flow-table-size] hierarchy level and if you do
not configure the ipv6-flow-table-size size statement at the [edit chassis
fpc slot-number inline-services flow-table-size] hierarchy level, the number
of units of 256K entries that you configure for the IPv4 flow table is
allocated. For the IPv6 flow table, a default size of one 1K entry is allocated
on the Packet Forwarding Engine.
• If you do not configure the ipv4-flow-table-size size statement at the [edit
chassis fpc slot-number inline-services flow-table-size] hierarchy level and
if you configure the ipv6-flow-table-size size statement at the [edit chassis
fpc slot-number inline-services flow-table-size] hierarchy level, the number
of units of 256K entries that you configure for the IPv6 flow table is
allocated. For the IPv4 flow table, a default size of one 1K entry is allocated
on the Packet Forwarding Engine.
• If you configure the sizes of both the IPv4 and IPv6 flow tables, the flow
tables are created on the Packet Forwarding Engine based on the size that
you specified.
NOTE: The functionality to log the cflowd records in a log file before they are
exported to a cflowd server (by including the local-dump statement at the
[edit forwarding-options sampling instance instance-name family (inet |inet6
|mpls) output flow-server hostname] hierarchy level) is not supported when
you configure inline flow monitoring (by including the inline-jflow statement
at the [edit forwarding-options sampling instance instance-name family inet
output] hierarchy level).
To allocate IPv4 and IPv6 flow hash tables:
1. Go to the flow-table-size hierarchy level for inline services on the FPC that processes
the monitored flows.
[edit]
user@host# edit chassis fpc 0 inline-services flow-table-size
2. Specify the required sizes for the sampling hash tables.
[edit chassis fpc 0 inline-services flow-table-size]
user@host# set ipv4-flow-table-size 5
user@host# set ipv6-flow-table-size 5
Copyright © 2014, Juniper Networks, Inc. 79
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
NOTE: When you set the flow hash table sizes, remember:
• Any change in the configured size of flow hash table sizes initiates an
automatic reboot of the FPC.
• The total number of units used for both IPv4 and IPv6 cannot exceed
15.
To configure inline active flow monitoring on all other MX Series routers (except for MX80
routers), EX Series switches, and T4000 routers with Type 5 FPC:
1. Enable inline active flow monitoring and specify the source address for the traffic.
[edit forwarding-options sampling instance instance-name family inet output]
user@host# set inline-jflow source address address
2. Specify the IP_FIX output format.
[edit forwarding-options sampling instance instance-name family inet output flow-server
address]
user@host# set version-ipfix template ipv4
3. Specify the output properties.
[edit services flow-monitoring]
user@host# set version-ipfix
The output format properties are common to other output formats and are described
in ““Configuring Flow Aggregation to Use IPFIX Flow Templates” on page 101”.
The following is an example of the sampling configuration for an instance that supports
inline active flow monitoring on family inet and PIC-based sampling on family inet6:
[edit forwarding-options]
sampling {
instance {
sample-ins1 {
input {
rate 1;
}
family inet {
output {
flow-server 2.2.2.2 {
port 2055;
version-ipfix {
template {
ipv4;
}
}
}
inline-jflow {
source-address 10.11.12.13;
}
}
}
80 Copyright © 2014, Juniper Networks, Inc.
Chapter 7: Sampling Data Using Inline Sampling
family inet6 {
output {
flow-server 2.2.2.2 {
port 2055;
version-ipfix {
template {
ipv6;
}
}
}
interface sp-0/1/0 {
source-address 10.11.12.13;
}
}
}
}
}
}
The following example shows the output format configuration:
services {
flow-monitoring {
version-ipfix {
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
ipv4-template;
template-refresh-rate {
packets 1000;
seconds 10;
}
option-refresh-rate {
packets 1000;
seconds 10;
}
}
}
}
}
The following considerations apply to the inline flow-monitoring instance configuration:
• Sampling run-length and clip-size are not supported.
• For inline configurations, each family can support only one collector.
NOTE: On routers with Multiservices PICs or Multiservices DPCs, all fragments
of a fragmented IPv4 packet other than the first fragment of the packet are
processed accurately by the flow monitoring application running on MS-PIC
or MS-DPC. The flow monitoring mechanism handles such fragments
accurately by setting the layer 4 related fields in the associated flows to zero.
Copyright © 2014, Juniper Networks, Inc. 81
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Configuring Inline Active Flow Monitoring on MX80 Routers on page 82
Documentation
• inline-jflow on page 302
Configuring Inline Active Flow Monitoring on MX80 Routers
To configure inline active flow monitoring on MX80 routers:
1. Associate a sampling instance with the Forwarding Engine Processor.
[edit]
user@host# set chassis tfeb slot number sampling-instance sampling-instance
The Forwarding Engine Processor slot is always 0 because MX80 routers have only
one Packet Forwarding Engine. In this configuration, the sampling instance is
sample-ins1.
[edit]
user@host# set chassis tfeb slot 0 sampling-instance sample-ins1
NOTE: MX80 routers support only one sampling instance.
2. Under forwarding-options, configure a sampling instance for the flow server and inline
jflow instances (these will be configured in the following steps):
[edit forwarding-options sampling]
user@host# edit instance inline_sample
3. Configure the rate at the [edit forwarding-options sampling instance instance-name
input] hierarchy level to apply specific values for the sampling instance sample-ins1.
[edit forwarding-options sampling instance sample-ins1 input]
user@host# set rate number
In this configuration, the rate is 1000.
[edit forwarding-options sampling instance sample-ins1 input]
user@host# set rate 1000
4. Navigate to the output hierarchy and from there, enable a flow server and then specify
the output address and port:
[edit] forwarding-options sampling instance inline_sample family inet output]
user@host# edit flow-server address
[edit forwarding-options sampling instance inline_sample family inet output flow-server
<address>]
user@host# set port number
5. Return to the output hierarchy and specify the source address for inline jflow:
[edit forwarding-options sampling instance sample-ins1 family inet output]
user@host# set inline-jflow source-address address
In this configuration, the source address is 10.11.12.13.
[edit forwarding-options sampling instance sample-ins1 family inet output]
82 Copyright © 2014, Juniper Networks, Inc.
Chapter 7: Sampling Data Using Inline Sampling
user@host# set inline-jflow source-address 10.11.12.13
6. Specify the output properties.
[edit services flow-monitoring]
user@host# set version-ipfix
The output format properties are common to other output formats and are described
in ““Configuring Flow Aggregation to Use IPFIX Flow Templates” on page 101”.
The following is an example of the sampling configuration for an instance that supports
inline active flow monitoring on MX80 routers:
[edit forwarding-options]
user@host# show
sampling {
instance {
sample-ins1 {
input {
rate 1000;
}
family inet {
flow-server 133..13.13.122{
port 1333;
inline-jflow {
source-address 10.11.12.13;
}
}
}
}
}
NOTE: You need not configure a Flexible PIC Concentrator (FPC) slot because
MX80 routers have only one Packet Forwarding Engine.
The following considerations apply to the inline flow-monitoring instance configuration:
• This configuration does not support MPLS-IPv6.
• Clip-size is not supported.
Related • Configuring Flow Aggregation to Use IPFIX Flow Templates on page 101
Documentation
• Configuring Inline Active flow Monitoring on page 78
• inline-jflow on page 302
Copyright © 2014, Juniper Networks, Inc. 83
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
84 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 8
Sampling Data Using Flow Aggregation
• Understanding Flow Aggregation on page 85
• Enabling Flow Aggregation on page 86
• Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd on page 86
• Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
• Configuring Flow Aggregation to Use IPFIX Flow Templates on page 101
• Configuring Observation Domain ID and Source ID for Version 9 and IPFIX
Flows on page 106
• Configuring Template ID and Options Template ID for Version 9 and IPFIX
Flows on page 109
• Inclusion of Fragmentation Identifier and IPv6 Extension Header Elements in IPFIX
Templates on page 114
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Logging cflowd Flows Before Export on page 118
Understanding Flow Aggregation
You can collect an aggregate of sampled flows and send the aggregate to a specified
host that runs either the cflowd application available from CAIDA (http://www.caida.org)
or the newer version 9 format defined in RFC 3954, Cisco Systems NetFlow Services Export
Version 9. Before you can perform flow aggregation, the routing protocol process must
export the autonomous system (AS) path and routing information to the sampling
process.
By using flow aggregation, you can obtain various types of byte and packet counts of
flows through a router. The application collects the sampled flows over a period of 1
minute. At the end of the minute, the number of samples to be exported are divided over
the period of another minute and are exported over the course of the same minute.
You configure flow aggregation in different ways, depending on whether you want to
export flow records in cflowd version 5 or 8 format, or the separate version 9 format. The
latter allows you to sample MPLS, IPv4, IPv6, and peer AS billing traffic. You can also
combine configuration statements between the MPLS and IPv4 formats.
Copyright © 2014, Juniper Networks, Inc. 85
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
NOTE: When PIC-based sampling is enabled, collection of flow statistics for
sampled packets on flows in virtual private networks (VPNs) is also
supported. No additional CLI configuration is required.
Related • Enabling Flow Aggregation on page 86
Documentation
• Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd on page 86
• Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Logging cflowd Flows Before Export on page 118
Enabling Flow Aggregation
Before you can perform flow aggregation, the routing protocol process must export the
autonomous system (AS) path and routing information to the sampling process. To
enable the export of AS path and the routing information to the sampling process, one
or more of the following needs to be configured:
• At the [edit forwarding-options] hierarchy level (for routing instances, at the [edit
routing-instance routing-instance-name forwarding-options] hierarchy level), configure
sampling family or sampling output or sampling instance or monitoring or accounting.
• At the [edit routing-options] hierarchy level (for routing instances, at the [edit
routing-instance routing-instance-name routing-options] hierarchy level), configure
route record.
• At the [edit chassis fpc slot-number pic pic-number adaptive-services service-package
extension-provider] hierarchy level, configure forwarding-db-size.
Related • Understanding Flow Aggregation on page 85
Documentation
• Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd on page 86
• Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Configuring Traffic Sampling on page 59
• Example: Configuring Active Flow Monitoring Version 9 for IPv6
• Logging cflowd Flows Before Export on page 118
Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd
To enable the collection of cflowd version 5 or version 8 flow formats, include the
flow-server statement:
flow-server hostname {
86 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
version format;
}
You can include this statement at the following hierarchy levels:
• [edit forwarding-options sampling family (inet | inet6 | mpls) output]
• [edit forwarding-options sampling instance instance-name output]
• [edit forwarding-options accounting name output cflowd hostname]
You must configure the family inet statement on logical interface unit 0 on the monitoring
interface, as in the following example:
[edit interfaces]
sp-3/0/0 {
unit 0 {
family inet {
...
}
}
}
NOTE: Boot images for monitoring services interfaces are specified at the
[edit chassis images pic] hierarchy level. You must enable the NTP client to
make the cflowd feature operable, by including the following configuration:
[edit system]
ntp {
boot-server ntp.juniper.net;
server 172.17.28.5;
}
processes {
ntp enable;
}
For more information, see the Junos OS Administration Library for Routing
Devices.
You can also configure cflowd version 5 for flow-monitoring applications by including
the cflowd statement at the [edit forwarding-options monitoring name family inet output]
hierarchy level:
Copyright © 2014, Juniper Networks, Inc. 87
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
cflowd hostname {
port port-number;
}
The following restrictions apply to cflowd flow formats:
• You can configure up to one version 5 and one version 8 flow format at the [edit
forwarding-options accounting name output] hierarchy level.
• You can configure up to eight version 5 or one version 8 flow format at the [edit
forwarding-options sampling family (inet | inet6 | mpls) output] hierarchy level for
Routing Engine-based sampling by including the flow-server statement. In contrast,
PIC-based sampling allows you to specify one cflowd version 5 server and one version
8 server simultaneously. However, the two cflowd servers must have different IP
addresses.
• You can configure up to eight version 5 flow formats at the [edit forwarding-options
monitoring name output] hierarchy level. Version 8 flow formats and aggregation are
not supported for flow-monitoring applications.
• Outbound Routing Engine traffic is not sampled. A firewall filter is applied as output
on the egress interface, which samples packets and exports the data. For transit traffic,
egress sampling works correctly. For internal traffic, the next hop is installed in the
Packet Forwarding Engine but sampled packets are not exported.
• Flows are created on the monitoring PIC only after the route record resynchronization
operation is complete, which is 60 seconds after the PIC comes up. Any packets sent
to the PIC would be dropped until the synchronization process is complete.
• The configuration includes a proprietary v5 extension template for supporting 4-byte
AS information in flow records. Its template version is set to 500, indicating it to be
proprietary. All other fields remain the same; the source AS and destination AS are
each 4 bytes long, rather than 2 bytes as in the traditional v5 template. This option is
available at the [edit forwarding-options sampling family inet output flow-server
server-name version] hierarchy level.
In the cflowd statement, specify the name or identifier of the host that collects the flow
aggregates. You must also include the User Datagram Protocol (UDP) port number on
the host and the version, which gives the format of the exported cflowd aggregates. To
collect cflowd records in a log file before exporting, include the local-dump statement.
NOTE: You can specify both host (cflowd) sampling and port mirroring in
the same configuration; however, only one action takes effect at any one
time. Port mirroring takes precedence. For more information, see “Configuring
Port Mirroring” on page 121.
For cflowd version 8 only, you can specify aggregation of specific types of traffic by
including the aggregation statement. This conserves memory and bandwidth by enabling
cflowd to export targeted flows rather than all aggregated traffic. To specify a flow type,
include the aggregation statement:
aggregation {
88 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
You can include this statement at the following hierarchy levels:
• [edit forwarding-options sampling family (inet | inet6 | mpls) output flow-server
hostname]
• [edit forwarding-options accounting name output cflowd hostname]
The autonomous-system statement configures aggregation by the AS number; this
statement might require setting the separate cflowd autonomous-system-type statement
to include either origin or peer AS numbers. The origin option specifies to use the origin
AS of the packet source address in the Source Autonomous System cflowd field. The
peer option specifies to use the peer AS through which the packet passed in the Source
Autonomous System cflowd field. By default, cflowd exports the origin AS number.
The destination-prefix statement configures aggregation by the destination prefix only.
The protocol-port statement configures aggregation by the protocol and port number;
requires setting the separate cflowd port statement.
The source-destination-prefix statement configures aggregation by the source and
destination prefix. Version 2.1b1 of CAIDA’s cflowd application does not record source
and destination mask length values in compliance with CAIDA’s cflowd Configuration
Guide, dated August 30, 1999. If you configure the caida-compliant statement, the Junos
OS complies with Version 2.1b1 of cflowd. If you do not include the caida-compliant
statement in the configuration, the Junos OS records source and destination mask length
values in compliance with the cflowd Configuration Guide.
The source-prefix statement configures aggregation by the source prefix only.
Collection of sampled packets in a local ASCII file is not affected by the cflowd statement.
The following commands enable RE- and PIC-based sampling at the set forwarding
options sampling hierarchy level:
• set input rate rate
• set input run-length length
• set family inet output flow-server flowcollector port udp port
• set family inet output flow-server flowcollectorno-local-dump
• set family inet output flow-server flowcollector version <5/8>
The following commands enable RE- and PIC-based sampling at the set interfaces
hierarchy level:
Copyright © 2014, Juniper Networks, Inc. 89
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• interface to be sampled unit unit family inet filter input/output filtername
The following commands enable RE- and PIC-based sampling at the set firewall family
hierarchy level:
• set inet filter filtername term 1 then count filternameing
• set inet filter filtername term 1 then sample
• set inet filter filtername term 1 then accept
The following command enables PIC-based sampling at the set forwarding options
sampling hierarchy level:
• set family inet output interface sp-*/*/* source address source address
The following example shows a PIC-based flow aggregation configuration using version
5:
family inet {
output {
flow-inactive-timeout 15;
flow-active-timeout 60;
flow-server 153.104.248.37 {
port 9996;
version 5;
}
interface sp-2/2/0 {
engine-id 4;
source-address 153.104.0.254;
}
}
The following example shows an RE-based flow aggregation configuration using version
5:
family inet {
output {
flow-inactive-timeout 15;
flow-active-timeout 60;
flow-server 153.104.248.37 {
port 9996;
source-address 153.104.0.254;
version 5;
}
}
Related • Understanding Flow Aggregation on page 85
Documentation
• Enabling Flow Aggregation on page 86
• Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
• Configuring Flow Aggregation to Use IPFIX Flow Templates on page 101
90 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
Configuring Flow Aggregation to Use Version 9 Flow Templates
Use of version 9 allows you to define a flow record template suitable for IPv4 traffic, IPv6
traffic, MPLS traffic, a combination of IPv4 and MPLS traffic, or peer AS billing traffic.
Templates and the fields included in the template are transmitted to the collector
periodically, and the collector need not be aware of the router configuration.
NOTE: Version 9 requires that you install a services PIC, such as the Adaptive
Services PIC or Multiservices PIC in the router. On MX Series routers, the
Multiservices DPC fulfills this requirement. For more information on
determining which services PIC is suitable for your router, see Enabling Service
Packages or the appropriate hardware documentation.
NOTE: If multiple protocol families are configured for a particular flow
collector, the export packets will originate from multiple Source IDs, with
each Source ID corresponding to a particular protocol. The multiple Source
IDs do not indicate that the export packets are originating from multiple
Service PICs.
The following sections contain additional information:
• Configuring the Traffic to Be Sampled on page 91
• Configuring the Version 9 Template Properties on page 92
• Customizing Template ID, Observation Domain ID, and Source ID for Version 9 flow
Templates on page 93
• Restrictions on page 94
• Fields Included in Each Template Type on page 95
• MPLS Sampling Behavior on page 96
• Verification on page 97
• Examples: Configuring Version 9 Flow Templates on page 97
Configuring the Traffic to Be Sampled
To specify sampling of IPv4, IPv6, MPLS, or peer AS billing traffic, include the appropriate
configuration of the family statement at the [edit forwarding-options sampling] hierarchy
level:
[edit forwarding-options]
sampling {
family (inet | inet6 | mpls);
}
You can include family inet ,family inet6, or family mpls.
Copyright © 2014, Juniper Networks, Inc. 91
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
NOTE: If you specify sampling for peer AS billing traffic, the family statement
supports only IPv4 and IPv6 traffic (inet or inet6). Peer AS billing traffic is
enabled only at the global instance hierarchy level and is not available for
per Packet Forwarding Engine instances.
After you specify the family of traffic to be sampled, configure the sampling parameters
such as the maximum packet length (beyond which the packets are truncated). maximum
packets to be sampled per second (beyond which the packets are dropped), the rate
(for example, if you specify 10, every 10th packet is sampled), and run length (which
specify the number of packets to be sampled after the trigger; that is if the rate is set to
10 and run-length to 5, five packets starting the 10th packet are sampled).
[edit forwarding-options sampling]
input {
maximum-packet-length bytes
max-packets-per-second number;
rate number;
run-length number;
}
Configuring the Version 9 Template Properties
To define the version 9 templates, include the following statements at the [edit services
flow-monitoring version9] hierarchy level:
[edit services flow-monitoring version9]
template name {
options-template-id
template-id
source-id
flow-active-timeout seconds;
flow-inactive-timeout seconds;
option-refresh-rate packets packets seconds seconds;
template-refresh-rate packets packets seconds seconds;
(ipv4-template | ipv6-template | mpls-ipv4-template | mpls-template |
peer-as-billing-template) {
label-position [ positions ];
}
}
The following details apply to the configuration statements:
• You assign each template a unique name by including the template name statement.
• You then specify each template for the appropriate type of traffic by including the
ipv4-template, ipv6–template, mpls-ipv4-template, mpls-template, or
peer-as-billing-template.
• If the template is used for MPLS traffic, you can also specify up to three label positions
for the MPLS header label data by including the label-position statement; the default
values are [1 2 3].
92 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
• Within the template definition, you can optionally include values for the
flow-active-timeout and flow-inactive-timeout statements. These statements have
specific default and range values when they are used in template definitions; the default
is 60 seconds and the range is from 10 through 600 seconds. Values you specify in
template definitions override the global timeout values configured at the [edit
forwarding-options sampling family (inet | inet6 | mpls) output flow-server] hierarchy
level.
• You can also include settings for the option-refresh-rate and template-refresh-rate
statements within a template definition. For both of these properties, you can include
a timer value (in seconds) or a packet count (in number of packets). For the seconds
option, the default value is 60 and the range is from 10 through 600. For the packets
option, the default value is 4800 and the range is from 1 through 480,000.
• To filter IPV6 traffic on a media interface, the following configuration is supported:
interfaces interface-name {
unit 0 {
family inet6 {
sampling {
input;
output;
}
}
}
}
Customizing Template ID, Observation Domain ID, and Source ID for Version 9 flow Templates
Use of version 9 and IPFIX allows you to define a flow record template suitable for IPv4
traffic, IPv6 traffic, MPLS traffic, a combination of IPv4 and MPLS traffic, or peer AS billing
traffic. Templates and the fields included in the template are transmitted to the collector
periodically, and the collector need not be aware of the router configuration. Starting
with Junos OS Release 14.1, you can specify the unique identifier for the version 9 and
IPFIX templates. The identifier of a template is locally unique within a combination of a
transport session and an observation domain. Template IDs 0 through 255 are reserved
for template sets, options template sets, and other sets for future use. Template IDs of
data sets are numbered from 256 through 65535. Typically, this information element or
field in the template is used to define the characteristics or properties of other information
elements in a template. After a restart of the export process of templates is performed,
template IDs can be reassigned. In Junos OS releases earlier than Release 14.1, template
IDs and options template IDs were predefined for each address family and could not be
modified.
This functionality to configure template ID, options template ID, observation domain ID,
and source ID is supported on all routers with MPCs (Trio chip-based FPCs).
The following values were assigned by default for the template IDs of IPFIX templates
for the different protocols or address families, until Junos OS Release 13.3:
• IPv4 flow template ID—256
• IPv6 flow template ID—257
Copyright © 2014, Juniper Networks, Inc. 93
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• VPLS flow template ID—258
• Options template ID for all address families—512
The corresponding data sets and option data sets contain the value of the template IDs
and options template IDs respectively in the set ID field. This method enables the collector
to match a data record with a template record.
For more information about specifying the source ID, observation domain ID, template
ID, and options template ID for version 9 and IPFIX flows, see “Configuring Observation
Domain ID and Source ID for Version 9 and IPFIX Flows” on page 106 and “Configuring
Template ID and Options Template ID for Version 9 and IPFIX Flows” on page 109.
Restrictions
The following restrictions apply to version 9 templates:
• You cannot apply the two different types of flow aggregation configuration (cflowd
version 5/8 and flow aggregation version 9) at the same time.
• Flow export based on an mpls-ipv4 template assumes that the IPv4 header follows
the MPLS header. In the case of Layer 2 VPNs, the packet on the provider router (P
router) would look like this:
MPLS | Layer 2 Header | IPv4
In this case, mpls-ipv4 flows are not created on the PIC, because the IPv4 header does
not directly follow the MPLS header. Packets are dropped on the PIC and are accounted
as parser errors.
• Outbound Routing Engine traffic is not sampled. A firewall filter is applied as output
on the egress interface, which samples packets and exports the data. For transit traffic,
egress sampling works correctly. For internal traffic, the next hop is installed in the
Packet Forwarding Engine but sampled packets are not exported.
• Flows are created on the monitoring PIC only after the route record resynchronization
operation is complete, which is 60 seconds after the PIC comes up. Any packets sent
to the PIC would be dropped until the synchronization process is complete.
NOTE: "Because the forwarding of a packet that arrives with MPLS labels is
performed based on the MPLS label and not based on the IP address
contained in the packet, the packet is sampled at the output interface with
the MPLS label that was popped not being available at the time of sampling.
In such a case, depending on the incoming interface (IIF), the VRF index is
identified and the route for the sampled packet is determined in the VRF
table. Because a specific route is not available in the VRF that is different
from the VRF on which the packet is received, the Output Interface Index,
Source Mask, and Destination Mask fields are incorrectly populated. This
behavior occurs when an IPv4 template is applied as a firewall filter on an
egress interface with sample as the action."
94 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
Fields Included in Each Template Type
The following fields are common to all template types:
• Input interface
• Output interface
• Number of bytes
• Number of packets
• Flow start time
• Flow end time
The IPv4 template includes the following specific fields:
• IPv4 Source Address
• IPv4 Destination Address
• L4 Source Port
• L4 Destination Port
• IPv4 TOS
• IPv4 Protocol
• ICMP type and code
• TCP Flags
• IPv4 Next Hop Address
• Source autonomous system (AS) number
• Destination AS number
The IPv6 template includes the following specific fields:
• IPv6 Source Address and Mask
• IPv6 Destination Address and Mask
• L4 Source Port
• L4 Destination Port
• IPv6 TOS
• IPv6 Protocol
• TCP Flags
• IP Protocol Version
• IPv6 Next Hop Address
• Egress Interface Information
Copyright © 2014, Juniper Networks, Inc. 95
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• Source Autonomous System (AS) number
• Destination AS number
The MPLS template includes the following specific fields:
• MPLS Label #1
• MPLS Label #2
• MPLS Label #3
• MPLS EXP Information
• FEC IP Address
The MPLS-IPv4 template includes all the fields found in the IPv4 and MPLS templates.
The peer AS billing template includes the following specific fields:
• IPV4 Class of Service (TOS)
• Ingress Interface
• BGP IPV4 Next Hop Address
• BGP Peer Destination AS Number
MPLS Sampling Behavior
This section describes the behavior when MPLS sampling is used on egress interfaces in
various scenarios (label pop or swap) on provider routers (P routers). For more information
on configuration and background specific to MPLS applications, see the Junos OS MPLS
Applications Library for Routing Devices.
1. You configure MPLS sampling on an egress interface on the P router and configure
an MPLS flow aggregation template. The route action is label pop because penultimate
hop popping (PHP) is enabled.
Previously, IPv4 packets (only) would have been sent to the PIC for sampling even
though you configured MPLS sampling. No flows should be created, with the result
that the parser fails.
With the current capability of applying MPLS templates, MPLS flows are created.
2. As in the first case, you configure MPLS sampling on an egress interface on the P router
and configure an MPLS flow aggregation template. The route action is label swap
and the swapped label is 0 (explicit null).
The resulting behavior is that MPLS packets are sent to the PIC. The flow being
sampled corresponds to the label before the swap.
3. You configure a Layer 3 VPN network, in which a customer edge router (CE-1) sends
traffic to a provider edge router (PE-A), through the P router, to a similar provider edge
router (PE-B) and customer edge router (CE-2) on the remote end.
The resulting behavior is that you cannot sample MPLS packets on the PE-A to P router
link.
96 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
Verification
To verify the configuration properties, you can use the show services accounting
aggregation template template-name name operational mode command.
All other show services accounting commands also support version 9 templates, except
for show services accounting flow-detail and show services accounting aggregation
aggregation-type. For more information about operational mode commands, see the CLI
Explorer.
Examples: Configuring Version 9 Flow Templates
The following is a sample version 9 template configuration:
services {
flow-monitoring {
version9 {
template ip-template {
flow-active-timeout 20;
flow-inactive-timeout 120;
ipv4-template;
}
template mpls-template-1 {
mpls-template {
label-position [1 3 4];
}
}
template mpls-ipv4-template-1 {
mpls-ipv4-template {
label-position [1 5 7];
}
}
template peer-as-billing-template-1 {
peer-as-billing-template;
}
}
}
}
}
The following is a sample firewall filter configuration for MPLS traffic:
firewall {
family mpls {
filter mpls_sample {
term default {
then {
accept;
sample;
}
}
}
}
}
Copyright © 2014, Juniper Networks, Inc. 97
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The following sample configuration applies the MPLS sampling filter on a networking
interface and configures the AS PIC to accept both IPv4 and MPLS traffic:
interfaces {
at-0/1/1 {
unit 0 {
family mpls {
filter {
input mpls_sample;
}
}
}
}
sp-7/0/0 {
unit 0 {
family inet;
family mpls;
}
}
}
The following example applies the MPLS version 9 template to the sampling output and
sends it to the AS PIC:
forwarding-options {
sampling {
input {
family mpls {
rate 1;
}
}
family mpls {
output {
flow-active-timeout 60;
flow-inactive-timeout 30;
flow-server 1.2.3.4 {
port 2055;
version9 {
template mpls-ipv4-template-1;
}
}
interface sp-7/0/0 {
source-address 1.1.1.1;
}
}
}
}
}
The following is a sample firewall filter configuration for the peer AS billing traffic:
firewall {
family inet {
filter peer-as-filter {
term 0 {
from {
98 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
destination-class dcu-1;
interface ge-2/1/0;
forwarding-class class-1;
}
then count count_team_0;
}
}
term 1 {
from {
destination-class dcu-2;
interface ge-2/1/0;
forwarding-class class-1;
}
then count count_team_1;
}
term 2 {
from {
destination-class dcu-3;
interface ge-2/1/0;
forwarding-class class-1;
}
then count count_team_2;
}
}
}
}
The following sample configuration applies the peer AS firewall filter as a filter attribute
under the forwarding-options hierarchy for CoS-level data traffic usage information
collection:
forwarding-options {
family inet {
filter output peer-as-filter;
}
}
The following sample configuration applies the peer AS DCU policy options to collect
usage statistics for the traffic stream for as-path ingressing at a specific input interface
with the firewall configuration hierarchy applied as Forwarding Table Filters (FTFs). The
configuration functionality with COS capability can be achieved through FTFs for
destination-class usage with forwarding-class for specific input interfaces:
policy-options {
policy-statement P1 {
from {
protocol bgp;
neighbor 10.2.25.5; #BGP router configuration;
as-path AS-1; #AS path configuration;
}
then destination-class dcu-1; #Destination class configuration;
}
policy-statement P2 {
from {
neighbor 1.2.25.5;
as-path AS-2;
Copyright © 2014, Juniper Networks, Inc. 99
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
then destination-class dcu2;
}
policy-statement P3 {
from {
protocol bgp;
neighbor 192.2.1.1;
as-path AS-3;
}
then destination-class dcu3;
}
as-path AS-1 3131:1111:1123;
as-path AS-2 100000;
as-path AS-3 192:29283:2;
}
The following example applies the peer-as-billing version 9 template to enable sampling
of traffic for billing purposes:
forwarding-options {
sampling {
}
input {
rate 1;
}
family inet {
output {
flow-server 10.209.15.58 {
port 300;
version9 {
template {
peer-as;
}
}
}
interface sp-5/2/0 {
source-address 2.3.4.5;
}
}
}
}
}
family inet {
filter {
output peer-as-filter;
}
}
Related • Understanding Flow Aggregation on page 85
Documentation
• Enabling Flow Aggregation on page 86
• Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd on page 86
• Configuring Flow Aggregation to Use IPFIX Flow Templates on page 101
• Configuring Traffic Sampling on page 59
100 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
• Example: Configuring Active Flow Monitoring Version 9 for IPv6
Configuring Flow Aggregation to Use IPFIX Flow Templates
Use of IPFIX allows you to define a flow record template suitable for IPv4 traffic or IPv6
traffic. Templates are transmitted to the collector periodically, and the collector need
not be aware of the router configuration. You can define template refresh rate, flow active
timeout and inactive timeout.
If flow records are being sent for multiple protocol families (for example, for IPv4 and
IPv6), each protocol family flow will have a unique Observation Domain ID.
The following sections contain additional information:
• Configuring the IPFIX Template Properties on page 101
• Restrictions on page 102
• Customizing Template ID, Observation Domain ID, and Source ID for IPFIX flow
Templates on page 102
• Fields Included in the IPv4 Template on page 103
• Fields Included in the IPv6 Template on page 104
• Verification on page 105
• Example: Configuring an IPFIX Flow Templates and Flow Sampling on page 105
Configuring the IPFIX Template Properties
To define the IPFIX templates, include the following statements at the [edit services
flow-monitoring version-ipfix] hierarchy level:
[edit services flow-monitoring IPFIX]
template name {
options-template-id
template-id
observation-domain-id
flow-active-timeout seconds;
flow-inactive-timeout seconds;
option-refresh-rate packets packets seconds seconds;
template-refresh-rate packets packets seconds seconds;
(ipv4-template | ipv6-template);
}
The following details apply to the configuration statements:
• You assign each template a unique name by including the template name statement.
• You then specify each template for the appropriate type of traffic by including the
ipv4-template or ipv6–template.
• Within the template definition, you can optionally include values for the
flow-active-timeout and flow-inactive-timeout statements. These statements have
specific default and range values when they are used in template definitions; the default
is 60 seconds and the range is from 10 through 600 seconds.
Copyright © 2014, Juniper Networks, Inc. 101
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• You can also include settings for the option-refresh-rate and template-refresh-rate
statements within a template definition. For both of these properties, you can include
a timer value (in seconds) or a packet count (in number of packets). For the seconds
option, the default value is 600 and the range is from 10 through 600. For the packets
option, the default value is 4800 and the range is from 1 through 480,000.
• To filter IPV6 traffic on a media interface, the following configuration is supported:
interfaces interface-name {
unit 0 {
family inet6 {
sampling {
input;
output;
}
}
}
}
Restrictions
The following restrictions apply to IPFIX templates:
• Outbound Routing Engine traffic is not sampled. A firewall filter is applied as output
on the egress interface, which samples packets and exports the data. For transit traffic,
egress sampling works correctly. For internal traffic, the next hop is installed in the
Packet Forwarding Engine but sampled packets are not exported.
• Flows are created only after the route record resynchronization operation is complete,
which takes 120 seconds.
• VLAN ID field is not valid for egress traffic, and returns a value of 0 for egress traffic.
• The VLAN ID field is updated when a new flow record is created and so, any change in
VLAN ID after the record has been created might not be updated in the record.
Customizing Template ID, Observation Domain ID, and Source ID for IPFIX flow Templates
Use of version 9 and IPFIX allows you to define a flow record template suitable for IPv4
traffic, IPv6 traffic, MPLS traffic, a combination of IPv4 and MPLS traffic, or peer AS billing
traffic. Templates and the fields included in the template are transmitted to the collector
periodically, and the collector need not be aware of the router configuration. Starting
with Junos OS Release 14.1, you can specify the unique identifier for the version 9 and
IPFIX templates. The identifier of a template is locally unique within a combination of a
transport session and an observation domain. Template IDs 0 through 255 are reserved
for template sets, options template sets, and other sets for future use. Template IDs of
data sets are numbered from 256 through 65535. Typically, this information element or
field in the template is used to define the characteristics or properties of other information
elements in a template. After a restart of the export process of templates is performed,
template IDs can be reassigned. In Junos OS releases earlier than Release 14.1, template
IDs and options template IDs were predefined for each address family and could not be
modified.
102 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
This functionality to configure template ID, options template ID, observation domain ID,
and source ID is supported on all routers with MPCs (Trio chip-based FPCs).
The following values were assigned by default for the template IDs of version 9 templates
for the different protocols or address families, until Junos OS Release 13.3:
• IPv4 flow template ID—272
• IPv6 flow template ID—273
• VPLS flow template ID—274
• Options template ID for all address families—520
The corresponding data sets and option data sets contain the value of the template IDs
and options template IDs respectively in the set ID field. This method enables the collector
to match a data record with a template record.
For more information about specifying the source ID, observation domain ID, template
ID, and options template ID for version 9 and IPFIX flows, see “Configuring Observation
Domain ID and Source ID for Version 9 and IPFIX Flows” on page 106 and “Configuring
Template ID and Options Template ID for Version 9 and IPFIX Flows” on page 109.
Fields Included in the IPv4 Template
• IPv4 Source Address
• IPv4 Destination Address
• IPv4 TOS
• IPv4 Protocol
• L4 Source Port
• L4 Destination Port
• ICMP Type and Code
• Input Interface
• VLAN ID
• IPv4 Source Mask
• IPv4 Destination Mask
• Source AS
• Destination AS
• IPv4 Next Hop Address
• TCP Flags
Output Interface
• Number of Flow Bytes
• Number of Flow Packets
Copyright © 2014, Juniper Networks, Inc. 103
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• Minimum TTL (time to live)
• Maximum TTL (time to live)
• Flow Start Time
• Flow End Time
• Flow End Reason
• 802.1Q VLAN identifier (dot1qVlanId)
• 802.1Q Customer VLAN identifier (dot1qCustomerVlanId)
Fields Included in the IPv6 Template
• IPv6 Source Address
• IPv6 Destination Address
• IPv6 TOS
• IPv6 Protocol
• L4 Source Port
• L4 Destination Port
• ICMP Type and Code
• Input Interface
• VLAN ID
• IPv6 Source Mask
• IPv6 Destination Mask
• Source AS
• Destination AS
• IPv6 Next Hop Address
• TCP Flags
Output Interface
• Number of Flow Bytes
• Number of Flow Packets
• Minimum Hop Limits
• Maximum Hop Limits
• Flow Start Time
• Flow End Time
• Flow End Reason
• 802.1Q VLAN identifier (dot1qVlanId)
• 802.1Q Customer VLAN identifier (dot1qCustomerVlanId)
104 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
• Fragment Identification
• IPv6 Extension Headers
Verification
The following show commands are supported for IPFIX:
• show services accounting flow inline-jflow fpc-slot fpc-slot
• show services accounting errors inline-jflow fpc-slot fpc-slot
• show services accounting status inline-jflow fpc-slot fpc-slot
Example: Configuring an IPFIX Flow Templates and Flow Sampling
The following is a sample IPFIX template configuration:
services {
flow-monitoring {
version-ipfix {
template ipv4 {
flow-active-timeout 60;
flow-inactive-timeout 70;
template-refresh-rate seconds 30;
option-refresh-rate seconds 30;
ipv4-template;
}
}
}
}
chassis;
fpc 0 {
sampling-instance s1;
}
The following example applies the IPFIX template to enable sampling of traffic for billing:
forwarding-options {
sampling {
instance {
s1 {
input {
rate 10;
}
family inet {
output {
flow-server 11.11.4.2 {
port 2055;
version-ipfix {
template {
ipv4;
}
}
}
inline-jflow {
Copyright © 2014, Juniper Networks, Inc. 105
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
source-address 11.11.2.1;
}
}
}
}
}
}
}
Related • Understanding Flow Aggregation on page 85
Documentation
• Inclusion of Fragmentation Identifier and IPv6 Extension Header Elements in IPFIX
Templates on page 114
• Enabling Flow Aggregation on page 86
• Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd on page 86
• Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Configuring Observation Domain ID and Source ID for Version 9 and IPFIX Flows
For IPFIX flows, an identifier of an Observation Domain is locally unique to an exporting
process of the templates. The export process uses the Observation Domain ID to uniquely
identify to the collection process in which the flows were metered. We recommend that
you configure this ID to be unique for each IPFIX flow. A value of 0 indicates that no
specific Observation Domain is identified by this information element. Typically, this
attribute is used to limit the scope of other information elements. If the observation
domain is not unique, the collector cannot uniquely identify an IPFIX device.
If you configure the same Observation Domain ID for different template types, such as
for IPv4 and IPv6, it does not impact flow monitoring because the actual or the base
observation domain ID is transmitted in the flow. The actual observation domain ID is
derived from the value you configure and also in conjunction with other parameters such
as the slot number, lookup chip (LU) instance, Packet Forwarding Engine instance. Such
a method of computation of the observation domain ID ensures that this ID is not the
same for two IPFIX devices.
Until Junos OS Release 13.3, the observation domain ID is predefined and is set to a fixed
value, which is derived from the combination of FPC slot, sampling protocol, PFE Instance
and LU Instance fields. This derivation creates a unique observation domain per LU per
family. Starting with Junos OS Release 14.1, you can configure the observation domain
ID, which causes the first 8 bits of the field to be configured.
The following modifications have been made:
• FPC slots are expanded to 8 bits to enable more slots to be configured in an MX Series
Virtual Chassis configuration.
• 8 bits of the configured observation domain ID are used.
• You can configure a value for the observation domain ID in the range of 0 through 255.
106 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
• The Protocol field is increased to 3 bits to provide support for additional protocols in
inline flow monitoring.
• You can associate the observation domain ID with templates by using the
observation-domain-id domain-id statement at the [edit services flow- monitoring
version-ipfix template template-name] hierarchy level.
For version 9 flows, a 32-bit value that identifies the Exporter Observation Domain is
called the source ID. NetFlow collectors use the combination of the source IP address
and the source ID field to separate different export streams originating from the same
exporter.
To specify the observation domain ID for IPFIX flows, include the observation-domain-id
domain-id statement at the [edit services flow-monitoring version-ipfix template
template-name] hierarchy level.
[edit services flow-monitoring version-ipfix]
template template-name {
observation-domain-id domain-id;
}
To specify the source ID for version 9 flows, include the source-id source-id statement at
the [edit services flow-monitoring version9 template template-name] hierarchy level.
[edit services flow-monitoring version9]
template template-name {
source-id source-id;
}
Table 3 on page 107 describes observation domain ID values for different combinations
of the configured domain ID, protocol family, FPC slot, and the Packet Forwarding Engine
and lookup chip instances.
Table 3: Example of Observation Domain ID
Observation
Domain Id
Conf val rsvd
1proto slot
LUInst
PFEInst
xxxx xxxx
xxxx 1xxx
Configured Protocol xxxx xxxx
Value Family FPC Slot PFE Inst LU Inst xxxx xxxx
None IPV4 (0) 1 1 0 0000 0000
0000 1000
0000 0001
0000 0001
0x00080101
Copyright © 2014, Juniper Networks, Inc. 107
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 3: Example of Observation Domain ID (continued)
Observation
Domain Id
Conf val rsvd
1proto slot
LUInst
PFEInst
xxxx xxxx
xxxx 1xxx
Configured Protocol xxxx xxxx
Value Family FPC Slot PFE Inst LU Inst xxxx xxxx
None IPv6 (1) 1 1 0 0000 0000
0000 1001
0000 0001
0000 0001
0x00090101
None VPLS (2) 1 1 0 0000 0000
0000 1010
0000 0001
0000 0001
0x000A0101
None MPLS (3) 1 1 0 0000 0000
0000 1011
0000 0001
0000 0001
0x000B0101
4 IPv4 (0) 1 1 0 0000 0100
0000 1000
0000 0001
0000 0001
0x04080101
190 IPV4 (0) 1 1 0 1101 1110
0000 1000
0000 0001
0000 0001
0xBE080101
4 IPv4 (0) 2 1 1 0000 0100
0000 1000
0000 0010
0001 0001
0x04080211
4 IPV6 (1) 1 1 0 0000 0100
0000 1001
0000 0001
0001 0000
0x04090110
108 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
Table 3: Example of Observation Domain ID (continued)
Observation
Domain Id
Conf val rsvd
1proto slot
LUInst
PFEInst
xxxx xxxx
xxxx 1xxx
Configured Protocol xxxx xxxx
Value Family FPC Slot PFE Inst LU Inst xxxx xxxx
190 IPv6 (1) 1 1 0 1101 1110
0000 1001
0000 0001
0001 0000
0xBE090110
4 VPLS (2) 2 2 0 0000 0100
0000 1010
0000 0010
0010 0000
0x040A0220
10 IPv4 (0) 28 2 1 0000 1010
0000 1000
0001 1100
0010 0001
0x0A081C21
Related • Configuring Template ID and Options Template ID for Version 9 and IPFIX Flows on
Documentation page 109
Configuring Template ID and Options Template ID for Version 9 and IPFIX Flows
Starting with Junos OS Release 14.1, you can define the template ID for version 9 and
IPFIX templates for inline flow monitoring. To specify the template ID for version 9 flows,
include the template-id id statement at the [edit services flow-monitoring version9
template template-name] hierarchy level.
[edit services flow-monitoring version9]
template template-name {
template-id id;
}
To specify the template ID for version IPFIX flows, include the template-id statement at
the [edit services flow-monitoring version-ipfix template template-name] hierarchy level.
[edit services flow-monitoring version-ipfix]
template template-name {
template-id id;
}
Copyright © 2014, Juniper Networks, Inc. 109
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
To specify the options template ID for version 9 flows, include the options-template-id
statement at the [edit services flow-monitoring version9 template template-name]
hierarchy level.
[edit services flow-monitoring version9]
template template-name {
options-template-id id;
}
To specify the options template ID for version IPFIX flows, include the options-template-id
statement at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level. The template ID and options template ID can be a value in the range of
1024 through 65535.
[edit services flow-monitoring version-ipfix]
template template-name {
options-template-id id;
}
The template ID and options template ID can be a value in the range of 1024 through
65535. If you do not configure values for the template ID and options template ID, default
values are assumed for these IDs, which are different for the various address families. If
you configure the same template ID or options template ID value for different address
families, such a setting is not processed properly and might cause unexpected behavior.
For example, if you configure the same template ID value for both IPv4 and IPv6, the
collector validates the export data based on the template ID value that it last receives.
In this case, if IPv6 is configured after IPv4, the value is effective for IPv6 and the default
value is used for IPv4.
The following are the default values of template IDs for IPFIX flows for the different
protocols or address families, until Junos OS Release 13.3:
• IPv4 IPFIX flow template ID—256
• IPv6 IPFIX flow template ID—257
• VPLS IPFIX flow template ID—258
• MPLS IPFIX flow template ID—259
The following are the default values of template IDs for version 9 flows for the different
protocols or address families, starting with Junos OS Release 14.1:
• IPv4 version 9 flow template ID—320
• IPv6 version 9 flow template ID—321
• VPLS version 9 flow template ID—322
• MPLS version 9 flow template ID—323
The following are the default values of template IDs for IPFIX flows for the different
protocols or address families, until Junos OS Release 13.3:
• IPv4 IPFIX flow options template ID—512
• IPv6 IPFIX flow options template ID—513
110 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
• VPLS IPFIX flow options template ID—514
• MPLS IPFIX flow options template ID—515
The following are the default values of template IDs for version 9 flows for the different
protocols or address families, starting with Junos OS Release 14.1:
• IPv4 version 9 flow options template ID—576
• IPv6 version 9 flow options template ID—577
• VPLS version 9 flow options template ID—578
• MPLS version 9 flow options template ID—579
Table 4 on page 111 describes the values of data template and option template IDs for
different protocols with default and configured values for IPFIX flows.
Table 4: Values of Template and Option Template IDs for IPFIX Flows
Family Configured Value Data Template Option Template
IPv4 None 256 576
IPv4 1024-65535 1024-65535 1024-65535
IPv6 None 257 577
IPv6 1024-65535 1024-65535 1024-65535
VPLS None 258 578
VPLS 1024-65535 1024-65535 1024-65535
MPLS None 259 579
MPLS 1024-65535 1024-65535 1024-65535
Table 5 on page 111 describes the values of data template and option template IDs for
different protocols with default and configured values for version 0 flows.
Table 5: Values of Template and Option Template IDs for Version 9 Flows
Family Configured Value Data Template Option Template
IPv4 None 320 576
IPv4 1024-65535 1024-65535 1024-65535
IPv6 None 321 577
IPv6 1024-65535 1024-65535 1024-65535
VPLS None 322 578
Copyright © 2014, Juniper Networks, Inc. 111
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 5: Values of Template and Option Template IDs for Version 9
Flows (continued)
Family Configured Value Data Template Option Template
VPLS 1024-65535 1024-65535 1024-65535
MPLS None 323 579
MPLS 1024-65535 1024-65535 1024-65535
Table 4 on page 111 describes the values of data template and option template IDs for
different protocols with default and configured values for IPFIX flows.
Table 6: Values of Template and Option Template IDs for IPFIX Flows
Observation
Domain Id
Conf val rsvd
1proto slot
LUInst
PFEInst
xxxx xxxx
xxxx 1xxx
Configured Protocol xxxx xxxx
Value Family FPC Slot PFE Inst LU Inst xxxx xxxx
None IPV4 (0) 1 1 0 0000 0000
0000 1000
0000 0001
0000 0001
0x00080101
None IPv6 (1) 1 1 0 0000 0000
0000 1001
0000 0001
0000 0001
0x00090101
None VPLS (2) 1 1 0 0000 0000
0000 1010
0000 0001
0000 0001
0x000A0101
None MPLS (3) 1 1 0 0000 0000
0000 1011
0000 0001
0000 0001
0x000B0101
112 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
Table 6: Values of Template and Option Template IDs for IPFIX
Flows (continued)
Observation
Domain Id
Conf val rsvd
1proto slot
LUInst
PFEInst
xxxx xxxx
xxxx 1xxx
Configured Protocol xxxx xxxx
Value Family FPC Slot PFE Inst LU Inst xxxx xxxx
4 IPv4 (0) 1 1 0 0000 0100
0000 1000
0000 0001
0000 0001
0x04080101
190 IPV4 (0) 1 1 0 1101 1110
0000 1000
0000 0001
0000 0001
0xBE080101
4 IPv4 (0) 2 1 1 0000 0100
0000 1000
0000 0010
0001 0001
0x04080211
4 IPV6 (1) 1 1 0 0000 0100
0000 1001
0000 0001
0001 0000
0x04090110
190 IPv6 (1) 1 1 0 1101 1110
0000 1001
0000 0001
0001 0000
0xBE090110
4 VPLS (2) 2 2 0 0000 0100
0000 1010
0000 0010
0010 0000
0x040A0220
10 IPv4 (0) 28 2 1 0000 1010
0000 1000
0001 1100
0010 0001
0x0A081C21
Copyright © 2014, Juniper Networks, Inc. 113
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Configuring Observation Domain ID and Source ID for Version 9 and IPFIX Flows on
Documentation page 106
Inclusion of Fragmentation Identifier and IPv6 Extension Header Elements in IPFIX
Templates
Starting with Junos OS Release 14.2, the following attributes can be contained in IPFIX
flow templates that are sent to the flow collector:
• fragmentIdentification (element ID 54)
• ipv6ExtensionHeaders (element ID 64)
A flow can receive many fragments in a given interval. For a given set of fragments of a
packet, there is a unique fragment Identification. Hence, multiple such values can be
received in a given interval. RFC 5102 for fragmentIdentification 54 does not clearly
indicate which fragment identification needs to be shipped in the flow record information
(first fragment observed after sending the flow record information or the last observed
before shipping the flow record information). However, the last observed fragment
Identification for a given flow is also transmitted to the flow collector.
Unlike in IPv4, IPv6 routers never fragment IPv6 packets. Packets exceeding the size of
the maximum transmission unit of the destination link are dropped and this condition is
signaled by a Packet Too Big ICMPv6 type 2 message to the originating node, similarly
to the IPv4 method when the Don't Fragment (DF) bit is set.
The fragmentIdentification element is supported for both IPv4 and IPv6 flow templates.
The fragmentIdentification element is added in the record template. The
fragmentIdentification attribute is 16 bits in size for IPv4, and 32 bits in size for IPv6. For
IPv6, this field is present in fragment Extension header and Fragment Identifier is updated
as 0 if there is no Fragment extension header.
Ports are a part of the key used to identify a Flow and the subsequent packets after the
first fragmented packet does not have the port information. For a fragmented packet
that is destined to the router, the packets that are split assume different flows (the first
and the subsequent packets). Also, because the port is denoted as zeroes for fragmented
packets, all the traffic destined to a particular destination from a particular source might
be reported as the same flow, although no association exists between them in terms of
destination ports. Fragment ID is not part of the key. Although the fragement ID attribute
is unique between each source and destination, they might end up as same flows in the
intermediate router.
With ports being used in the key for the flow lookup, the fragmented packets of a stream
are accounted in two different flows. The first fragmented packet, which contains the
port information in its packet, is part of one flow. Subsequent packets after the first
fragments, which do not contain the port information, are accounted under a different
flow. Because the second flow does not contain the port information to identify itself, it
consolidates all the other traffic streams with same source IP and destination IP address
prefixes (also includes the non-first fragmented packets sent on different ports).
114 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
Destination nodes or endpoints in IPv6 are expected to perform path MTU discovery to
determine the maximum size of packets to send, and the upper-layer protocol is expected
to limit the payload size. However, if the upper-layer protocol is unable to do so, the
sending host may use the Fragment extension header in order to perform end-to-end
fragmentation of IPv6 packets. Any data link layer conveying IPv6 data must be capable
of delivering an IP packet containing 1280 bytes without the need to invoke end-to-end
fragmentation at the IP layer.
The ipv6ExtensionHeaders information element is a set for 32 bit fields. Each bit in this
set represents one IPv6 Extension header. An extension header bit is set if that particular
extension header is observed for the flow. The bit is set to 1 if any observed packet of this
Flow contains the corresponding IPv6 extension header. Otherwise, if no observed packet
of this Flow contained the respective IPv6 extension header, the value of the corresponding
bit is 0. The ipv6ExtensionHeaders element is added in the record template. The number
of flows that are created depends on the number of IPv6 packets that include the IPv6
extender header attribute.
To enable the inclusion of element ID, 54, fragmentIdentification and element ID, 64,
ipv6ExtensionHeaders in IPFIX flow templates that are exported to the flow collector,
include the ipv6-extended-attrib statement at the [edit chassis fpc slot-number inline-
services flow-table-size] hierarchy level. Collection of IP4 fragmentation IDs occurs
automatically without having to configure this setting explicitly.
[edit chassis]
fpc slot-number {
inline-services {
flow-table-size {
ipv6-extended-attrib;
}
}
}
Table 7 on page 115 describes the values of the IPv6 options and their functions that are
contained in IPv6 packets.
Table 7: Values of IPv6 Options and Extension Headers in Packets
Bit Value IPv6 Option Next Header Code Description
0 Res Not applicable Reserved
1 FRA1 44 Fragmentation Header
2 RH 43 Routing Header
3 FRA0 44 Fragment Header –
First Fragment
4 UNK Not applicable Unknown Layer 4
header (compressed,
encrypted, not
supported)
Copyright © 2014, Juniper Networks, Inc. 115
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 7: Values of IPv6 Options and Extension Headers in
Packets (continued)
Bit Value IPv6 Option Next Header Code Description
5 Res Not applicable Reserved
6 HOP 0 Hop-by-hop option
header
7 DST 60 Destination option
header
8 PAY 108 Payload compression
header
9 AH 51 Authentication header
10 ESP 50 Encrypted security
payload
11 through 31 Res Not applicable Reserved
Related • Configuring Flow Aggregation to Use IPFIX Flow Templates on page 101
Documentation
• ipv6-extended-attrib on page 312
Directing Replicated Flows to Multiple Flow Servers
You can configure replication of the sampled flow records for use by multiple flow servers.
You can use either sampling based on the Routing Engine, using cflowd version 5 or
version 8, or sampling based on the services PIC, using flow aggregation version 9, as
described in the following sections:
• Directing Replicated Routing Engine–Based Sampling Flows to Multiple
Servers on page 116
• Directing Replicated Version 9 Flow Aggregates to Multiple Servers on page 117
Directing Replicated Routing Engine–Based Sampling Flows to Multiple Servers
Routing Engine–based sampling supports up to eight flow servers for both cflowd version
5 and version 8 configurations. The total number of servers is limited to eight regardless
of how many are configured for cflowd v5 or v8.
When you configure cflowd-based sampling, the export packets are replicated to all flow
servers configured to receive them. If two servers are configured to receive v5 records,
both the servers will receive records for a specified flow.
116 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
NOTE: With Routing Engine–based sampling, if multiple flow servers are
configured with version 8 export format, all of them must use the same
aggregation type. For example, all servers receiving version 8 export could
be configured for source-destination aggregation type.
The following configuration example allows replication of export packets to two flow
servers.
forwarding-options {
sampling {
instance inst1 {
input {
rate 1;
}
family inet;
output {
flow-server 10.10.3.2 {
port 2055;
version 5;
source-address 192.168.164.119;
}
flow-server 172.17.20.62 {
port 2055;
version 5;
source-address 192.168.164.119;
}
}
}
}
}
}
Directing Replicated Version 9 Flow Aggregates to Multiple Servers
The export packets generated for a template are replicated to all the flow servers that
are configured to receive information for that template. The maximum number of servers
supported is eight.
This also implies that periodic updates required by version 9 (RFC 3954) are sent to each
configured collector. The following updates are sent periodically as part of this
requirement:
• Options data
• Template definition
The refresh period for options data and template definition is configured on a per-template
basis at the [edit services flow-monitoring] hierarchy level.
The following configuration example allows replication of version 9 export packets to
two flow servers.
forwarding-options {
Copyright © 2014, Juniper Networks, Inc. 117
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
sampling {
instance inst1 {
input {
rate 1;
}
family inet;
output {
flow-server 10.10.3.2 {
port 2055;
version9 {
template {
ipv4;
}
}
}
flow-server 172.17.20.62 {
port 2055;
version9 {
template {
ipv4;
}
}
}
}
flow-inactive-timeout 30;
flow-active-timeout 60;
interface sp-4/0/0 {
source-address 10.10.3.4;
}
}
}
}
}
Related • Active Flow Monitoring Overview on page 3
Documentation
• Configuring Flow Monitoring on page 6
• Configuring Services Interface Redundancy with Flow Monitoring on page 13
• Example: Configuring Active Monitoring on Logical Systems on page 10
Logging cflowd Flows Before Export
To collect the cflowd flows in a log file before they are exported, include the local-dump
statement at the [edit forwarding-options sampling output flow-server hostname] hierarchy
level:
[edit forwarding-options sampling output flow-server hostname]
local-dump;
By default, the flows are collected in /var/log/sampled; to change the filename, include
the filename statement at the [edit forwarding-options sampling traceoptions] hierarchy
level. For more information about changing the filename, see “Configuring Traffic Sampling
Output” on page 63.
118 Copyright © 2014, Juniper Networks, Inc.
Chapter 8: Sampling Data Using Flow Aggregation
NOTE: Because the local-dump statement adds extra overhead, you should
use it only while debugging cflowd problems, not during normal operation.
The following is an example of the flow information. The AS number exported is the
origin AS number. All flows that belong under a cflowd header are dumped, followed by
the header itself:
Jun 27 18:35:43 v5 flow entry
Jun 27 18:35:43 Src addr: 192.53.127.1
Jun 27 18:35:43 Dst addr: 192.6.255.15
Jun 27 18:35:43 Nhop addr: 192.6.255.240
Jun 27 18:35:43 Input interface: 5
Jun 27 18:35:43 Output interface: 3
Jun 27 18:35:43 Pkts in flow: 15
Jun 27 18:35:43 Bytes in flow: 600
Jun 27 18:35:43 Start time of flow: 7230
Jun 27 18:35:43 End time of flow: 7271
Jun 27 18:35:43 Src port: 26629
Jun 27 18:35:43 Dst port: 179
Jun 27 18:35:43 TCP flags: 0x10
Jun 27 18:35:43 IP proto num: 6
Jun 27 18:35:43 TOS: 0xc0
Jun 27 18:35:43 Src AS: 7018
Jun 27 18:35:43 Dst AS: 11111
Jun 27 18:35:43 Src netmask len: 16
Jun 27 18:35:43 Dst netmask len: 0
[... 41 more version 5 flow entries; then the following header:]
Jun 27 18:35:43 cflowd header:
Jun 27 18:35:43 Num-records: 42
Jun 27 18:35:43 Version: 5
Jun 27 18:35:43 low seq num: 118
Jun 27 18:35:43 Engine id: 0
Jun 27 18:35:43 Engine type: 3
Related • Active Flow Monitoring Overview on page 3
Documentation
• Configuring Flow Monitoring on page 6
• Directing Replicated Flows to Multiple Flow Servers on page 116
• Configuring Services Interface Redundancy with Flow Monitoring on page 13
• Example: Configuring Active Monitoring on Logical Systems on page 10
Copyright © 2014, Juniper Networks, Inc. 119
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
120 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 9
Sending Packets for Analysis Using Port
Mirroring
• Understanding Port Mirroring on page 121
• Configuring Port Mirroring on page 121
• Defining a Next-Hop Group for Port Mirroring on page 137
• Example: Multiple Port Mirroring with Next-Hop Groups Configuration on page 138
Understanding Port Mirroring
On routers containing an Internet Processor II application-specific integrated circuit
(ASIC) or T Series Internet Processor, you can send a copy of an IP version 4 (IPv4) or IP
version 6 (IPv6) packet from the router to an external host address or a packet analyzer
for analysis. This is known as port mirroring.
Port mirroring is different from traffic sampling. In traffic sampling, a sampling key based
on the IPv4 header is sent to the Routing Engine. There, the key can be placed in a file,
or cflowd packets based on the key can be sent to a cflowd server. In port mirroring, the
entire packet is copied and sent out through a next-hop interface.
You can configure simultaneous use of sampling and port mirroring, and set an
independent sampling rate and run-length for port-mirrored packets. However, if a packet
is selected for both sampling and port mirroring, only one action can be performed and
port mirroring takes precedence. For example, if you configure an interface to sample
every packet input to the interface and a filter also selects the packet to be port mirrored
to another interface, only the port mirroring would take effect. All other packets not
matching the explicit filter port-mirroring criteria continue to be sampled when forwarded
to their final destination.
Related • Configuring Port Mirroring on page 121
Documentation
• Example: Multiple Port Mirroring with Next-Hop Groups Configuration on page 138
Configuring Port Mirroring
To prepare traffic for port mirroring, include the filter statement at the [edit firewall family
inet] hierarchy level:
Copyright © 2014, Juniper Networks, Inc. 121
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
filter filter-name;
This filter at the [edit firewall family (inet | inet6)] hierarchy level selects traffic to be
port-mirrored:
filter filter-name {
term term-name {
then {
port-mirror;
accept;
}
}
}
To configure port mirroring on a logical interface, configure the following statements at
the [edit forwarding-options port-mirroring] hierarchy level:
[edit forwarding-options port-mirroring family inet]
input {
maximum-packet-length bytes;
rate rate;
run-length number;
}
family (inet|inet6) {
output {
interface interface-name {
next-hop address;
}
no-filter-check;
}
or
[edit forwarding-options port-mirroring]
input {
maximum-packet-length bytes;
rate rate;
run-length number;
}
family inet6 {
output {
next-hop-group group-name{
group-type inet6;
interface interface-name {
next-hop ipv6-address;
}
next-hop-subgroup group-name{
interface interface-name {
next-hop ipv6-address;
}
}
}
}
}
122 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
NOTE: The input statement can also be configured at the [edit
forwarding-options port-mirroring] hierarchy level. This is only maintained for
backward compatibility. However, the configuration of the output statement
is deprecated at the [edit forwarding-options port-mirroring] hierarchy level.
Specify the port-mirroring destination by including the next-hop statement at the [edit
forwarding-options port-mirroring output interface interface-name] hierarchy level:
next-hop address;
NOTE: For IPv4 port mirroring to reach a next-hop destination, you must
manually include a static Address Resolution Protocol (ARP) entry in the
router configuration.
You can also specify the port-mirroring destination by including the next-hop-group
statement at the [edit forwarding-options port-mirroring family inet6 output] hierarchy
level:
next-hop-group group-name{
group-type inet6;
interface interface-name {
next-hop ipv6-address;
}
next-hop-subgroup group-name{
interface interface-name {
next-hop ipv6-address;
}
}
}
The no-filter-check statement is required when you send port-mirrored traffic to a Tunnel
PIC that has a filter applied to it. en
The interface used to send the packets to the analyzer is the output interface configured
above at the [edit forwarding-options port-mirroring family (inet | inet6) output] hierarchy
level. You can use any physical interface type, including generic routing encapsulation
(GRE) tunnel interfaces. The next-hop address specifies the destination address; this
statement is mandatory for non point-to-point interfaces, such as Ethernet interfaces.
To configure the sampling rate or duration, include the rate or run-length statement at
the [edit forwarding-options port-mirroring input] hierarchy level.
You can trace port-mirroring operations the same way you trace sampling operations.
For more information, see “Tracing Traffic Sampling Operations” on page 65.
For more information about port mirroring, see the following sections:
• Configuring Tunnels on page 124
• Port Mirroring with Next-Hop Groups on page 125
Copyright © 2014, Juniper Networks, Inc. 123
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• Configuring Inline Port Mirroring on page 126
• Filter-Based Forwarding with Multiple Monitoring Interfaces on page 127
• Restrictions on page 127
• Configuring Port Mirroring on Services Interfaces on page 128
• Examples: Configuring Port Mirroring on page 129
Configuring Tunnels
In typical applications, you send the sampled packets to an analyzer or a workstation for
analysis, rather than another router. If you must send this traffic over a network, you
should use tunnels. For more information about tunnel interfaces, see Tunnel Properties.
If your router is equipped with a Tunnel PIC, you can forward duplicate packets to multiple
interfaces by configuring a next-hop group. To configure a next-hop group, include the
next-hop-group statement at the [edit forwarding-options] hierarchy level:
[edit forwarding-options]
next-hop-group group-names {
interface interface-name {
next-hop address;
}
}
The interface statement specifies the interface that sends out sampled information. The
next-hop statement specifies the next-hop addresses to which to send the sampled
information.
For IPv6 port mirroring to reach next-hop destination, you can configure a next-hop-group
statement at the [edit forwarding-options port-mirroring family inet6 output] hierarchy
level:
next-hop-group group-name{
group-type inet6;
interface interface-name {
next-hop ipv6-address;
}
next-hop-subgroup group-name{
interface interface-name {
next-hop ipv6-address;
}
}
}
Next-hop groups have the following restrictions:
• Next-hop groups are supported for inet, inet6, and bridge family.
• Next-hop groups are supported on M Series and MX Series routers.
• Next-hop groups or next-hop subgroups support up to 16 next-hop addresses.
• Up to 30 next-hop groups are supported.
124 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
• Each next-hop group is expected to have at least two next-hop addresses.
• Each next-hop subgroup supports up to 16 next-hop groups.
Port Mirroring with Next-Hop Groups
You can configure next-hop groups for M Series, MX Series, and TX Series routers using
either IP addresses or Layer 2 addresses for the next hops. Use the group-type [ inet |
inet6 | layer-2 ] statement at [edit forwarding-options next-hop-group
next-hop-group-name] hierarchy level to establish the next-hop groups. You can reference
more than one port mirroring instance in a filter on MX Series routers. Use the
port-mirror-instance instance-name statement at the [edit firewall family family-name
filter filter-name term term-name] hierarchy level to refer to one of several port mirroring
instances. For more information about this configuration, see the Layer 2 Port Mirroring
Feature Guide for Routing Devices.
NOTE: On MX Series routers with MPCs, port mirroring instances can only
be bound to the FPC level and not up to the PIC level. For MX series routers
with a DPC card, both levels are supported.
On M Series, MX Series, and T Series routers only, you can configure port mirroring using
next-hop groups, also known as multipacket port mirroring, without the presence of a
Tunnel PIC. To configure this functionality, include the next-hop-group statement at the
[edit forwarding-options port-mirror family [inet | inet6] output] or [edit forwarding-options
port-mirror instance instance-name family inet output] hierarchy level:
[edit forwarding-options]
port-mirror {
family inet {
output {
next-hop-group group-name {
interface interface-name {
next-hop address;
}
}
}
}
}
or
[edit forwarding-options]
port-mirror {
family inet6 {
output {
next-hop-group group-name{
group-type inet6;
interface interface-name {
next-hop ipv6-address;
}
next-hop-subgroup group-name{
interface interface-name {
Copyright © 2014, Juniper Networks, Inc. 125
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
next-hop ipv6-address;
}
}
}
}
}
}
or
[edit forwarding-options]
port-mirror {
instance instance-name {
family (inet | vpls) {
output {
next-hop-group group-name;
}
}
}
}
You define the next-hop group by including the next-hop-group statement at the [edit
forwarding-options] hierarchy level. For an example, see “Examples: Configuring Port
Mirroring” on page 129. This configuration is supported with IPv4 and IPv6 addresses.
You can disable this configuration by including a disable or disable-all-instances statement
at the [edit forwarding-options port-mirror] hierarchy level or by including a disable
statement at the [edit forwarding-options port-mirror instance instance-name] hierarchy
level. You can display the settings and network status by issuing the show
forwarding-options next-hop-group and show forwarding-options port-mirroring operational
commands.
NOTE: If you try to bind any derived instance to the FPC, a commit error will
occur.
Configuring Inline Port Mirroring
Inline port mirroring provides you with the ability to specify instances that are not bound
to the flexible PIC concentrator (FPC) in the firewall filter’s then port-mirror-instance
action. This way, you are not limited to only two port-mirror instances per FPC. Inline port
mirroring decouples the port-mirror destination from the input parameters like rate. While
the input parameters are programmed in the switch interface board, the next-hop
destination of the mirrored packet is available in the packet itself. Inline port mirroring is
supported only on MX Series routers with MPCs.
Using inline port mirroring, a port-mirror instance will have an option to inherit input
parameters from another instance that specifies it, as shown in the following CLI
configuration example:
instance pm2 {
+ input-parameters-instance pm1;
family inet {
126 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
output {
interface ge-1/2/3.0 {
next-hop 50.0.0.3;
}
}
}
}
Multiple levels of inheritance are not allowed. One instance can be referred by multiple
instances. An instance can refer to another instance that is defined before it. Forward
references are not allowed and an instance cannot refer to itself, doing so will cause an
error during configuration parsing.
The user can specify an instance that is not bound to the FPC in the firewall filter. The
specified filter should inherit one of the two instances that have been bound to the FPC.
If it does not, the packet is not marked for port-mirroring. If it does, then the packet will
be sampled using the input parameters specified by the referred instance but the copy
will be sent to the its own destination.
Filter-Based Forwarding with Multiple Monitoring Interfaces
If port-mirrored packets are to be distributed to multiple monitoring or collection interfaces
based on patterns in packet headers, it is helpful to configure a filter-based forwarding
(FBF) filter on the port-mirroring egress interface.
When an FBF filter is installed as an output filter, a packet that is forwarded to the filter
has already undergone at least one route lookup. After the packet is classified at the
egress interface by the FBF filter, it is redirected to another routing table for additional
route lookup. Obviously, the route lookup in the latter routing table (designated by an
FBF routing instance) must result in a different next hop from those from the previous
tables the packet has passed through, to avoid packet looping inside the Packet
Forwarding Engine.
For more information about FBF configuration, see the Junos OS Routing Protocols Library
for Routing Devices. For an example of FBF applied to an output interface, see “Examples:
Configuring Port Mirroring” on page 129.
Restrictions
The following restrictions apply to port-mirroring configurations:
• The interface you configure for port mirroring should not participate in any kind of
routing activity.
• The destination address you specify should not have a route to the ultimate traffic
destination. For example, if the sampled IPv4 packets have a destination address of
10.68.9.10 and the port-mirrored traffic is sent to 10.68.20.15 for analysis, the device
associated with the latter address should not know a route to 10.68.9.10. Also, it should
not send the sampled packets back to the source address.
• IPv4 and IPv6 traffic is supported. For IPv6 port mirroring, you must configure the
next-hop router with an IPv6 neighbor before mirroring the traffic, similar to an ARP
request for IPv4 traffic. All the restrictions applied to IPv4 configurations should also
apply to IPv6.
Copyright © 2014, Juniper Networks, Inc. 127
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• On M120 and M320 routers, multiple next-hop mirroring is not supported.
• Because M320 routers do not support multiple bindings of port-mirror instances per
FPC, the port-mirror-instance action is not supported in firewall filters for these routers.
• Port mirroring in the ingress and egress direction is not supported for link services IQ
(lsq-) interfaces.
• On M Series routers other than the M120 and M320 routers, only one family protocol
(either IPv4 or IPv6) is supported at a time.
• Port mirroring supports up to 16 next hops.
• Only transit data is supported.
• You can configure multiple port-mirroring interfaces per router.
• On routers containing an Internet Processor II application-specific integrated circuit
(ASIC), you must include a firewall filter with both the accept action and the port-mirror
action modifier on the inbound interface. Do not include the discard action, or port
mirroring will not work.
• If the port-mirroring interface is a non-point-to-point interface, you must include an
IP address under the port-mirroring statement to identify the other end of the link. This
IP address must be reachable for you to see the sampled traffic. If the port-mirroring
interface is an Ethernet interface, the router should have an Address Resolution Protocol
(ARP) entry for it. The following sample configuration sets up a static ARP entry.
• You do not need to configure firewall filters on both inbound and outbound interfaces,
but at least one is necessary on the inbound interface to provide the copies of the
packets to send to an analyzer.
• Inline port mirroring is supported only on MX Series routers with MPCs.
• Configuration for both port mirroring and traffic sampling are handled by the same
daemon, so in order to view a trace log file for port mirroring, you must configure the
traceoptions option under traffic sampling.
Configuring Port Mirroring on Services Interfaces
A special situation arises when you configure unit 0 of a services interface (AS or
Multiservices PIC) to be the port-mirroring logical interface, as in the following example:
[edit forwarding-options]
port-mirroring {
input {
rate 1;
}
family inet {
output {
interface sp-1/0/0.0;
}
}
}
Since any traffic directed to unit 0 on a services interface is targeted for monitoring
(cflowd packets are generated for it), the sample port-mirroring configuration indicates
128 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
that the customer would like to have cflowd records generated for the port-mirrored
traffic.
However, generation of cflowd records requires the following additional configuration;
if it is missing, the port-mirrored traffic is simply dropped by the services interface without
generating any cflowd packets.
[edit forwarding-options]
sampling {
instance instance1 { # named instances of sampling parameters
input {
rate 1;
}
family inet {
output {
flow-server 172.16.28.65 {
port 1230;
}
interface sp-1/0/0 { # If the port-mirrored traffic requires monitoring, this
# interface must be same as that specified in the
# port-mirroring configuration.
source-address 3.1.2.3;
}
}
}
}
}
NOTE: Another way to configure sp-1/0/0 to generate cflowd records is to
use only the sampling configuration, but include a firewall filter sample action
instead of a port-mirror action.
Examples: Configuring Port Mirroring
The following example sends port-mirrored traffic to multiple cflowd servers or packet
analyzers:
[edit interfaces]
ge-1/0/0 { # This is the input interface where packets enter the router.
unit 0 {
family inet {
filter {
input mirror_pkts; # Here is where you apply the first filter.
}
address 10.11.0.1/24;
}
}
}
ge-1/1/0 { # This is an exit interface for HTTP packets.
unit 0 {
family inet {
address 10.12.0.1/24;
}
Copyright © 2014, Juniper Networks, Inc. 129
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
}
ge-1/2/0 { # This is an exit interface for HTTP packets.
unit 0 {
family inet {
address 10.13.0.1/24;
}
}
}
so-0/3/0 { # This is an exit interface for FTP packets.
unit 0 {
family inet {
address 10.1.1.1/30;
}
}
}
so-4/3/0 { # This is an exit interface for FTP packets.
unit 0 {
family inet {
address 10.2.2.2/30;
}
}
}
so-7/0/0 { # This is an exit interface for all remaining packets.
unit 0 {
family inet {
address 10.5.5.5/30;
}
}
}
so-7/0/1 { # This is an exit interface for all remaining packets.
unit 0 {
family inet {
address 10.6.6.6/30;
}
}
}
vt-3/3/0 { # The tunnel interface is where you send the port mirrored traffic.
unit 0 {
family inet;
}
unit 1 {
family inet {
filter {
input collect_pkts; # This is where you apply the second firewall filter.
}
}
}
}
[edit forwarding-options]
port-mirroring { # This is required when you configure next-hop groups.
input {
rate 1; # This rate port mirrors one packet for every one received (1:1 = all
# packets).
}
family inet {
130 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
output { # This sends traffic to a tunnel interface to prepare for multiport mirroring.
interface vt-3/3/0.1;
no-filter-check;
}
}
}
next-hop-group ftp-traffic { # Point-to-point interfaces require you to specify the interface
# name only.
interface so-4/3/0.0;
interface so-0/3/0.0;
}
next-hop-group http-traffic { # You need to configure a next hop for multipoint interfaces
# (Ethernet).
interface ge-1/1/0.0 {
next-hop 10.12.0.2;
}
interface ge-1/2/0.0 {
next-hop 10.13.0.2;
}
}
next-hop-group default-collect {
interface so-7/0/0.0;
interface so-7/0/1.0;
}
[edit firewall]
family inet {
filter mirror_pkts { # Apply this filter to the input interface.
term catch_all {
then {
count input_mirror_pkts;
port-mirror; # This action sends traffic to be copied and port mirrored.
accept;
}
}
}
filter collect_pkts { # Apply this filter to the tunnel interface.
term ftp-term { # This term sends FTP traffic to an FTP next-hop group.
from {
protocol ftp;
}
then next-hop-group ftp-traffic;
}
term http-term {# This term sends HTTP traffic to an HTTP next-hop group.
from {
protocol http;
}
then next-hop-group http-traffic;
}
term default {# This term sends all remaining traffic to a final next-hop group.
then next-hop-group default-collectors;
}
}
}
Copyright © 2014, Juniper Networks, Inc. 131
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The following example demonstrates configuration of filter-based forwarding at the
output interface. In this example, the packet flow follows this path:
1. A packet arrives at interface fe-1/2/0.0 with source and destination addresses
10.50.200.1 and 10.50.100.1, respectively.
2. The route lookup in routing table inet.0 points to the egress interface so-0/0/3.0.
3. The output filter installed at so-0/0/3.0 redirects the packet to routing table fbf.inet.0.
4. The packet matches the entry 10.50.100.0/25, and finally leaves the router from
interface so-2/0/0.0.
[edit interfaces]
so-0/0/3 {
unit 0 {
family inet {
filter {
output fbf;
}
address 10.50.10.2/25;
}
}
}
fe-1/2/0 {
unit 0 {
family inet {
address 10.50.50.2/25;
}
}
}
so-2/0/0 {
unit 0 {
family inet {
address 10.50.20.2/25;
}
}
}
[edit firewall]
filter fbf {
term 0 {
from {
source-address {
10.50.200.0/25;
}
}
then routing-instance fbf;
}
term d {
then count d;
}
}
[edit routing-instances]
fbf {
instance-type forwarding;
routing-options {
132 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
static {
route 10.50.100.0/25 next-hop so-2/0/0.0;
}
}
}
[edit routing-options]
interface-routes {
rib-group inet fbf-group;
}
static {
route 10.50.100.0/25 next-hop 10.50.10.1;
}
rib-groups {
fbf-group {
import-rib [ inet.0 fbf.inet.0 ];
}
}
The following example shows configuration of port mirroring using next-hop groups or
multipacket port mirroring:
forwarding-options {
next-hop-group inet_nhg {
group-type inet;
interface ge-2/0/2.101 {
next-hop 10.2.0.2;
}
interface ge-2/2/8.2 {
next-hop 10.8.0.2;
}
}
next-hop-group vpls_nhg {
group-type layer-2;
interface ge-2/0/1.100;
interface ge-2/2/9.0;
inactive: next-hop-subgroup vpls_subg {
interface ge-2/0/1.101;
interface ge-2/2/9.1;
}
}
next-hop-group vpls_nhg_2 {
group-type layer-2;
interface ge-2/2/1.100;
interface ge-2/3/9.0;
}
port-mirror {
disable-all-instances; /* Disable all port-mirroring instances */
disable; /* Disable the global instance */
input {
rate 10; # start mirroring every 10th packet
run-length 4; # mirror 4 additional packets
}
family inet {
output {
next-hop-group inet_nhg;
}
Copyright © 2014, Juniper Networks, Inc. 133
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
family inet6 {
output {
next-hop-group inet6_nhg6 {
group-type inet6;
interface ge-2/0/3.102 {
next-hop 10::1:1:10;
}
interface ge-2/0/4.103 {
next-hop 20::1:1:10;
}
next-hop-subgroup vpls_subg {
interface ge-2/0/.101 {
next-hop 3::1:1:1;
}
interface ge-2/2/9.1 {
next-hop 4::1:1:1;
}
}
}
}
}
family vpls {
output {
next-hop-group vpls_nhg;
}
}
instance {
inst1 {
disable; /* Disable this instance */
input {
rate 1;
maximum-packet-length 200;
}
family inet {
output {
next-hop-group inet_nhg;
}
}
family inet6 {
output {
next-hop-group inet6_nhg6;
}
}
family vpls {
output {
next-hop-group vpls_nhg_2;
}
}
}
}
}
}
The following example shows configuration of port mirroring using next-hop groups or
multipacket port mirroring on a T Series router:
134 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
forwarding-options {
next-hop-group inet_nhg {
group-type inet;
interface so-0/0/0.0; # There is no need for the nexthop address on T Series routers
interface ge-2/0/2/.0 {
next-hop 1.2.3.4
}
next-hop-subgroup sub_inet {
interface so-1/2/0.0;
interface ge-6/1/2.0 {
next-hop 6.7.8.9;
}
}
next-hop-group vpls_nhg_2 {
group-type layer-2;
interface ge-2/2/1.100;
interface ge-2/3/9.0;
}
}
port-mirroring {
disable-all-instances; /*Disable all port-mirroring instances */
disable; /* Disable the global instance */
input {
rate 10;
run-length 4;
}
family inet {
output {
next-hop-group inet_nhg;
}
}
family vpls {
output {
next-hop-group vpls_nhg;
}
}
instance {
inst1 {
disable; /* Disable this instance */
input {
rate 1;
maximum-packet-length 200;
}
family inet {
output {
next-hop-group inet_nhg;
}
}
family vpls {
output {
next-hop-group vpls_nhg_2;
}
}
}
}
}
Copyright © 2014, Juniper Networks, Inc. 135
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The following example shows configuration of inline port mirroring using PM1, PM2, and
PM3 as our port mirror instances.
instance {
pm1 {
input {
rate 3;
}
family inet {
output {
interface ge-1/2/2.0 {
next-hop 40.0.0.2;
}
}
}
}
pm2 {
input-parameters-instance pm1;
family inet {
output {
interface ge-1/2/3.0 {
next-hop 50.0.0.3;
}
}
}
}
pm3 {
input {
rate 3;
}
family inet6 {
output {
interface ge-1/2/3.0 {
next-hop 5::5:5:1;
}
}
}
}
firewall {
filter pm_filter {
term t1 {
then port-mirror-instance pm2;
}
}
filter nhg6_filter6 {
term t6 {
then next-hop-group inet6-nhg6;
}
}
}
chassis {
fpc 1 {
port-mirror-instance pm1;
}
136 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
The packets will be sampled at a rate of 3, and the copy is sent to 50.0.0.3.
Related • Understanding Port Mirroring on page 121
Documentation
• Example: Multiple Port Mirroring with Next-Hop Groups Configuration on page 138
Defining a Next-Hop Group for Port Mirroring
On routers containing an Internet Processor II application-specific integrated circuit
(ASIC) or T Series Internet Processor, you can send a copy of an IP version 4 (IPv4) or IP
version 6 (IPv6) packet from the router to an external host address or a packet analyzer
for analysis. This is known as port mirroring.
Port mirroring is different from traffic sampling. In traffic sampling, a sampling key based
on the IPv4 header is sent to the Routing Engine. There, the key can be placed in a file,
or cflowd packets based on the key can be sent to a cflowd server. In port mirroring, the
entire packet is copied and sent out through a next-hop interface.
You can configure simultaneous use of sampling and port mirroring, and set an
independent sampling rate and run-length for port-mirrored packets. However, if a packet
is selected for both sampling and port mirroring, only one action can be performed, and
port mirroring takes precedence. For example, if you configure an interface to sample
every packet input to the interface and a filter also selects the packet to be port mirrored
to another interface, only the port mirroring would take effect. All other packets not
matching the explicit filter port-mirroring criteria continue to be sampled when forwarded
to their final destination.
Next-hop groups allow you to includeport mirroringmultiple interfaces used to forward
duplicate packets used in port mirroring.
On MX Series routers, you can mirror tunnel interface input traffic to multiple destinations.
To this form of multipacket port mirroring, you specify two or more additional destinations
in a next-hop group, define a firewall filter that references the next-hop group as the filter
action, and then apply the filter to a logical tunnel interface (lt-) or virtual tunnel interface
(vt-) on the MX Series router.
To define a next-hop group for a Layer 2 port-mirroring firewall filter action:
1. Enable the configuration of forwarding options.
[edit]
user@host set forwarding-options port-mirroring family (inet | inet6) output
2. Enable configuration of a next-hop-group for Layer 2 port mirroring.
[edit forwarding-options port-mirroring ... family (inet | inet6) output]
user@host# set next-hop-group next-hop-group-name
3. Specify the type of addresses to be used in the next-hop group configuration.
[edit forwarding-options port-mirroring ... family (inet | inet6) output next-hop-group
next-hop-group-name]
user@host# set group-type inet6
Copyright © 2014, Juniper Networks, Inc. 137
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
4. Specify the interfaces of the next-hop route.
[edit forwarding-options port-mirroring ... family (inet | inet6) output next-hop-group
next-hop-group-name]
user@host# set interface logical-interface-name-1
user@host# set interface logical-interface-name-2
or
[edit forwarding-options port-mirroring ... family (inet | inet6) output next-hop-group
next-hop-group-name]
user@host# set interface interface-name next-hop next-hop-address
The MX Series router supports up to 30 next-hop groups. Each next-hop group supports
up to 16 next-hop addresses. Each next-hop group must specify at least two addresses.
The next-hop-address can be an IPv4 or IPv6 address.
5. (Optional) Specify the next-hop subgroup.
[edit forwarding-options port-mirroring ... family (inet | inet6) output next-hop-group
next-hop-group-name]
user@host# set next-hop-subgroup subgroup-name interface interface-name next-hop
next-hop-address
6. Verify the configuration of the next-hop group.
[edit forwarding-options port-mirroring ... family (inet | inet6) output next-hop-group
next-hop-group-name]
user@host# top
[edit]
user@host# show forwarding-options
...
next-hop-group next-hop-group-name {
group-type inet6;
interface logical-interface-name-1;
interface interface-name{
next-hop next-hop-address;
}
next-hop-subgroup subgroup-name{
interface interface-name{
next-hop next-hop-address;
}
}
}
...
Related • Configuring Port Mirroring on page 121
Documentation
• Example: Multiple Port Mirroring with Next-Hop Groups Configuration on page 138
• Junos OS Firewall Filters and Traffic Policers Library for Routing Devices
Example: Multiple Port Mirroring with Next-Hop Groups Configuration
When you need to analyze traffic containing more than one packet type, or you wish to
perform multiple types of analysis on a single type of traffic, you can implement multiple
138 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
port mirroring and next-hop groups. You can make up to 16 copies of traffic per group
and send the traffic to next-hop group members. A maximum of 30 groups can be
configured on a router at any given time. The port-mirrored traffic can be sent to any
interface, except aggregated SONET/SDH, aggregated Ethernet, loopback (lo0), or
administrative (fxp0) interfaces. To send port-mirrored traffic to multiple flow servers
or packet analyzers, you can use the next-hop-group statement at the [edit
forwarding-options] hierarchy level.
Figure 6: Active Flow Monitoring—Multiple Port Mirroring with Next-Hop
Groups Topology Diagram
Packet cflowd
analyzer #1 server #1
.2
10.12.1.x 10.13.1.x
Active monitoring station
ge-1/1/0 .1 ge-1/2/0
(J Series, M Series, or T Series router)
so-0/3/0 Packet
10.1.1.x analyzer #2
ge-1/0/0
1 Port VT .1 .2
10.11.1.1 Mirroring cflowd
10.2.2.x
server #2
so-4/3/0
so-7/0/0 .1 so-7/0/1
10.5.5.x 10.6.6.x
.2
Packet cflowd
analyzer #3 server #3
HTTP traffic: sent to packet analyzer #1 and cflowd server #1
g015505
FT P traffic: sent to packet analyzer #2 and cflowd server #2
Other traffic: sent to packet analyzer #3 and cflowd server #3
Figure 6 on page 139 shows an example of how to configure multiple port mirroring with
next-hop groups. All traffic enters the monitoring router at interface ge-1/0/0. A firewall
filter counts and port-mirrors all incoming packets to a Tunnel Services PIC. A second
filter is applied to the tunnel interface and splits the traffic into three categories: HTTP
traffic, FTP traffic, and all other traffic. The three types of traffic are assigned to three
separate next-hop groups. Each next-hop group contains a unique pair of exit interfaces
that lead to different groups of packet analyzers and flow servers.
NOTE: Instances enabled to mirror packets to different destinations from
the same PFE, also use different sampling parameters for each instance.
When we configure Layer2 Port-mirroring with both global port-mirroring
and instance based port-mirroring, PIC level instances will override FPC level
and the FPC level will override the Global instance.
[edit]
interfaces {
ge-1/0/0 { # This is the input interface where packets enter the router.
Copyright © 2014, Juniper Networks, Inc. 139
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
unit 0 {
family inet {
filter {
input mirror_pkts; # Here is where you apply the first filter.
}
address 10.11.1.1/24;
}
}
}
ge-1/1/0 { # This is an exit interface for HTTP packets.
unit 0 {
family inet {
address 10.12.1.1/24;
}
}
}
ge-1/2/0 { # This is an exit interface for HTTP packets.
unit 0 {
family inet {
address 10.13.1.1/24;
}
}
}
so-0/3/0 { # This is an exit interface for FTP packets.
unit 0 {
family inet {
address 10.1.1.1/30;
}
}
}
so-4/3/0 { # This is an exit interface for FTP packets.
unit 0 {
family inet {
address 10.2.2.1/30;
}
}
}
so-7/0/0 { # This is an exit interface for all remaining packets.
unit 0 {
family inet {
address 10.5.5.1/30;
}
}
}
so-7/0/1 { # This is an exit interface for all remaining packets.
unit 0 {
family inet {
address 10.6.6.1/30;
}
}
}
vt-3/3/0 { # The tunnel interface is where you send the port-mirrored traffic.
unit 0 {
family inet;
}
unit 1 {
140 Copyright © 2014, Juniper Networks, Inc.
Chapter 9: Sending Packets for Analysis Using Port Mirroring
family inet {
filter {
input collect_pkts; # This is where you apply the second firewall filter.
}
}
}
}
}
forwarding-options {
port-mirroring { # This is required when you configure next-hop groups.
family inet {
input {
rate 1; # This port-mirrors all packets (one copy for every packet received).
}
output { # Sends traffic to a tunnel interface to enable multiport mirroring.
interface vt-3/3/0.1;
no-filter-check;
}
}
}
next-hop-group ftp-traffic { # Point-to-point interfaces require you to specify the
interface so-4/3/0.0; # interface name.
interface so-0/3/0.0;
}
next-hop-group http-traffic { # Configure a next hop for all multipoint interfaces.
interface ge-1/1/0.0 {
next-hop 10.12.1.2;
}
interface ge-1/2/0.0 {
next-hop 10.13.1.2;
}
}
next-hop-group default-collect {
interface so-7/0/0.0;
interface so-7/0/1.0;
}
}
firewall {
family inet {
filter mirror_pkts { # Apply this filter to the input interface.
term catch_all {
then {
count input_mirror_pkts;
port-mirror; # This action sends traffic to be copied and port-mirrored.
}
}
}
filter collect_pkts { # Apply this filter to the tunnel interface.
term ftp-term { # This term sends FTP traffic to an FTP next-hop group.
from {
protocol ftp;
}
then next-hop-group ftp-traffic;
}
term http-term { # This term sends HTTP traffic to an HTTP next-hop group.
from {
Copyright © 2014, Juniper Networks, Inc. 141
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
protocol http;
}
then next-hop-group http-traffic;
}
term default { # This sends all remaining traffic to a final next-hop group.
then next-hop-group default-collectors;
}
}
}
}
Related • Understanding Port Mirroring on page 121
Documentation
• Configuring Port Mirroring on page 121
142 Copyright © 2014, Juniper Networks, Inc.
PART 4
Real-Time Performance Monitoring and
Video Monitoring Services
• Monitoring Traffic Using Real-Time Performance Monitoring on page 145
• Testing the Performance of Network Devices Using RFC 2544-Based
Benchmarking on page 169
• Tracking Streaming Media Traffic Using Inline Video Monitoring on page 225
Copyright © 2014, Juniper Networks, Inc. 143
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
144 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 10
Monitoring Traffic Using Real-Time
Performance Monitoring
• Real-Time Performance Monitoring Services Overview on page 145
• Configuring RPM Probes on page 147
• Configuring RPM Receiver Servers on page 151
• Limiting the Number of Concurrent RPM Probes on page 152
• Configuring RPM Timestamping on page 152
• Configuring TWAMP on page 156
• Configuring BGP Neighbor Discovery Through RPM on page 158
• Examples: Configuring BGP Neighbor Discovery Through RPM on page 160
• Tracing RPM Operations on page 161
• Examples: Configuring Real-Time Performance Monitoring on page 163
• Enabling RPM for the Junos OS extension-provider package on page 168
Real-Time Performance Monitoring Services Overview
Real-Time Performance Monitoring (RPM) enables you to configure active probes to
track and monitor traffic. Probes collect packets per destination and per application,
including PING Internet Control Message Protocol (ICMP) packets, User Datagram
Protocol and Transmission Control Protocol (UDP/TCP) packets with user-configured
ports, user-configured Differentiated Services code point (DSCP) type-of-service (ToS)
packets, and Hypertext Transfer Protocol (HTTP) packets. RPM provides Management
Information Base (MIB) support with extensions for RFC 2925, Definitions of Managed
Objects for Remote Ping, Traceroute, and Lookup Operations.
You can also configure RPM services to determine automatically whether a path exists
between a host router and its configured BGP neighbors. You can view the results of the
discovery using an SNMP client. Results are stored in pingResultsTable,
jnxPingResultsTable, jnxPingProbeHistoryTable, and pingProbeHistoryTable.
Probe configuration and probe results are supported by the command-line interface
(CLI) and SNMP.
Copyright © 2014, Juniper Networks, Inc. 145
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The following probe types are supported with DSCP marking:
• ICMP echo
• ICMP timestamp
• HTTP get (not available for BGP RPM services)
• UDP echo
• TCP connection
• UDP timestamp
With probes, you can monitor the following:
• Minimum round-trip time
• Maximum round-trip time
• Average round-trip time
• Standard deviation of the round-trip time
• Jitter of the round-trip time—The difference between the minimum and maximum
round-trip time
One-way measurements for ICMP timestamp probes include the following:
• Minimum, maximum, standard deviation, and jitter measurements for egress and
ingress times
• Number of probes sent
• Number of probe responses received
• Percentage of lost probes
NOTE: Timestamping is not supported on PTX Series Packet Transport
Routers.
You can configure the following RPM thresholds:
• Round-trip time
• Ingress/egress delay
• Standard deviation
• Jitter
• Successive lost probes
• Total lost probes (per test)
Support is also implemented for user-configured CoS classifiers and for prioritization of
RPM packets over regular data packets received on an input interface.
146 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring BGP Neighbor Discovery Through RPM on page 160
Configuring RPM Probes
The owner name and test name identifiers of an RPM probe together represent a single
RPM configuration instance. When you specify the test name, you also can configure the
test parameters.
To configure the probe owner, test name, and test parameters, include the probe
statement at the [edit services rpm] hierarchy level:
probe owner {
test test-name {
data-fill data;
data-size size;
destination-interface interface-name;
destination-port port;
dscp-code-point dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance instance-name;
source-address address;
target (url url | address address);
test-interval interval;
thresholds thresholds;
traps traps;
}
}
Keep the following points in mind when you configure RPM clients and RPM servers:
• You cannot configure an RPM client that is PIC-based and an RPM server that is based
on either the Packet Forwarding Engine or Routing Engine to receive the RPM probes.
• You cannot configure an RPM client that is Packet Forwarding Engine-based and an
RPM server that receives the RPM probes to be on the PIC or Routing Engine.
• The RPM client and RPM server must be located on the same type of module. For
example, if the RPM client is PIC-based, the RPM server must also be PIC-based, and
if the RPM server is Packet Forwarding Engine-based, the RPM client must also be
Packet Forwarding Engine-based.
Copyright © 2014, Juniper Networks, Inc. 147
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• To specify a probe owner, include the probe statement at the [edit services rpm]
hierarchy level. The probe owner identifier can be up to 32 characters in length.
• To specify a test name, include the test statement at the [edit services rpm probe
owner] hierarchy level. The test name identifier can be up to 32 characters in length. A
test represents the range of probes over which the standard deviation, average, and
jitter are calculated.
• To specify the contents of the data portion of Internet Control Message Protocol (ICMP)
probes, include the data-fill statement at the [edit services rpm probe owner] hierarchy
level. The value can be a hexadecimal value. The data-fill statement is not valid with
the http-get or http-metadata-get probe types.
• To specify the size of the data portion of ICMP probes, include the data-size statement
at the [edit services rpm probe owner] hierarchy level. The size can be from 0 through
65400 and the default size is 0. The data-size statement is not valid with the http-get
or http-metadata-get probe types.
NOTE: If you configure the hardware timestamp feature (see “Configuring
RPM Timestamping” on page 152):
• The data-size default value is 32 bytes and 32 is the minimum value for
explicit configuration. The UDP timestamp probe type is an exception;
it requires a minimum data size of 44 bytes.
• The data-size must be at least 100 bytes smaller than the default MTU
of the interface of the RPM client interface.
• On M Series and T Series routers, you configure the destination-interface statement
to enable hardware timestamping of RPM probe packets. You specify an sp- interface
to have the AS or Multiservices PIC add the hardware timestamps; for more information,
see “Configuring RPM Timestamping” on page 152. You can also include the
one-way-hardware-timestamp statement to enable one-way delay and jitter
measurements.
• To specify the User Datagram Protocol (UDP) port or Transmission Control Protocol
(TCP) port to which the probe is sent, include the destination-port statement at the
[edit services rpm probe owner test test-name] hierarchy level. The destination-port
statement is used only for the UDP and TCP probe types. The value can be 7 or from
49160 through 65535.
When you configure either probe-type udp-ping or probe-type udp-ping-timestamp
along with hardware timestamping, the value for the destination-port can be only 7. A
constraint check prevents you from configuring any other value for the destination port
in this case. This constraint does not apply when you are using one-way hardware
timestamping.
• To specify the value of the Differentiated Services (DiffServ) field within the IP header,
include the dscp-code-point statement at the [edit services rpm probe owner test
test-name] hierarchy level. The DiffServ code point (DSCP) bits value can be set to a
valid 6-bit pattern; for example, 001111. It also can be set using an alias configured at
148 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
the [edit class-of-service code-point-aliases dscp] hierarchy level. The default is
000000.
• To specify the number of stored history entries, include the history-size statement at
the [edit services rpm probe owner test test-name] hierarchy level. Specify a value from
0 to 512. The default is 50.
• To specify a number of samples for making statistical calculations, include the
moving-average-size statement at the [edit services rpm probe owner test test-name]
hierarchy level. Specify a value from 0 through 255.
• To specify the number of probes within a test, include the probe-count statement at
the [edit services rpm probe owner test test-name] hierarchy level. Specify a value from
1 through 15.
• To specify the time to wait between sending packets, include the probe-interval
statement at the [edit services rpm probe owner test test-name] hierarchy level. Specify
a value from 1 through 255 seconds.
• To specify the packet and protocol contents of the probe, include the probe-type
statement at the [edit services rpm probe owner test test-name] hierarchy level. The
following probe types are supported:
• http-get—Sends a Hypertext Transfer Protocol (HTTP) get request to a target URL.
• http-metadata-get—Sends an HTTP get request for metadata to a target URL.
• icmp-ping—Sends ICMP echo requests to a target address.
• icmp-ping-timestamp—Sends ICMP timestamp requests to a target address.
• tcp-ping—Sends TCP packets to a target.
• udp-ping—Sends UDP packets to a target.
• udp-ping-timestamp—Sends UDP timestamp requests to a target address.
The following probe types support hardware timestamping of probe packets: icmp-ping,
icmp-ping-timestamp, udp-ping, udp-ping-timestamp.
NOTE: Some probe types require additional parameters to be configured.
For example, when you specify the tcp-ping or udp-ping option, you must
configure the destination port using the destination-port statement. The
udp-ping-timestamp option requires a minimum data size of 12; any smaller
data size results in a commit error. The minimum data size for TCP probe
packets is 1.
When you configure either probe-type udp-ping or probe-type
udp-ping-timestamp along with the one-way-hardware-timestamp command,
the value for the destination-port can be only 7. A constraint check prevents
you for configuring any other value for the destination port in this case.
Copyright © 2014, Juniper Networks, Inc. 149
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• To specify the routing instance used by ICMP probes, include the routing-instance
statement at the [edit services rpm probe owner test test-name] hierarchy level. The
default routing instance is Internet routing table inet.0.
• To specify the source IP address used for ICMP probes, include the source-address
statement at the [edit services rpm probe owner test test-name] hierarchy level. If the
source IP address is not one of the router’s assigned addresses, the packet will use the
outgoing interface’s address as its source.
• To specify the destination address used for the probes, include the target statement
at the [edit services rpm probe owner test test-name] hierarchy level.
• For HTTP probe types, specify a fully formed URL that includes http:// in the URL
address.
• For all other probe types, specify an IP version 4 (IPv4) address for the target host.
• To specify the time to wait between tests, include the test-interval statement at the
[edit services rpm probe owner test test-name] hierarchy level. Specify a value from 0
through 86400 seconds.
• To specify thresholds used for the probes, include the thresholds statement at the
[edit services rpm probe owner test test-name] hierarchy level. A system log message
is generated when the configured threshold is exceeded. Likewise, an SNMP trap (if
configured) is generated when a threshold is exceeded. The following options are
supported:
• egress-time—Measures maximum source-to-destination time per probe.
• ingress-time—Measures maximum destination-to-source time per probe.
• jitter-egress—Measures maximum source-to-destination jitter per test.
• jitter-ingress—Measures maximum destination-to-source jitter per test.
• jitter-rtt—Measures maximum jitter per test, from 0 through 60000000
microseconds.
• rtt—Measures maximum round-trip time per probe, in microseconds.
• std-dev-egress—Measures maximum source-to-destination standard deviation per
test.
• std-dev-ingress—Measures maximum destination-to-source standard deviation per
test.
• std-dev-rtt—Measures maximum standard deviation per test, in microseconds.
• successive-loss—Measures successive probe loss count, indicating probe failure.
• total-loss—Measures total probe loss count indicating test failure, from 0 through
15.
• Traps are sent if the configured threshold is met or exceeded. To set the trap bit to
generate traps, include the traps statement at the [edit services rpm probe owner test
test-name] hierarchy level. The following options are supported:
150 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
• egress-jitter-exceeded—Generates traps when the jitter in egress time threshold is
met or exceeded.
• egress-std-dev-exceeded—Generates traps when the egress time standard deviation
threshold is met or exceeded.
• egress-time-exceeded—Generates traps when the maximum egress time threshold
is met or exceeded.
• ingress-jitter-exceeded—Generates traps when the jitter in ingress time threshold is
met or exceeded.
• ingress-std-dev-exceeded—Generates traps when the ingress time standard deviation
threshold is met or exceeded.
• ingress-time-exceeded—Generates traps when the maximum ingress time threshold
is met or exceeded.
• jitter-exceeded—Generates traps when the jitter in round-trip time threshold is met
or exceeded.
• probe-failure—Generates traps for successive probe loss thresholds crossed.
• rtt-exceeded—Generates traps when the maximum round-trip time threshold is met
or exceeded.
• std-dev-exceeded—Generates traps when the round-trip time standard deviation
threshold is met or exceeded.
• test-completion—Generates traps when a test is completed.
• test-failure—Generates traps when the total probe loss threshold is met or exceeded.
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• Examples: Configuring Real-Time Performance Monitoring on page 163
• [edit services rpm] Hierarchy Level on page 246
Configuring RPM Receiver Servers
The RPM TCP and UDP probes are proprietary to Juniper Networks and require a receiver
to receive the probes. To configure a server to receive the probes, include the probe-server
statement at the [edit services rpm] hierarchy level:
[edit services rpm]
probe-server {
tcp {
destination-interface interface-name;
port number;
}
udp {
port number;
}
}
Copyright © 2014, Juniper Networks, Inc. 151
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The port number specified for the UDP and TCP server can be 7 or from 49160 through
65535.
NOTE: The destination-interface statement is not supported on PTX Series
Packet Transport Routers.
When you configure either probe-type udp-ping or probe-type udp-ping-timestamp along
with the one-way-hardware-timestamp command, the value for the destination-port can
be only 7. A constraint check prevents you for configuring any other value for the
destination port in this case.
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring Real-Time Performance Monitoring on page 163
Limiting the Number of Concurrent RPM Probes
To configure the maximum number of concurrent probes allowed, include the probe-limit
statement at the [edit services rpm] hierarchy level:
probe-limit limit;
Specify a limit from 1 through 500. The default maximum number is 100.
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring Real-Time Performance Monitoring on page 163
Configuring RPM Timestamping
To account for latency in the communication of probe messages, you can enable
timestamping of the probe packets. You can timestamp the following RPM probe types:
icmp-ping, icmp-ping-timestamp, udp-ping, and udp-ping-timestamp.
On M Series and T Series routers with an Adaptive Services (AS) or Multiservices PIC,
and MX Series routers with a Multiservices DPC, and on EX Series switches, you can
enable hardware timestamping of RPM probe messages. The timestamp is applied on
both the RPM client router (the router or switch that originates the RPM probes) and the
RPM probe server and applies only to IPv4 traffic. It is supported on the following:
• Layer 2 services package on all Mulitservices PICs and DPCs.
• Layer 3 service package on AS and Multiservices PICs and Multiservices DPCs.
• Extension-provider services package on M Series, MX Series, and T Series services PICs
that support the Extension-Provider packages (In Junos OS releases earlier than 12.3,
152 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
the extension-provider packages were variously referred to as Junos Services Framework
(JSF), MP-SDK, and eJunos.)
• Layer 2, Layer 3, SDK Services, and PFE RPM timestamping interoperate with each
other. Here, the RPM client can be on the Layer 3 sp- interface and the RPM server can
be on an SDK Services package.
NOTE: Hardware timestamping is not supported on PTX Series Packet
Transport Routers.
Two-way timestamping is available on sp- and ms- interfaces. To configure two-way
timestamping on M Series and T Series routers, include the destination-interface statement
at the [edit services rpm probe probe-owner test test-name] hierarchy level:
destination-interface sp-fpc/pic/port.logical-unit
destination-interface ms-fpc/pic/port.logical-unit
Specify the RPM client router and the RPM server router on the adaptive services logical
interface or the multiservices interface by including the rpm statement at the [edit
interfaces interface-name unit logical-unit-number] hierarchy level:
rpm (client | server);
The logical interface must be dedicated to the RPM task. It requires configuration of the
family inet statement and a /32 address, as shown in the example. This configuration is
also needed for other services such as NAT and stateful firewall. You cannot configure
RPM service on unit 0 because RPM requires a dedicated logical interface; the same unit
cannot support both RPM and other services. Because active flow monitoring requires
unit 0, but RPM can function on any logical interface, a constraint check prevents you
from committing an RPM configuration there.
NOTE: If you configure RPM timestamping on an AS PIC, you cannot configure
the source-address statement at the [edit services rpm probe probe-name test
test-name] hierarchy level.
On MX Series routers, on M-320 routers using the Enhanced Queuing MPC, and on EX
Series switches, you include the hardware-timestamp statement at the [edit services rpm
probe probe-name test test-name] hierarchy level to specify that the probes are to be
timestamped in the Packet Forwarding Engine host processor:
hardware-timestamp;
On the client side, these probes are timestamped in the Packet Forwarding Engine host
processor on the egress DPC on the MX or M-320 Series router or EX Series switch
originating the RPM probes (RPM client). On the responder side (RPM server), the RPM
probes to be timestamped are handled by the Packet Forwarding Engine host processor,
which generates the response instead of the RPM process. The RPM probes are
timestamped only on the router that originates them (RPM client). As a result, only
round-trip time is measured for these probes.
Copyright © 2014, Juniper Networks, Inc. 153
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
When using the hardware-timestamp, the data-size value for the probe must be at least
100 bytes smaller than the default MTU of the interface of the RPM client interface (see
“Configuring RPM Probes” on page 147). If hardware timestamping of RPM probe messages
is enabled, the maximum data size that you can configure by using the data-size statement
is limited to 1400.
NOTE: The Packet Forwarding Engine-based RPM feature does not support
any stateful firewall configurations. If you need to combine RPM timestamping
with a stateful firewall, you should use the interface-based RPM timestamping
service described earlier in this section. Multiservices DPCs support stateful
firewall processing as well as RPM timestamping.
To configure one-way timestamping, you must also include the
one-way-hardware-timestamp statement at the [edit services rpm probe probe-owner
test test-name] hierarchy level:
one-way-hardware-timestamp;
NOTE: If you configure RPM probes for a services interface (sp-), you need
to announce local routes in a specific way for the following routing protocols:
• For OSPF, you can announce the local route by including the services
interface in the OSPF area. To configure this setting, include the interface
sp-fpc/pic/port statement at the [edit protocols ospf area area-number]
hierarchy level.
• For BGP and IS-IS, you must export interface routes and create a policy
that accepts the services interface local route. To export interface routes,
include the point-to-point and lan statements at the [edit routing-options
interface-routes family inet export] hierarchy level. To configure an export
policy that accepts the services interface local route, include the protocol
local, rib inet.0, and route-filter sp-interface-ip-address/32 exact statements
at the [edit policy-options policy-statement policy-name term term-name
from] hierarchy level and the accept action at the [edit policy-options
policy-statement policy-name term term-name then] hierarchy level. For the
export policy to take effect, apply the policy to BGP or IS-IS with the export
policy-name statement at the [edit protocols protocol-name] hierarchy level.
For more information about these configurations, see the Routing Policies,
Firewall Filters, and Traffic Policers Feature Guide for Routing Devices or the
Junos OS Routing Protocols Library for Routing Devices.
Routing the probe packets through the adaptive services or Multiservices PIC also enables
you to filter the probe packets to particular queues. The following example shows the
RPM configuration and the filter that specifies queuing:
services rpm {
probe p1 {
154 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
test t1 {
probe-type icmp-ping;
target address 10.8.4.1;
probe-count 10;
probe-interval 10;
test-interval 10;
dscp-code-points af11;
data-size 100;
destination-interface sp-1/2/0.0;
}
}
}
firewall {
filter f1 {
term t1 {
from {
dscp af11;
}
then {
forwarding-class assured-forwarding;
}
}
}
}
interfaces sp-1/2/0 {
unit 2 {
rpm client;
family inet {
address 10.8.4.2/32;
filter {
input f1;
}
}
}
}
interfaces sp-1/2/1 {
unit 2 {
rpm server;
family inet {
address 10.8.3.2/32;
filter {
input f1;
}
}
}
}
For more information about firewall filters, see the Routing Policies, Firewall Filters, and
Traffic Policers Feature Guide for Routing Devices; for more information about queuing,
see the Class of Service Feature Guide for Routing Devices.
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring Real-Time Performance Monitoring on page 163
Copyright © 2014, Juniper Networks, Inc. 155
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Configuring TWAMP
You can configure the Two-Way Active Measurement Protocol (TWAMP) on all M Series
and T Series routers that support Multiservices PICs (running in either Layer 2 or Layer 3
mode), and on MX Series routers. Only the responder (server) side of TWAMP is supported.
NOTE: TWAMP is not supported on PTX Series Packet Transport Routers.
For more information on TWAMP, see RFC 5357, A Two-Way Active Measurement Protocol
(TWAMP).
To configure TWAMP properties, include the twamp statement at the [edit services rpm]
hierarchy level:
[edit services rpm]
twamp {
server {
client-list list-name {
[ address address ];
}
authentication-mode mode;
max-connection-duration hours;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
server-inactivity-timeout minutes;
}
}
The TWAMP configuration process includes the following tasks:
• Configuring TWAMP Interfaces on page 156
• Configuring TWAMP Servers on page 157
Configuring TWAMP Interfaces
To specify the service PIC logical interface that provides the TWAMP service, include the
twamp-server statement at the [edit interfaces sp-fpc/pic/port unit logical-unit-number
hierarchy level:
twamp-server;
NOTE: On MX Series routers that do not include a Multiservices DPC, you
can configure the twamp-server statement on any interface (for example,
ge-1/0/1.10). It is not necessary to configure this statement on a service
interface (sp- or ms-) but you do need to include it in the configuration to
activate the TWAMP reflector functionality.
156 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
Configuring TWAMP Servers
You can specify a number of TWAMP server properties, some of which are optional, by
including the server statement at the [edit services rpm twamp] hierarchy level:
[edit services rpm twamp]
server {
client-list list-name {
[ address address ];
}
authentication-mode mode;
max-connection-duration hours;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
server-inactivity-timeout minutes;
}
The preceding configuration settings that are described define a TWAMP server on the
router that enables a TWAMP client to connect to the server using any media interface
IP address such as a ge- interface. In such a scenario, the router functions as a TWAMP
server and timestamping is performed in the ukernel of the media-facing FPC.
To configure an inline TWAMP server, which causes timestamping to be performed as
part of the inline services (si-) interface processing, configure the amount of bandwidth
reserved on each Packet Forwarding Engine for tunnel traffic using inline services by
including the bandwidth (1g | 10g) statement at the [edit chassis fpc slot-number pic
number inline-services] hierarchy level and specify the service PIC logical interface that
provides the TWAMP service by including the twamp-server statement at the [edit
interfaces sp-fpc/pic/port unit logical-unit- number family inet] hierarchy level.
• To specify the list of allowed control client hosts that can connect to this server, include
the client-list statement at the [edit services rpm twamp server] hierarchy level. Each
value you include must be a Classless Interdomain Routing (CIDR) address (IP address
plus mask) that represents a network of allowed hosts. You can include multiple client
lists, each of which can contain a maximum of 64 entries. You must configure at least
one client address to enable TWAMP.
• You must specify the authentication mode by including the authentication-mode
statement at the [edit services rpm twamp server] hierarchy level. There is no default
value. You can configure authenticated or encrypted mode, based on RFC 4656; if there
is no authentication or encryptions mode specified, you should set the value to none.
This statement is required in the TWAMP configuration.
• To specify the inactivity timeout period in seconds, include the inactivity-timeout
statement at the [edit services rpm twamp server] hierarchy level. By default, the value
is 1800; the range is 0 through 3600 seconds.
• To specify the maximum number of concurrent connections the server can have to
client hosts, include the maximum-connections statement at the [edit services rpm
twamp server] hierarchy level. The allowed range of values is 1 through 1000 and the
Copyright © 2014, Juniper Networks, Inc. 157
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
default value is 64. You can also limit the number of connections the server can make
to a particular client host by including the maximum-connections-per-client statement.
The allowed range of values is 1 through 500 and the default value is 64.
• To specify the maximum number of sessions the server can have running at one time,
include the maximum-sessions statement at the [edit services rpm twamp server]
hierarchy level. The allowed range of values is 1 through 2048 and the default value is
64. You can also limit the number of sessions the server can have on a single connection
by including the maximum-sessions-per-connection statement.
• To specify the TWAMP server listening port, include the port statement at the [edit
services rpm twamp server] hierarchy level. The range is 1 through 65,535.
• To specify the server inactivity timeout period in minutes, include the
server-inactivity-timeout statement at the [edit services rpm twamp server] hierarchy
level. The range is 0 through 30 minutes.
Configuring BGP Neighbor Discovery Through RPM
BGP neighbors can be configured at the following hierarchy levels:
• [edit protocols bgp group group-name]—Default logical system and default routing
instance.
• [edit routing-instances instance-name protocols bgp group group-name]—Default logical
system with a specified routing instance.
• [edit logical-systems logical-system-name protocols bgp group group-name]—Configured
logical system and default routing instance.
• [edit logical-systems logical-system-name routing-instances instance-name protocols bgp
group group-name]—Configured logical system with a specified routing instance.
When you configure BGP neighbor discovery through RPM, if you do not specify a logical
system, the RPM probe applies to configured BGP neighbors for all logical systems. If
you do not specify a routing instance, the RPM probe applies to configured BGP neighbors
in all routing instances. You can explicitly configure RPM probes to apply only to the
default logical system, the default routing instance, or to a particular logical system or
routing instance.
To configure BGP neighbor discovery through RPM, configure the probe properties at the
[edit services rpm bgp] hierarchy:
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name [routing-instances routing-instance-name];
moving-average-size number;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances instance-name;
test-interval interval;
158 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
• To specify the contents of the data portion of Internet Control Message Protocol (ICMP)
probes, include the data-fill statement at the [edit services rpm bgp] hierarchy level.
The value can be a hexadecimal value.
• To specify the size of the data portion of ICMP probes, include the data-size statement
at the [edit services rpm bgp] hierarchy level. The size can be from 0 through 65400
and the default size is 0.
• To specify the User Datagram Protocol (UDP) port or Transmission Control Protocol
(TCP) port to which the probe is sent, include the destination-port statement at the
[edit services rpm bgp] hierarchy level. The destination-port statement is used only for
the UDP and TCP probe types. The value can be 7 or from 49160 through 65535.
• To specify the number of stored history entries, include the history-size statement at
the [edit services rpm bgp] hierarchy level. Specify a value from 0 to 512. The default
is 50.
• To specify the logical system used by ICMP probes, include the logical-system
logical-system-name statement at the [edit services rpm bgp] hierarchy level. If you do
not specify a logical system, the RPM probe applies to configured BGP neighbors for
all logical systems. To apply the probe to only the default logical system, you must set
the value of logical-system-name to null.
• To specify a number of samples for making statistical calculations, include the
moving-average-size statement at the [edit services rpm bgp] hierarchy level. Specify
a value from 0 through 255.
• To specify the number of probes within a test, include the probe-count statement at
the [edit services rpm bgp] hierarchy level. Specify a value from 1 through 15.
• To specify the time to wait between sending packets, include the probe-interval
statement at the [edit services rpm bgp] hierarchy level. Specify a value from 1 through
255 seconds.
• To specify the packet and protocol contents of the probe, include the probe-type
statement at the [edit services rpm bgp] hierarchy level. The following probe types are
supported:
• icmp-ping—Sends ICMP echo requests to a target address.
• icmp-ping-timestamp—Sends ICMP timestamp requests to a target address.
• tcp-ping—Sends TCP packets to a target.
• udp-ping—Sends UDP packets to a target.
• udp-ping-timestamp—Sends UDP timestamp requests to a target address.
NOTE: Some probe types require additional parameters to be configured.
For example, when you specify the tcp-ping or udp-ping option, you must
configure the destination port using the destination-port port statement.
The udp-ping-timestamp option requires a minimum data size of 12; any
smaller data size results in a commit error. The minimum data size for
TCP probe packets is 1.
Copyright © 2014, Juniper Networks, Inc. 159
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• To specify the routing instance used by ICMP probes, include the routing-instances
statement at the [edit services rpm bgp] hierarchy level. The default routing instance
is Internet routing table inet.0. If you do not specify a routing instance, the RPM probe
applies to configured BGP neighbors in all routing instances. To apply the RPM probe
to only the default routing instance, you must explicitly set the value of instance-name
to default.
• To specify the time to wait between tests, include the test-interval statement at the
[edit services bgp probe] hierarchy level. Specify a value from 0 through 86400 seconds.
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring BGP Neighbor Discovery Through RPM on page 160
Examples: Configuring BGP Neighbor Discovery Through RPM
Configure BGP neighbor discovery through RPM for all logical systems and all routing
instances:
[edit services rpm]
bgp {
probe-type icmp-ping;
probe-count 5;
probe-interval 1;
test-interval 60;
history-size 10;
data-size 255;
data-fill 0123456789;
}
Configure BGP neighbor discovery through RPM for only the following logical systems
and routing instances: LS1/RI1, LS1/RI2, LS2, and RI3:
[edit services rpm]
bgp {
probe-type icmp-ping;
probe-count 5;
probe-interval 1;
test-interval 60;
history-size 10;
data-size 255;
data-fill 0123456789;
logical-system {
LS1 {
routing-instances {
RI1;
RI2;
}
}
LS2;
}
routing-instance {
160 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
RI3;
}
}
NOTE: The logical-system statement is not supported on PTX Series Packet
Transport Routers.
Configure BGP neighbor discovery through RPM for only the default logical system and
default routing instance:
[edit services rpm]
bgp {
probe-type icmp-ping;
probe-count 5;
probe-interval 1;
test-interval 60;
history-size 10;
data-size 255;
data-fill 0123456789;
logical-system {
null {
routing-instances {
default;
}
}
}
}
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• Configuring BGP Neighbor Discovery Through RPM on page 158
• [edit services rpm] Hierarchy Level on page 246
Tracing RPM Operations
Tracing operations track all RPM operations and record them in a log file. The logged
error descriptions provide detailed information to help you solve problems faster.
By default, no events are traced. If you include the traceoptions statement at the [edit
services rpm] hierarchy level, the default tracing behavior is the following:
• Important events are logged in a file called rmopd located in the /var/log directory.
• When the log file reaches 128 kilobytes (KB), it is renamed rmopd.0, then rmopd.1, and
so on, until there are three trace files. Then the oldest trace file (rmopd.2) is overwritten.
(For more information about how log files are created, see the Junos OS System Log
Messages Reference.)
• Log files can be accessed only by the user who configures the tracing operation.
Copyright © 2014, Juniper Networks, Inc. 161
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
You can change this default behavior by using the traceoptions statements. Changing
the defaults is described in the following sections:
1. Configuring the RPM Log File Name on page 162
2. Configuring the Number and Size of RPM Log Files on page 162
3. Configuring Access to the Log File on page 162
4. Configuring a Regular Expression for Lines to Be Logged on page 162
5. Configuring the Trace Operations on page 163
Configuring the RPM Log File Name
By default, the name of the file that records RPM trace output is rmopd. To specify a
different file name:
[edit services rpm traceoptions]
user @host set file filename
Configuring the Number and Size of RPM Log Files
To configure the limits on the number and size of RPM trace files:
[edit services rpm traceoptions]
user@host set file filename files number size size
The number of files can be from 2 through 1000 files. The file size of each file can be from
10 KB through 1 gigabyte (GB).
For example, set the maximum file size to 2 MB, and the maximum number of files to 20
for a log file named rpmtrace:
[edit services rpm traceoptions]
user@host set file rpmtrace files 20 size 2MB
When the rpmtrace file reaches 2 MB, it is renamed rpmtrace.0, and a new file called
rpmtrace is created. When the new rpmtrace reaches 2 MB, rpmtrace.0 is renamed
rpmtrace.1 and rpmtrace is renamed rpmtrace.0. This process repeats until there are 20
trace files. Then the oldest file (rpmtrace.19) is overwritten by rpmtrace.18.
Configuring Access to the Log File
By default, log files can be accessed only by the user who configures the tracing operation.
To specify that any user can read all log files:
[edit services rpm traceoptions]
user@host set file filename world-readable
To explicitly set the default behavior:
[edit services rpm traceoptions]
user@host set file filename no-world-readable
Configuring a Regular Expression for Lines to Be Logged
By default, the trace operation output includes all lines relevant to the logged events.
162 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
To refine the output by specifying a regular expression (regex) to be matched:
[edit services rpm traceoptions]
user@host set file filename match regular-expression
Configuring the Trace Operations
By default, if the traceoptions configuration is present, only important events are logged.
You can configure the trace operations to be logged by including the following statements
at the [edit services rpm traceoptions] hierarchy level:
flag {
all;
configuration;
error;
ipc;
ppm;
statistics
}
Table 8 on page 163 describes the meaning of the RPM tracing flags.
Table 8: RPM Tracing Flags
Flag Description Default Setting
all Trace all operations. Off
configuration Trace configuration events. Off
error Trace events related to catastrophic errors in Off
daemon.
ipc Trace IPC events. Off
ppm Trace ppm events. Off
statistics Trace statistics. Off
Examples: Configuring Real-Time Performance Monitoring
Configure an RPM instance identified by the probe name probe1 and the test name test1:
[edit services rpm]
probe probe1{
test test1 {
dscp-code-points 001111;
probe-interval 1;
probe-type icmp-ping;
target address 172.17.20.182;
test-interval 20;
thresholds rtt 10;
traps rtt-exceeded;
}
Copyright © 2014, Juniper Networks, Inc. 163
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
probe-server {
tcp {
destination-interface lt-0/0/0.0
port 50000;
}
udp {
destination-interface lt-0/0/0.0
port 50001;
}
}
probe-limit 200;
Configure packet classification, using lt- interfaces to send the probe packets to a logical
tunnel input interface. By sending the packet to the logical tunnel interface, you can
configure regular and multifield classifiers, firewall filters, and header rewriting for the
probe packets. To use the existing tunnel framework, the dlci and encapsulation
statements must be configured.
[edit services rpm]
probe p1 {
test t1 {
probe-type icmp-ping;
target address 10.8.4.1;
probe-count 10;
probe-interval 10;
test-interval 10;
source-address 10.8.4.2;
dscp-code-points ef;
data-size 100;
destination-interface lt-0/0/0.0;
}
}
[edit interfaces]
lt-0/0/0 {
unit 0 {
encapsulation frame-relay;
dlci 10;
peer-unit 1;
family inet;
}
unit 1 {
encapsulation frame-relay;
dlci 10;
peer-unit 0;
family inet;
}
}
[edit class-of-service]
interfaces {
lt-0/0/0 {
unit 1 {
classifiers {
dscp default;
}
}
164 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
}
}
Configure an input filter on the interface on which the RPM probes are received. This filter
enables prioritization of the received RPM packets, separating them from the regular
data packets received on the same interface.
[edit firewall]
filter recos {
term recos {
from {
source-address {
10.8.4.1/32;
}
destination-address {
10.8.4.2/32;
}
}
then {
loss-priority high;
forwarding-class network-control;
}
}
}
[edit interfaces]
fe-5/0/0 {
unit 0 {
family inet {
filter {
input recos;
}
address 10.8.4.2/24;
}
}
}
Configure an RPM instance and enable RPM for the extension-provider packages on the
adaptive services interface:
[edit services rpm]
probe probe1{
test test1 {
data-size 1024;
data-fill 0;
destination-interface ms-1/2/0.10;
dscp-code-points 001111;
probe-count 10;
probe-interval 1;
probe-type icmp-ping;
target address 172.17.20.182;
test-interval 20;
thresholds rtt 10;
traps rtt-exceeded;
}
}
[edit interfaces]
ms-1/2/0 {
Copyright © 2014, Juniper Networks, Inc. 165
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
unit 0 {
family inet;
}
unit 10 {
rpm client;
family inet {
address 1.1.1.1/32;
}
}
[edit chassis]
fpc 1 {
pic 2 {
adaptive-services {
service-package {
extension-provider {
control-cores 1;
data-cores 1;
object-cache-size 512;
policy-db-size 64;
package jservices-rpm;
syslog {
daemon any;
}
}
}
}
}
}
NOTE: TWAMP is not supported on PTX Series Packet Transport Routers.
Configure the minimum statements necessary to enable TWAMP:
[edit services]
rpm {
twamp {
server {
authentication-mode none;
port 10000; # Twamp server's listening port
client-list LIST-1 { # LIST-1 is the name of the client-list. Multiple lists can be
configured.
address {
20.0.0.2/30; # IP address of the control client.
}
}
}
}
[edit interfaces sp-5/0/0]
unit 0 {
family inet;
}
unit 10 {
rpm {
166 Copyright © 2014, Juniper Networks, Inc.
Chapter 10: Monitoring Traffic Using Real-Time Performance Monitoring
twamp-server; # You must configure a separate logical interface on the service PIC
interface for the TWAMP server.
}
family inet {
address 50.50.50.50/32; # This address must be a host address with a 32-bit mask.
}
}
[edit chassis]
fpc 5 {
pic 0 {
adaptive-services {
service-package layer-2; # Configure the service PIC to run in Layer 2 mode.
}
}
}
Configure additional TWAMP settings:
[edit services]
rpm {
twamp {
server {
maximum-sessions 5;
maximum-sessions-per-connection 2;
maximum-connections 3;
maximum-connections-per-client 1;
port 10000;
server-inactivity-timeout ;
client-list LIST-1 {
address {
20.0.0.2/30;
}
}
}
}
}
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring BGP Neighbor Discovery Through RPM on page 160
Copyright © 2014, Juniper Networks, Inc. 167
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Enabling RPM for the Junos OS extension-provider package
Real-time performance monitoring (RPM), which has been supported on the adaptive
services interface, is now supported by the Junos OS extension-provider package. RPM
is supported on all platforms and service PICs that support the extension-provider
package.
NOTE: In Junos OS releases earlier than 12.3 , the extension provider package
was variously known as MP-SDK, Junos Services Framework (JSF), and
eJunos.
To enable RPM for the Junos OS extension-provider package on the adaptive services
interface, configure the object-cache-size, policy-db-size, and package statements at the
[edit chassis fpc slot-number pic pic-number adaptive-services service-package
extension-provider] hierarchy level. For the extension-provider package, package-name
in the package package-name statement is jservices-rpm.
For more information about the extension-provider package, see the SDK Applications
Configuration Guide and Command Reference.
The following example shows how to enable RPM for the extension-provider package
on the adaptive services interface:
chassis fpc 1 {
pic 2 {
adaptive-services {
service-package {
extension-provider {
control-cores 1;
data-cores 1;
object-cache-size 512;
policy-db-size 64;
package jservices-rpm;
syslog daemon any;
}
}
}
}
}
Related • Real-Time Performance Monitoring Services Overview on page 145
Documentation
• [edit services rpm] Hierarchy Level on page 246
• Examples: Configuring Real-Time Performance Monitoring on page 163
• destination-interface on page 267
168 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 11
Testing the Performance of Network
Devices Using RFC 2544-Based
Benchmarking
• RFC2544-Based Benchmarking Tests Overview on page 169
• Layer 2 RFC2544-Based Benchmarking Tests Overview on page 171
• Supported RFC2544-Based Benchmarking Statements on MX104 Routers on page 174
• Configuring an RFC 2544-Based Benchmarking Test on page 175
• Example: Configuring an RFC 2544-Based Benchmarking Test for Layer 3 IPv4
Services on page 178
• Example: Configuring an RFC 2544-Based Benchmarking Test for UNI Direction of
Ethernet Pseudowires on page 185
• Example: Configuring an RFC 2544-Based Benchmarking Test for NNI Direction of
Ethernet Pseudowires on page 193
• Example: Configuring RFC2544-Based Benchmarking Tests for Layer 2 E-LAN Services
in Bridge Domains on page 200
RFC2544-Based Benchmarking Tests Overview
RFC2544 defines a series of tests that can be used to describe the performance
characteristics of a network-interconnecting device, such as a router, and outlines specific
formats to report the results of the tests. These tests can be used to benchmark
interconnected network devices and devise a guideline or a measurement pattern to
analyze the health and efficiency of the network devices. These tests are the standard
benchmarking tests for Ethernet networks and are known as RFC2544-based
benchmarking tests. These tests measure throughput, latency, frame loss rate, and bursty
frames. The test methodology enables you to define various parameters such as different
frame sizes to be examined (64, 128, 256, 512, 1024, 1280, and 1518 bytes), the test time
for each test iteration (10 seconds to 1,728,000 seconds), and the frame format
(IP-over-UDP).
An RFC2544-based benchmarking test is performed by transmitting test packets from
a device that functions as the generator or the initiator (which is also called the originator).
These packets are sent to a device that functions as a reflector, which receives and
returns the packets to the initiator.
Copyright © 2014, Juniper Networks, Inc. 169
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Juniper Networks MX104 3D Universal Edge Routers support only the reflector function
and the corresponding benchmarking tests. These tests display only the reflecting
benchmarking tests. These benchmarking tests display the results of the test. For instance,
in the case of the throughput test, the results display the number of transmitted frames
and the number of received frames.
The RFC2544-based benchmarking test methodology assesses different parameters
that are defined in service-level agreements (SLAs). By measuring the performance
availability, transmission delay, link bursts, and service integrity, a carrier provider can
certify that the working parameters of the deployed Ethernet circuit comply with the SLA
and other defined policies.
Table 9 on page 170 describes the different network topologies in which the benchmarking
test is supported.
Table 9: Supported Network Topologies for RFC2544 Benchmarking
Tests
Whether the
Initial Release Benchmarking
Traffic on MX104 Test Is
Service Type Direction Mode Routers Supported
E-Line and (UNI) Egress Port 14.2R1 Supported
E-LAN
(family bridge) Port, VLAN (E-Line and
E-LAN family
bridge)
E-Line (family Ingress 13.3R1 Supported
ccc) (E-Line
Egress Pseudowire)
IP Services NNI 13.3R1 Supported
(family inet)
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• Supported RFC2544-Based Benchmarking Statements on MX104 Routers on page 174
170 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Layer 2 RFC2544-Based Benchmarking Tests Overview
The Metro Ethernet Forum (MEF) defines two Ethernet service types—E-LAN and
E-Line—and specifies the associated service attributes and parameters. These services
can be supported within the Metro Ethernet Network (MEN) and also supported over
different transport technologies such as SONET, MPLS, and so on. Juniper networks ACX
Series routers and MX104 routers provide support for Layer 2 E-LAN and E-Line services,
pseudowire reflection, as well as IPv4 services. Figure 7 on page 171 shows a sample
topology for the E-LAN and E-Line reflection supported on MX104 routers.
Figure 7: E-LAN and E-Line Reflection in Metro Solution
In Junos OS Release 14.2, MX104 routers support RFC2544-based benchmarking tests
for Layer 2 reflection (E-LAN service) in basic bridge domains only. RFC2544-based
benchmarking and performance measurement testing for Layer 2 services is supported
on unicast traffic in egress direction only.
In an E-LAN service, during the benchmarking tests, the initiator or generator transmits
a test packet (unicast) to a reflector. The reflector receives and reflects the test packet
back to the initiator. The test packet is an IP-over-UDP packet with a source and
destination MAC address. A Layer 2 traffic reflection session is identified by the source
MAC address, the destination MAC address, and the egress interface. By default,
RFC2544-based benchmarking tests are performed when there is no other service traffic.
This mode of operation is known as out-of-service mode. The default service mode for
the reflecting egress interface for an E-LAN service is also out-of-service mode. In
out-of-service mode, while the test is running, all the data traffic sent to and from the
UNI port under test on the service is interrupted. Control protocol peering is not interrupted
whereas control protocol packets such as end-to-end CFM sessions are interrupted. If
you do not want the control protocol packets interrupted, you can configure the E-LAN
service mode as in-service mode. In the in-service mode, while the test is running, the
Copyright © 2014, Juniper Networks, Inc. 171
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
rest of the data traffic flow sent to and from the UNI port under test on the service is not
interrupted. Control protocol packets and control protocol peering are not interrupted.
By default, for E-LAN services, the default behavior of the reflector is to swap MAC
addresses. The reflector swaps the source and destination MAC addresses and sends
the packet back to the initiator. Table 10 on page 172 describes the MAC address swapping
behavior for the service types.
Table 10: MAC Address Swapping Behavior for E-LAN and E-Line Services
Family Direction Default Behavior User-configurable
bridge Egress MAC address swap (E-LAN service type) No
No MAC address swap (E-Line service type) Yes
ccc Egress No MAC address swap No
Ingress MAC address swap No
By default, the IP address and UDP ports are not modified. Optionally, you can configure
the reflector to swap the source and destination IP address and the source and destination
UDP ports.
You can configure an ACX Series router to operate as an initiator. Because the MX104
router supports only reflector functionality, it can be configured to operate as a reflector.
NOTE: You can configure a total of four simultaneous active reflection
sessions. The four active reflection sessions can be of the same type or can
be a combination of the different types of reflection sessions. For instance,
you can configure either four IPv4 reflection sessions or two pseudowire
reflection sessions, one Layer 2 reflection session, and one IPv4 reflection
session. Also, you can configure aggregate interfaces as test interface only
for the bridge family.
All active RFC2544-based benchmarking tests are stopped when any of the following
events takes place either in the initiator or in the reflector:
System Events:
• Graceful Routing Engine Switchover (GRES)
• MIC is taken offline and then brought back online.
• Packet Forwarding Engine is restarted.
• Router is restarted.
172 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Test Interface Events:
• Interface on which the tests are configured is deactivated and then reactivated.
• Interface on which the tests are configured is disabled and then enabled.
• Interface on which the tests are configured is deleted and then added.
• Peer router interface, connected to the interface on which the tests are configured, is
disabled and then enabled.
• Maximum Transmission Unit (MTU) size of the interface on which the tests are
configured is modified.
• VLAN configuration (VLAN ID) of the interface on which the tests are configured is
modified.
• Bridge domain configuration (mode) of the interface on which the tests are configured
is modified.
• Member interface, of an aggregated Interface on which the test are configured is deleted
and then added.
NOTE: RFC2544-based benchmarking tests are not supported during unified
in-service software upgrade (ISSU).
After the benchmarking tests are stopped, the test states of the tests are removed and
the user can restart the same test. Other ongoing tests on other interfaces are not
interrupted.
Related • RFC2544-Based Benchmarking Tests Overview on page 169
Documentation
• Supported RFC2544-Based Benchmarking Statements on MX104 Routers on page 174
• Example: Configuring RFC 2544-Based Benchmarking Tests for Layer 2 E-LAN Services
in Bridge Domains on page 200
Copyright © 2014, Juniper Networks, Inc. 173
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Supported RFC2544-Based Benchmarking Statements on MX104 Routers
Table 11 on page 174 lists the reflector-specific configuration statements that are supported
on the MX104 routers. Note that an (–) denotes that the command is not supported.
Table 11: Supported RFC2544-Based Benchmarking Reflector Statements on MX104
Statement Options Initial Release on MX104 Routers
destination-ipv4-address – 13.3R1
destination-mac-address – 14.2R1
destination-udp-port – 13.3R1
direction (egress | ingress) 13.3R1
disable-signature-check – –
family ( ccc | inet) 13.3R1
(bridge | ccc | inet) 14.2R1
in-service – 14.2R1
ip-swap – 14.2R1
mode reflect 13.3R1
reflect-etype – –
reflect-mode (mac-swap | no-mac-swap | 14.2R1
no-ip-swap | no-udp-tcp-port-swap)
service-type (eline | elan) 14.2R1
source-ipv4-address – 13.3R1
source-mac-address – 14.2R1
source-udp-port – 13.3R1
test-interface – 13.3R1
udp-tcp-port-swap – 14.2R1
Related • RFC2544-Based Benchmarking Tests Overview on page 169
Documentation
• Configuring an RFC 2544-Based Benchmarking Test on page 175
174 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
• Example: Configuring RFC 2544-Based Benchmarking Tests for Layer 2 E-LAN Services
in Bridge Domains on page 200
Configuring an RFC 2544-Based Benchmarking Test
You can configure a benchmarking test to detect and measure performance attributes,
such as throughput, latency, frame loss, and bursty or back-to-back frames, of network
devices. RFC 2544-based benchmarking test is performed by transmitting test packets
from a device that functions as the generator or the initiator. These packets are sent to
a device that functions as the reflector, which receives and returns the packets back to
the initiator.
You must configure a test profile and reference the test profile in a unique test name that
defines the parameters for the test to be performed on a certain device. However, the
test profile is required when the test mode is configured as initiation and termination.
The test-profile parameter is disregarded when the test mode is configured as reflection.
MX104 routers support only the reflection function in the RFC 2544-based benchmarking
tests. A reflection service does not use the parameters specified in the test profile because
the reflection service it returns the frames to the initiator.
The following topics describe how to configure a test name for an RFC 2544-based
benchmarking test on an MX104 router for Layer 3 IPv4 and Ethernet pseudowire networks:
• Configuring a Test Name for an RFC 2544-Based Benchmarking Test for a IPv4
Network on page 175
• Configuring a Test Name for an RFC 2544-Based Benchmarking Test for an Ethernet
Pseudowire: on page 176
Configuring a Test Name for an RFC 2544-Based Benchmarking Test for a IPv4 Network
You can configure a test name by including the test-name test-name statement at the
[edit services rpm rfc2544-benchmarking] hierarchy level. In the test name, you can
configure attributes of the test iteration, such as the address family (type of service, IPv4
or Ethernet), the logical interface, and test duration that are used for a benchmarking
test to be run.
To configure a test name and define its attributes for an IPv4 network:
1. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
2. Configure a instance.
[edit services]
user@host# edit rpm
3. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
Copyright © 2014, Juniper Networks, Inc. 175
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
4. Define a name for the test—for example, test1. The test name identifier can be up to
32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
5. Specify the test mode for the packets that are sent during the benchmarking test. The
reflect option causes the test frames to be reflected on the IPv4 network.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode reflect
6. Configure the address type family for the benchmarking test. The inet option indicates
that the test is run on an IPv4 service.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family inet
7. Configure the destination IPv4 address for the test packets. This parameter is required
only if you configure IPv4 family inet. If you do not configure the destination IPv4
address, the default value of 192.168.1.20 is used.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set destination-ipv4-address address
8. Specify the UDP port of the destination to be used in the UDP header for the generated
frames. If you do not specify the UDP port, the default value of 4041 is used.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set destination-udp-port port-number
9. (Optional) Specify the source IPv4 address to be used in generated test frames. If
you do not configure the source IPv4 address for inet family, the source address of
the interface is used to transmit the test frames.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set source-ipv4-address address
10. Specify the UDP port of the source to be used in the UDP header for the generated
frames. If you do not specify the UDP port, the default value of 4041 is used.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set source-udp-port port-number
11. Specify the logical interface on which the RFC 2544-based benchmarking test is run.
If you configure an inet family and the test mode to reflect the frames back on the
sender from the other end, then the logical interface is used as the interface to enable
the reflection service (reflection is performed on the packets entering the specified
interface). If you not configure the logical interface for reflection test mode, then a
lookup is performed on the source IPv4 address to determine the interface that hosts
the address.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface interface-name
Configuring a Test Name for an RFC 2544-Based Benchmarking Test for an Ethernet Pseudowire:
You can configure a test name by including the test-name test-name statement at the
[edit services rpm rfc2544-benchmarking] hierarchy level. In the test name, you can
176 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
configure attributes of the test iteration, such as the address family (type of serviceIPv4
or Ethernet), the logical interface, and test duration, that are used for a benchmarking
test to be run. The test name combined with the test profile represent a single real-time
performance monitoring (RPM) configuration instance.
To configure a test name and define its attributes for an Ethernet Pseudowire:
1. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
2. Configure an RPM service instance.
[edit services]
user@host# edit rpm
3. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
4. Define a name for the test—for example, test1. The test name identifier can be up to
32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
5. Specify the test mode for the packets that are sent during the benchmarking test. The
reflect option causes the test frames to be reflected on the Ethernet pseudowire.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode reflect
6. Configure the address type family for the benchmarking test. The ccc option indicates
that the test is run on a CCC or Ethernet pseudowire service.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family ccc
7. Specify the direction of the interface on which the test must be run. This parameter
is valid only for a family. To enable the test to be run in the egress direction of the
interface (network-to-network interface (NNI)), use the egress option. To enable the
test to be run in the ingress direction of the interface (user-to-network interface (UNI)),
use the ingress option.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set direction egress
8. (Optional) Specify the source IPv4 address to be used in generated test frames. If
you do not configure the source IPv4 address for family, the default value of 192.168.1.10
is used.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set source-ipv4-address address
9. Specify the logical interface on which the RFC 2544-based benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface interface-name
Copyright © 2014, Juniper Networks, Inc. 177
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • RFC2544-Based Benchmarking Tests Overview on page 169
Documentation
• Example: Configuring an RFC 2544-Based Benchmarking Test for UNI Direction of
Ethernet Pseudowires on page 185
• Example: Configuring an RFC 2544-Based Benchmarking Test for NNI Direction of
Ethernet Pseudowires on page 193
• Example: Configuring an RFC 2544-Based Benchmarking Test for Layer 3 IPv4 Services
on page 178
Example: Configuring an RFC 2544-Based Benchmarking Test for Layer 3 IPv4 Services
• Requirements on page 178
• Overview on page 178
• Configuration on page 179
• Verifying the Results of the Benchmarking Test for Layer 3 IPv4 Services on page 185
Requirements
This example uses the following hardware and software components:
• An ACX Series Universal Access Router—
• Junos OS Release or later
Overview
Consider a sample topology in which a router, Router A, functions as an initiator and
terminator of the test frames for an RFC 2544-based benchmarking test. Router A is
connected over a Layer 3 network to another router, Router B, which functions as a
reflector to reflect back the test frames it receives from Router A. IPv4 is used for
transmission of test frames over the Layer 3 network. This benchmarking test is used to
compute the IPv4 service parameters between Router A and Router B. Logical interfaces
on both the routers are configured with IPv4 addresses to measure the performance
attributes, such as throughput, latency, frame loss, and bursty frames, of network devices
for the IPv4 service.
Figure 8 on page 179 shows the sample topology to perform an RFC 2544 test for a Layer
3 IPv4 d
';[service.
178 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Figure 8: RFC 2544-Based Benchmarking Test for a Layer 3 IPv4 Service
Configuration
In this example, you configure the benchmarking test for a Layer 3 IPv4 service that is
between interface ge-0/0/0 on Router A and interface ge-0/0/4 on Router B to detect
and analyze the performance of the interconnecting routers.
• Configuring Benchmarking Test Parameters on Router A on page 180
• Configuring Benchmarking Test Parameters on Router B on page 182
• Results on page 183
CLI Quick To quickly configure this example, copy the following commands, paste them in a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level:
Configuring
Benchmarking Test
Parameters on Router
A
set interfaces ge-0/0/0 unit 0 family inet address 200.0.0.1/24
set interfaces ge-0/0/0 unit 0 family mpls
set rfc2544-benchmarking profiles test-profile throughput test-type throughput
set rfc2544-benchmarking profiles test-profile throughput packet-size 64
set rfc2544-benchmarking profiles test-profile throughput test-duration 20m
set rfc2544-benchmarking profiles test-profile throughput bandwidth-kbps 500
set rfc2544-benchmarking tests test-name test1 test-profile throughput
set rfc2544-benchmarking tests test-name test1 interface ge-0/0/0.1
set rfc2544-benchmarking tests test-name test1 mode initiate-and-terminate
set rfc2544-benchmarking tests test-name test1 family inet
set rfc2544-benchmarking tests test-name test1 dest-address 200.0.0.2
set rfc2544-benchmarking tests test-name test1 udp-port 4001
Configuring
Benchmarking Test
Parameters on Router
B
set interfaces ge-0/0/4 unit 0 family inet address 200.0.0.2/24
set interfaces ge-0/0/4 unit 0 family mpls
set services rpm rfc2544-benchmarking tests test-name test1 interface ge-0/0/4.1
set services rpm rfc2544-benchmarking tests test-name test1 mode reflect
Copyright © 2014, Juniper Networks, Inc. 179
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
set services rpm rfc2544-benchmarking tests test-name test1 family inet
set services rpm rfc2544-benchmarking tests test-name test1 dest-address 200.0.0.1
set services rpm rfc2544-benchmarking tests test-name test1 udp-port 4001
Configuring Benchmarking Test Parameters on Router A
Step-by-Step The following require you to navigate various levels in the configuration hierarchy. For
Procedure information about navigating the CLI, see Using the CLI Editor in Configuration Mode in
the CLI User Guide.
To configure the test parameters on Router A:
1. In configuration mode, go to the [edit interfaces] hierarchy level:
[edit]
user@host# edit interfaces
2. Configure the interface on which the test must be run.
[edit interfaces]
user@host# edit ge-0/0/0
3. Configure a logical unit and specify the protocol family.
[edit interfaces ge-0/0/0]
user@host# edit unit 0 family inet
4. Specify the address for the logical interface.
[edit interfaces ge-0/0/0 unit 0 family inet]
user@host# set address 200.0.0.1/24
5. Enter the up command to go the previous level in the configuration hierarchy.
[edit interfaces ge-0/0/0 unit 0 family inet]
user@host# up
6. Configure the MPLS family on the logical interface.
[edit interfaces ge-0/0/0 unit 0]
user@host# set family mpls
7. Go to the top level of the configuration command mode.
[edit interfaces ge-0/0/0 unit 0]
user@host# top
8. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
9. Configure a real-time performance monitoring service (RPM) instance.
[edit services]
user@host# edit rpm
10. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
11. Define a name for a test profile—for example, throughput.
180 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile throughput
12. Configure the type of test to be performed as throughput.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type throughput
13. Specify the size of the test packet as 64 bytes.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type packet-size 64
14. Specify the periodfor which the test is to be performed in hours, minutes, or seconds
by specifying a number followed by the letter h (for hours), m (for minutes), or s
(for seconds), respectively.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type test-duration 20m
15. Define the theoretical maximum bandwidth for the test in kilobits per second, with
a value from 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type bandwidth-kbps 500
16. Enter the up command to go the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# up
17. Enter the up command to go the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles]
user@host# up
18. Define a name for the test—for example, test1. The test name identifier can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
19. Specify the name of the test profile—for example, throughput—to be associated
with a particular test name.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-profile throughput
20. Specify the logical interface, ge-0/0/0.1, on which the RFC 2544-based
benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface ge-0/0/0.1
21. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode initiate-and-terminate
22. Configure the address type family, inet, for the benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
Copyright © 2014, Juniper Networks, Inc. 181
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
user@host# set family inet
23. Configure the destination IPv4 address for the test packets.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set dest-address 200.0.0.2
24. Specify the UDP port of the destination to be used in the UDP header for the
generated frames as 4001.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set udp-port 4001
25. Start the benchmarking test on the initiator.
user@> test services rpm rfc2544-benchmarking test test1 start
After the test is successfully completed, it is automatically stopped at the initiator.
Configuring Benchmarking Test Parameters on Router B
Step-by-Step The following you to navigate various levels in the configuration hierarchy. For information
Procedure about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User
Guide.
To configure the test parameters on Router B:
1. In configuration mode, go to the [edit interfaces] hierarchy level:
[edit]
user@host# edit interfaces
2. Configure the interface on which the test must be run.
[edit interfaces]
user@host# edit ge-0/0/4
3. Configure a logical unit and specify the protocol family as inet.
[edit interfaces ge-0/0/4]
user@host# edit unit 0 family inet
4. Specify the address for the logical interface.
[edit interfaces ge-0/0/4 unit 0 family inet]
user@host# set address 200.0.0.2/24
5. Enter the up command to go the previous level in the configuration hierarchy.
[edit interfaces ge-0/0/4 unit 0 family inet]
user@host# up
6. Configure the MPLS family on the logical interface.
[edit interfaces ge-0/0/4 unit 0]
user@host# set family mpls
7. Go to the top level of the configuration command mode.
[edit interfaces ge-0/0/4 unit 0]
user@host# top
8. In configuration mode, go to the [edit services] hierarchy level.
182 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
[edit]
user@host# edit services
9. Configure a real-time performance monitoring service (RPM) instance.
[edit services]
user@host# edit rpm
10. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
11. Define a name for the test—for example, test1. The test name identifier can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
12. Specify the logical interface, ge-0/0/4.1, on which the RFC 2544-based
benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface ge-0/0/4.1
13. Specify reflect as the test mode for the packets that are sent during the
benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode reflect
14. Configure the address type family, inet, for the benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family inet
15. Configure the destination IPv4 address for the test packets as 200.0.0.1.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set dest-address 200.0.0.1
16. Specify the UDP port of the destination to be used in the UDP header for the
generated frames as 4001.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set udp-port 4001
17. Start the benchmarking test on the reflector.
user@host> test services rpm rfc2544-benchmarking test test1 start
After the test is successfully completed at the initiator, you can stop the test at the
reflector by entering the test services rpm rfc2544-benchmarking test test1 command.
Results
In configuration mode, confirm your configuration on Router A and Router B by entering
the show command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
Copyright © 2014, Juniper Networks, Inc. 183
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Benchmarking Test Parameters on Router A:
[edit interfaces]
ge-0/0/0 {
unit 0 {
family inet {
address 200.0.0.1/24;
}
family mpls;
}
}
[edit services rpm]
rfc2544-benchmarking {
profiles {
test-profile throughput {
test-type throughput
packet-size 64;
test-duration 20m;
bandwidth-kbps 500;
}
}
tests {
test-name test1 {
test-profile throughput;
interface ge-0/0/0.1;
mode initiate,terminate;
family inet;
dest-address 200.0.0.2
udp-port 4001;
}
}
}
Benchmarking Test Parameters on Router B:
[edit interfaces]
ge-0/0/4 {
unit 0 {
family inet {
address 200.0.0.2/24;
}
family mpls;
}
}
[edit services rpm]
rfc2544-benchmarking {
# Note, When in reflector mode, test profile is not needed
tests {
test-name test1 {
interface ge-0/0/4.1;
mode reflect;
family inet;
dest-address 200.0.0.1;
udp-port 4001;
}
}
}
184 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
After you have configured the device, enter the commit command in configuration mode.
Verifying the Results of the Benchmarking Test for Layer 3 IPv4 Services
Examine the results of the benchmarking test that is performed on the configured service
between Router A and Router B.
• Verifying the Benchmarking Test Results on page 185
Verifying the Benchmarking Test Results
Purpose Verify that the necessary and desired statistical values are displayed for the benchmarking
test that is run on the configured service between Router A and Router B.
Action In operational mode, enter the show services rpm rfc2544-benchmarking (aborted-tests
| active-tests | completed-tests | summary) command to display information about the
results of each category or state of the RFC 2544-based benchmarking test, such as
aborted tests, active tests, and completed tests, for each real-time performance
monitoring (RPM) instance.
Related • RFC2544-Based Benchmarking Tests Overview on page 169
Documentation
• Configuring an RFC 2544-Based Benchmarking Test on page 175
Example: Configuring an RFC 2544-Based Benchmarking Test for UNI Direction of
Ethernet Pseudowires
This example shows how to configure the benchmarking test for the user-to-network
interface (UNI) direction of an Ethernet pseudowire service.
• Requirements on page 185
• Overview on page 186
• Configuration on page 187
• Verifying the Results of the Benchmarking Test for UNI Direction of an Ethernet
Pseudowire Service on page 192
Requirements
This example uses the following hardware and software components:
• An ACX Series router—f
• Junos OS Release or later
Copyright © 2014, Juniper Networks, Inc. 185
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Overview
Consider a sample topology in which a router, Router A, functions as a reflector of the
test frames for an RFC 2544-based benchmarking test. The logical customer edge
(CE)-facing interface and inet family are configured on Router A. Router A is not part of
a pseudowire and therefore, a Layer 3 family configuration is required on it. Router A,
which is a customer edge device CE1 is connected to Router B, which functions as a
provider edge device PE1 over an Ethernet pseudowire in the UNI direction with EtherType
or Layer 2 Ethernet payload. The logical interface, family, and UNI direction are configured
on Router B. Router B or PE1 is connected over an Ethernet pseudowire in the NNI direction
to a provider edge device at the remote site, PE2. The link between CE1 and PE1 is an
Ethernet Layer 2 network and it can be configured with any EtherType value. The link
between PE1 and PE2 is an Ethernet line (E-LINE) or an Ethernet Private Line (EPL) that
has Layer 2 payload and Layer 3 transport sent over it. Router B or PE1 functions as an
initiator and terminator of the test frames that are sent to Router A and reflected back
from it.
This benchmarking test is used to compute the performance attributes in the
user-to-network interface (UNI) direction of an Ethernet pseudowire service between
Router A and Router B. Data traffic arriving from a network-to-network interface (NNI)
toward the customer edge is ignored while the test is in progress. Packets from the CE
are not sent toward the NNI because all packets are assumed to be test probes.
Figure 9 on page 186 shows the sample topology to perform an RFC 2544 test for the UNI
direction of an Ethernet pseudowire service.
Figure 9: RFC 2544-Based Benchmarking Test for UNI Direction of an
Ethernet Pseudowire
186 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Configuration
In this example, you configure the benchmarking test for the UNI direction of an Ethernet
pseudowire service that is enabled between two routersto detect and analyze the
performance of the interconnecting routers.
• Configuring Benchmarking Test Parameters on Router A on page 188
• Configuring Benchmarking Test Parameters on Router B on page 190
• Results on page 191
CLI Quick To quickly configure this example, copy the following commands, paste them in a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level:
Configuring
Benchmarking Test
Parameters on Router
A
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 vlan-id 101
set interfaces ge-0/0/0 unit 0 family inet address 200.0.0.1/24
set services rpm rfc2544-benchmarking profiles test-profile throughput test-type
throughput
set services rpm rfc2544-benchmarking profiles test-profile throughput packet-size 64
set services rpm rfc2544-benchmarking profiles test-profile throughput test-duration
20m
set services rpm rfc2544-benchmarking profiles test-profile throughput bandwidth-kbps
500
set services rpm rfc2544-benchmarking tests test-name test1 interface ge-0/0/0.1
set services rpm rfc2544-benchmarking tests test-name test1 test-profile throughput
set services rpm rfc2544-benchmarking tests test-name test1 mode initiate,terminate
set services rpm rfc2544-benchmarking tests test-name test1 family inet
set services rpm rfc2544-benchmarking tests test-name test1 dest-address 200.0.0.2
set services rpm rfc2544-benchmarking tests test-name test1 udp-port 4001
Configuring
Benchmarking Test
Parameters on Router
B
set interfaces ge-0/0/4 vlan-tagging
set interfaces ge-0/0/4 unit 0 encapsulation vlan-ccc
set interfaces ge-0/0/4 unit 0 vlan-id 101
set services rpm rfc2544-benchmarking tests test-name test1 interface ge-0/0/4.1
set services rpm rfc2544-benchmarking tests test-name test1 mode reflect
set services rpm rfc2544-benchmarking tests test-name test1 mode family ccc
set services rpm rfc2544-benchmarking tests test-name test1 direction uni
Copyright © 2014, Juniper Networks, Inc. 187
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Configuring Benchmarking Test Parameters on Router A
Step-by-Step The following require you to navigate various levels in the configuration hierarchy. For
Procedure information about navigating the CLI, see Using the CLI Editor in Configuration Mode in
the CLI User Guide.
To configure the test parameters on Router A:
1. In configuration mode, go to the [edit interfaces] hierarchy level:
[edit]
user@host# edit interfaces
2. Configure the interface on which the test must be run.
[edit interfaces]
user@host# edit ge-0/0/0
3. Configure VLAN tagging for transmission and reception of 802.1Q VLAN-tagged
frames.
[edit interfaces ge-0/0/0]
user@host# set vlan-tagging
4. Configure a logical unit and specify the protocol family as inet.
[edit interfaces ge-0/0/0]
user@host# edit unit 0 family inet
5. Specify the address for the logical interface.
[edit interfaces ge-0/0/0 unit 0 family inet]
user@host# set address 200.0.0.1/24
6. Configure the VLAN ID on the logical interface as 101.
[edit interfaces ge-0/0/0 unit 0]
user@host# set vlan-id 101
7. Go to the top level of the configuration command mode.
[edit interfaces ge-0/0/0 unit 0]
user@host# top
8. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
9. Configure a real-time performance monitoring service (RPM) instance.
[edit services]
user@host# edit rpm
10. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
11. Define a name for a test profile—for example, throughput.
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile throughput
188 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
12. Configure the type of test to be performed as throughput.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type throughput
13. Specify the size of the test packet as 64 bytes.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type packet-size 64
14. Specify the period for which the test is to be performed in hours, minutes, or seconds
by specifying a number followed by the letter h (for hours), m (for minutes), or s
(for seconds). In this example, you configure the period as 20 minutes.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type test-duration 20m
15. Define the theoretical maximum bandwidth for the test in kilobits per second, with
a value from 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type bandwidth-kbps 500
16. Enter the up command to go the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# up
17. Enter the up command to go the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles]
user@host# up
18. Define a name for the test—for example, test1. The test name identifier can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
19. Specify the name of the test profile—for example, throughput—to be associated
with a particular test name.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-profile throughput
20. Specify the logical interface, ge-0/0/0.1, on which the RFC 2544-based
benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface ge-0/0/0.1
21. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode initiate-and-terminate
22. Configure the address type family, inet, for the benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family inet
23. Configure the destination IPv4 address for the test packets as 200.0.0.2.
Copyright © 2014, Juniper Networks, Inc. 189
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set dest-address 200.0.0.2
24. Specify the UDP port of the destination to be used in the UDP header for the
generated frames as 4001.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set udp-port 4001
Configuring Benchmarking Test Parameters on Router B
Step-by-Step The following require you to navigate various levels in the configuration hierarchy. For
Procedure information about navigating the CLI, see Using the CLI Editor in Configuration Mode in
the CLI User Guide.
To configure the test parameters on Router B:
1. In configuration mode, go to the [edit interfaces] hierarchy level:
[edit]
user@host# edit interfaces
2. Configure the interface on which the test must be run.
[edit interfaces]
user@host# edit ge-0/0/4
3. Configure VLAN tagging for transmission and reception of 802.1Q VLAN-tagged
frames.
[edit interfaces ge-0/0/4]
user@host# set vlan-tagging
4. Configure a logical unit for the interface.
[edit interfaces ge-0/0/4]
user@host# edit unit 0
5. Specify the encapsulation for Ethernet VLAN circuits.
[edit interfaces ge-0/0/4 unit 0]
user@host# set encapsulation vlan-ccc
6. Configure the VLAN ID as 101 on the logical interface.
[edit interfaces ge-0/0/4 unit 0]
user@host# set vlan-id 101
7. Go to the top level of the configuration command mode.
[edit interfaces ge-0/0/4 unit 0]
user@host# top
8. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
9. Configure a real-time performance monitoring service (RPM) instance.
[edit services]
user@host# edit rpm
190 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
10. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
11. Define a name for the test—for example, test1. The test name identifier can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
12. Specify the logical interface on which the RFC 2544-based benchmarking test is
run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface ge-0/0/4.1
13. Specify reflect as the test mode for the packets that are sent during the
benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode reflect
14. Configure the address type family, ccc, for the benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family ccc
15. Specify the direction of the interface on which the test must be run, which is UNI in
this example.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set direction uni
Results
In configuration mode, confirm your configuration on Router A and Router B by entering
the show command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
Benchmarking Test Parameters on Router A:
[edit interfaces]
ge-0/0/0 {
vlan-tagging;
unit 0 {
vlan-id 101;
family inet {
address 200.0.0.1/24;
}
}
}
[edit services rpm]
rfc2544-benchmarking {
profiles {
test-profile throughput {
test-type throughput
packet-size 64;
test-duration 20m;
Copyright © 2014, Juniper Networks, Inc. 191
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
bandwidth-kbps 500;
}
}
tests {
test-name test1 {
interface ge-0/0/0.1;
test-profile throughput;
mode initiate,terminate;
family inet;
dest-address 200.0.0.2
udp-port 4001;
}
}
}
Benchmarking Test Parameters on Router B:
[edit interfaces]
ge-0/0/4 {
vlan-tagging;
unit 0 {
encapsulation vlan-ccc;
vlan-id 101;
}
}
[edit services rpm]
rfc2544-benchmarking {
# Note, When in reflector mode, test profile is not needed
tests {
test-name test1 {
interface ge-0/0/4.1;
mode reflect;
family ccc;
direction uni;
}
}
}
After you have configured the device, enter the commit command in configuration mode.
Verifying the Results of the Benchmarking Test for UNI Direction of an Ethernet Pseudowire
Service
Examine the results of the benchmarking test that is performed on the configured service
between Router A and Router B.
• Verifying the Benchmarking Test Results on page 192
Verifying the Benchmarking Test Results
Purpose Verify that the necessary and desired statistical values are displayed for the benchmarking
test that is run on the configured service between Router A and Router B.
192 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Action In operational mode, enter the show services rpm rfc2544-benchmarking (aborted-tests
| active-tests | completed-tests | summary) command to display information about the
results of each category or state of the RFC 2544-based benchmarking test, such as
aborted tests, active tests, and completed tests, for each real-time performance
monitoring (RPM) instance.
Meaning The output displays the details of the benchmarking test that was performed. For more
information about the show services rpm rfc2544-benchmarking operational command,
see show services rpm rfc2544-benchmarking in the CLI Explorer.
Related • RFC2544-Based Benchmarking Tests Overview on page 169
Documentation
• Configuring an RFC 2544-Based Benchmarking Test on page 175
Example: Configuring an RFC 2544-Based Benchmarking Test for NNI Direction of
Ethernet Pseudowires
This example shows how to configure the benchmarking test for a network-to-network
interface (NNI) direction of an Ethernet pseudowire service.
• Requirements on page 193
• Overview on page 193
• Configuration on page 194
• Verifying the Results of the Benchmarking Test for NNI Direction of an Ethernet
Pseudowire Service on page 200
Requirements
This example uses the following hardware and software components:
• An ACX Series router
• Junos OS Release or later
Overview
Consider a sample topology in which a router, Router A, functions as an initiator and
terminator of the test frames for an RFC 2544-based benchmarking test. Router A
operates as a provider edge devicePE1, which is connected to a customer edge device
CE1 on one side and over an Ethernet pseudowire to another router Router B, which
functions as a reflector to reflect back the test frames it receives from Router A. Router
B operates as a provider edge device, PE2, which is the remote router located at the other
side of the service provider core. The UNI direction of CE1 is connected to the NNI direction
of PE1. An MPLS tunnel connects PE1 and PE2 over the Ethernet pseudowire or the
Ethernet line (E-LINE).
This benchmarking test is used to compute the performance attributes in the
network-to-network interface (NNI) direction of an Ethernet pseudowire service between
Router A and Router B. The logical interface under test on Router A is the CE1 interface
Copyright © 2014, Juniper Networks, Inc. 193
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
with UNI as the direction, and the logical interface under test on Router B is the CE2
interface with NNI as the direction. Data traffic arriving from UNI toward NNI is ignored
while the test is in progress. Packets from NNI are not sent toward the customer edge
because all packets are assumed to be test frames. The family and NNI direction are
configured on routers A and B.
Figure 10 on page 194 shows the sample topology to perform an RFC 2544 test for the
NNI direction of an Ethernet pseudowire service.
Figure 10: RFC 2544-Based Benchmarking Test for NNI Direction of an
Ethernet Pseudowire
Configuration
In this example, you configure the benchmarking test for the NNI direction of an Ethernet
pseudowire service that is enabled between two routersto detect and analyze the
performance of the interconnecting routers.
• Configuring Benchmarking Test Parameters on Router on page 195
• Configuring Benchmarking Test Parameters on Router B on page 197
• Results on page 198
CLI Quick To quickly configure this example, copy the following commands, paste them in a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level:
Configuring
Benchmarking Test
Parameters on Router
A
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 encapsulation vlan-ccc
set interfaces ge-0/0/0 unit 0 vlan-id 101
set services rpm rfc2544-benchmarking profiles test-profile throughput test-type
throughput
set services rpm rfc2544-benchmarking profiles test-profile throughput packet-size 64
set services rpm rfc2544-benchmarking profiles test-profile throughput test-duration 20
194 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
set services rpm rfc2544-benchmarking profiles test-profile throughput bandwidth-kbps
500
set services rpm rfc2544-benchmarking tests test-name test1 interface ge-0/0/0.1
set services rpm rfc2544-benchmarking tests test-name test1 test-profile throughput
set services rpm rfc2544-benchmarking tests test-name test1 mode initiate,terminate
set services rpm rfc2544-benchmarking tests test-name test1 family ccc
set services rpm rfc2544-benchmarking tests test-name test1 direction nni
Configuring
Benchmarking Test
Parameters on Router
B
set interfaces ge-0/0/4 vlan-tagging
set interfaces ge-0/0/4 unit 0 encapsulation vlan-ccc
set interfaces ge-0/0/4 unit 0 vlan-id 101
set services rpm rfc2544-benchmarking tests test-name test1 interface ge-0/0/4.1
set services rpm rfc2544-benchmarking tests test-name test1 mode reflect
set services rpm rfc2544-benchmarking tests test-name test1 mode family ccc
set services rpm rfc2544-benchmarking tests test-name test1 direction uni
Configuring Benchmarking Test Parameters on Router
Step-by-Step The following require you to navigate various levels in the configuration hierarchy. For
Procedure information about navigating the CLI, see Using the CLI Editor in Configuration Mode in
the CLI User Guide.
To configure the test parameters on Router A:
1. In configuration mode, go to the [edit interfaces] hierarchy level:
[edit]
user@host# edit interfaces
2. Configure the interface on which the test must be run.
[edit interfaces]
user@host# edit ge-0/0/0
3. Configure VLAN tagging for transmission and reception of 802.1Q VLAN-tagged
frames.
[edit interfaces ge-0/0/0]
user@host# set vlan-tagging
4. Configure a logical unit for the interface.
[edit interfaces ge-0/0/0]
user@host# edit unit 0
5. Specify the encapsulation for Ethernet VLAN circuits.
[edit interfaces ge-0/0/0 unit 0]
user@host# set encapsulation vlan-ccc
6. Configure the VLAN ID on the logical interface.
[edit interfaces ge-0/0/0 unit 0]
user@host# set vlan-id 101
Copyright © 2014, Juniper Networks, Inc. 195
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
7. Go to the top level of the configuration command mode.
[edit interfaces ge-0/0/0 unit 0]
user@host# top
8. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
9. Configure a real-time performance monitoring service (RPM) instance.
[edit services]
user@host# edit rpm
10. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
11. Define a name for a test profile—for example, throughput.
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile throughput
12. Configure the type of test to be performed as throughput.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type throughput
13. Specify the size of the test packet as 64 bytes.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type packet-size 64
14. Specify the period—for example, 20 minutes—for which the test is to be performed
in hours, minutes, or seconds by specifying a number followed by the letter h (for
hours), m (for minutes), or s (for seconds).
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type test-duration 20m
15. Define the theoretical maximum bandwidth for the test in kilobits per second, with
a value from 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# set test-type bandwidth-kbps 500
16. Enter the up command to go the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles test-profile throughput]
user@host# up
17. Enter the up command to go the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles]
user@host# up
18. Define a name for the test—for example, test1. The test name identifier can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
196 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
19. Specify the name of the test profile—for example, throughput—to be associated
with a particular test name.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-profile throughput
20. Specify the logical interface, ge-0/0/0.1, on which the RFC 2544-based
benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface ge-0/0/0.1
21. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode initiate-and-terminate
22. Configure the address type family, ccc, for the benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family ccc
23. Specify the direction of the interface on which the test must be run, which is NNI in
this example.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set direction nni
Configuring Benchmarking Test Parameters on Router B
Step-by-Step The following require you to navigate various levels in the configuration hierarchy. For
Procedure information about navigating the CLI, see Using the CLI Editor in Configuration Mode in
the CLI User Guide.
To configure the test parameters on Router B:
1. In configuration mode, go to the [edit interfaces] hierarchy level:
[edit]
user@host# edit interfaces
2. Configure the interface on which the test must be run.
[edit interfaces]
user@host# edit ge-0/0/4
3. Configure VLAN tagging for transmission and reception of 802.1Q VLAN-tagged
frames.
[edit interfaces ge-0/0/4]
user@host# set vlan-tagging
4. Configure a logical unit for the interface.
[edit interfaces ge-0/0/4]
user@host# edit unit 0
5. Specify the encapsulation for Ethernet VLAN circuits.
[edit interfaces ge-0/0/4 unit 0]
Copyright © 2014, Juniper Networks, Inc. 197
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
user@host# set encapsulation vlan-ccc
6. Configure the VLAN ID on the logical interface.
[edit interfaces ge-0/0/4 unit 0]
user@host# set vlan-id 101
7. Go to the top level of the configuration command mode.
[edit interfaces ge-0/0/4 unit 0]
user@host# top
8. In configuration mode, go to the [edit services] hierarchy level.
[edit]
user@host# edit services
9. Configure a real-time performance monitoring service (RPM) instance.
[edit services]
user@host# edit rpm
10. Configure an RFC 2544-based benchmarking test for the RPM instance.
[edit services rpm]
user@host# edit rfc2544-benchmarking
11. Define a name for the test—for example, test1. The test name identifier can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking]
user@host# edit tests test-name test1
12. Specify the logical interface, ge-0/0/4.1, on which the RFC 2544-based
benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set test-interface ge-0/0/4.1
13. Specify reflect as the test mode for the packets that are sent during the
benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set mode reflect
14. Configure the address type family, ccc, for the benchmarking test.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set family ccc
15. Specify the direction of the interface on which the test must be run, which is NNI in
this example.
[edit services rpm rfc2544-benchmarking tests test-name test1]
user@host# set direction nni
Results
In configuration mode, confirm your configuration on Router A and Router B by entering
the show command. If the output does not display the intended configuration, repeat
the configuration instructions in this example to correct it.
198 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Benchmarking Test Parameters on Router A:
[edit interfaces]
ge-0/0/0 {
vlan-tagging;
unit 0 {
encapsulation vlan-ccc;
vlan-id 101;
}
}
[edit services rpm]
rfc2544-benchmarking {
profiles {
test-profile throughput {
test-type throughput
packet-size 64;
test-duration 20m;
bandwidth-kbps 500;
}
}
tests {
test-name test1 {
interface ge-0/0/0.1;
test-profile throughput;
mode initiate,terminate;
family ccc;
direction nni;
}
}
}
Benchmarking Test Parameters on Router B:
[edit interfaces]
ge-0/0/4 {
vlan-tagging;
unit 0 {
encapsulation vlan-ccc;
vlan-id 101;
}
}
[edit services rpm]
rfc2544-benchmarking {
# Note, When in reflector mode, test profile is not needed
tests {
test-name test1 {
interface ge-0/0/4.1;
mode reflect;
family ccc;
direction nni;
}
}
}
After you have configured the device, enter the commit command in configuration mode.
Copyright © 2014, Juniper Networks, Inc. 199
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Verifying the Results of the Benchmarking Test for NNI Direction of an Ethernet Pseudowire
Service
Examine the results of the benchmarking test that is performed on the configured service
between Router A and Router B.
• Verifying the Benchmarking Test Results on page 200
Verifying the Benchmarking Test Results
Purpose Verify that the necessary and desired statistical values are displayed for the benchmarking
test that is run on the configured service between Router A and Router B.
Action In operational mode, enter the show services rpm rfc2544-benchmarking (aborted-tests
| active-tests | completed-tests | summary) command to display information about the
results of each category or state of the RFC 2544-based benchmarking test, such as
aborted tests, active tests, and completed tests, for each real-time performance
monitoring (RPM) instance.
Meaning The output displays the details of the benchmarking test that was performed. For more
information about the show services rpm rfc2544-benchmarking operational command,
see show services rpm rfc2544-benchmarking in the CLI Explorer.
Related • RFC2544-Based Benchmarking Tests Overview on page 169
Documentation
• Configuring an RFC 2544-Based Benchmarking Test on page 175
Example: Configuring RFC2544-Based Benchmarking Tests for Layer 2 E-LAN Services
in Bridge Domains
This example shows how to configure benchmarking tests for the Layer 2 E-LAN services
in bridge domains. The example covers the four basic tests: throughput, frame-loss,
back-to-back, and latency.
• Requirements on page 201
• Overview on page 201
• Configuration on page 201
• Verifying the Results of the Benchmarking Tests for Layer 2 Services (E-LAN) in Bridge
Domains on page 215
200 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Requirements
This example uses the following hardware and software components:
• An MX104 3D Universal Edge router
• An ACX Series router
• Junos OS Release 14.2 or later for MX Series routers
Overview
Consider a sample topology in which an ACX router functions as an initiator and terminator
of the test frames for an RFC2544-based benchmarking test. ACX router is connected
to a customer edge device CE1, on one side and is connected over a layer 2 network to
an MX104 router. The MX104 router functions as a reflector to reflect the test frames it
receives from the ACX Series initiator back to the initiator. The MX04 router is also
connected to a customer edge device CE2.
Figure 11 on page 201 shows the sample topology to perform all four RFC2544-based
benchmarking tests (throughput, back-to-back frames, latency, and frame-loss) for the
UNI direction on a Layer 2 bridge network.
Figure 11: Layer 2 reflection Simple Topology
On the ACX router, ge-1/2/1.0 is the Layer 2 NNI interface and ge-1/1/3.0 is the Layer 2
UNI interface. On the MX104 router, ge-1/1/6.0 is the Layer 2 NNI interface and ge-1/1/5.0
is the Layer 2 UNI interface. The benchmarking tests are used to compute the performance
attributes for an E-LAN service on a bridge domain.
Configuration
In this example, you configure the benchmarking tests for the UNI direction for an E-LAN
service on a Layer 2 bridge domain that is enabled between two routers to detect and
analyze the performance of the interconnected routers. In this example, we start by
configuring the ACX Series router. On the ACX router, you first configure each test by
specifying the test profile, the test attributes, and then define the test by associating the
test with the test profile with the relevant attributes. You can then configure the interface.
On the MX104 router, you will perform the same steps. However, a few attributes such
Copyright © 2014, Juniper Networks, Inc. 201
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
as the outer VLAN ID, source UDP port, destination UDP port, the duration of each iteration,
and their values are only applicable to the initiator or the ACX router.
• Configuring Throughput Benchmarking Test Parameters on the ACX Series
Router on page 204
• Configuring Back-to-Back Frames Benchmarking Test Parameters on the ACX Series
Router on page 206
• Configuring Latency Benchmarking Test Parameters on the ACX Series
Router on page 207
• Configuring Frame Loss Benchmarking Test Parameters on the ACX Series
Router on page 208
• Configuring Other Benchmarking Test Parameters on the ACX Series Router on page 210
• Configuring Benchmarking Test Parameters on the MX104 Router on page 211
• Configuring Other Benchmarking Test Parameters on the MX104 Router on page 211
• Results on page 212
CLI Quick To quickly configure this example, copy the following commands, paste them in a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level:
Configuring set services rpm rfc2544-benchmarking profiles test-profile tput test-type throughput
Benchmarking Test set services rpm rfc2544-benchmarking profiles test-profile tput packet-size 128
Parameters on the ACX set services rpm rfc2544-benchmarking profiles test-profile tput bandwidth-kbps 900000
set services rpm rfc2544-benchmarking profiles test-profile b2bt test-type
Series Router
back-back-frames
set services rpm rfc2544-benchmarking profiles test-profile b2bt packet-size 512
set services rpm rfc2544-benchmarking profiles test-profile b2bt bandwidth-kbps 950000
set services rpm rfc2544-benchmarking profiles test-profile lty test-type latency
set services rpm rfc2544-benchmarking profiles test-profile lty packet-size 512
set services rpm rfc2544-benchmarking profiles test-profile lty bandwidth-kbps 1000000
set services rpm rfc2544-benchmarking profiles test-profile frloss test-type frame-loss
set services rpm rfc2544-benchmarking profiles test-profile frloss packet-size 1600
set services rpm rfc2544-benchmarking profiles test-profile frloss bandwidth-kbps
1000000
set services rpm rfc2544-benchmarking tests test-name tput-test test-profile tput
set services rpm rfc2544-benchmarking tests test-name tput-test source-mac-address
00:00:00:00:11:11
set services rpm rfc2544-benchmarking tests test-name tput-test destination-mac-address
00:00:00:00:22:22
set services rpm rfc2544-benchmarking tests test-name tput-test ovlan-id 400
set services rpm rfc2544-benchmarking tests test-name tput-test service-type elan
set services rpm rfc2544-benchmarking tests test-name tput-test mode
initiate-and-terminate
set services rpm rfc2544-benchmarking tests test-name tput-test family bridge
set services rpm rfc2544-benchmarking tests test-name tput-test direction egress
set services rpm rfc2544-benchmarking tests test-name tput-test source-udp-port 200
set services rpm rfc2544-benchmarking tests test-name tput-test destination-udp-port
200
set services rpm rfc2544-benchmarking tests test-name tput-test test-iterator-duration
20
set services rpm rfc2544-benchmarking tests test-name tput-test test-interface ge-1/1/3.0
202 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
set services rpm rfc2544-benchmarking tests test-name b2b-test test-profile b2bt
set services rpm rfc2544-benchmarking tests test-name b2b-test source-mac-address
00:00:00:00:11:11
set services rpm rfc2544-benchmarking tests test-name b2b-test destination-mac-address
00:00:00:00:22:22
set services rpm rfc2544-benchmarking tests test-name b2b-test ovlan-id 400
set services rpm rfc2544-benchmarking tests test-name b2b-test service-type elan
set services rpm rfc2544-benchmarking tests test-name b2b-test mode
initiate-and-terminate
set services rpm rfc2544-benchmarking tests test-name b2b-test family bridge
set services rpm rfc2544-benchmarking tests test-name b2b-test direction egress
set services rpm rfc2544-benchmarking tests test-name b2b-test test-iterator-duration
20
set services rpm rfc2544-benchmarking tests test-name b2b-test test-interface ge-1/1/3.0
set services rpm rfc2544-benchmarking tests test-name lty-test test-profile lty
set services rpm rfc2544-benchmarking tests test-name lty-test source-mac-address
00:00:00:00:11:11
set services rpm rfc2544-benchmarking tests test-name lty-test destination-mac-address
00:00:00:00:22:22
set services rpm rfc2544-benchmarking tests test-name lty-test ovlan-id 400
set services rpm rfc2544-benchmarking tests test-name lty-test service-type elan
set services rpm rfc2544-benchmarking tests test-name lty-test mode
initiate-and-terminate
set services rpm rfc2544-benchmarking tests test-name lty-test family bridge
set services rpm rfc2544-benchmarking tests test-name lty-test direction egress
set services rpm rfc2544-benchmarking tests test-name lty-test source-udp-port 200
set services rpm rfc2544-benchmarking tests test-name lty-test destination-udp-port
200
set services rpm rfc2544-benchmarking tests test-name lty-test test-iterator-duration 20
set services rpm rfc2544-benchmarking tests test-name lty-test test-interface ge-1/1/3.0
set services rpm rfc2544-benchmarking tests test-name frloss-test test-profile frloss
set services rpm rfc2544-benchmarking tests test-name frloss-test source-mac-address
00:00:00:00:11:11
set services rpm rfc2544-benchmarking tests test-name frloss-test
destination-mac-address 00:00:00:00:22:22
set services rpm rfc2544-benchmarking tests test-name frloss-test ovlan-id 400
set services rpm rfc2544-benchmarking tests test-name frloss-test service-type elan
set services rpm rfc2544-benchmarking tests test-name frloss-test mode
initiate-and-terminate
set services rpm rfc2544-benchmarking tests test-name frloss-test family bridge
set services rpm rfc2544-benchmarking tests test-name frloss-test direction egress
set services rpm rfc2544-benchmarking tests test-name frloss-test source-udp-port 200
set services rpm rfc2544-benchmarking tests test-name frloss-test destination-udp-port
200
set services rpm rfc2544-benchmarking tests test-name frloss-test test-iterator-duration
20
set services rpm rfc2544-benchmarking tests test-name frloss-test test-interface ge-1/1/3.0
set interfaces ge-1/2/1 flexible-vlan-tagging
set interfaces ge-1/2/1 mtu 9192
set interfaces ge-1/2/1 encapsulation flexible-ethernet-services
set interfaces ge-1/2/1 unit 0 encapsulation vlan-bridge
set interfaces ge-1/2/1 unit 0 vlan-id 400
set interfaces ge-1/1/3 flexible-vlan-tagging
set interfaces ge-1/1/3 mtu 9192
set interfaces ge-1/1/3 encapsulation flexible-ethernet-services
set interfaces ge-1/1/3 unit 0 encapsulation vlan-bridge
Copyright © 2014, Juniper Networks, Inc. 203
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
set interfaces ge-1/1/3 unit 0 vlan-id 400
set bridge-domains bd1 vlan-id 600
set bridge-domains bd1 interface ge-1/2/1.0
set bridge-domains bd1 interface ge-1/1/3.0
Configuring set services rpm rfc2544-benchmarking tests test-name l2b-reflector source-mac-address
Benchmarking Test 00:00:00:00:11:11
Parameters on the set services rpm rfc2544-benchmarking tests test-name l2b-reflector
destination-mac-address 00:00:00:00:22:22
MX104 Router
set services rpm rfc2544-benchmarking tests test-name l2b-reflector service-type elan
set services rpm rfc2544-benchmarking tests test-name l2b-reflector mode reflect
set services rpm rfc2544-benchmarking tests test-name l2b-reflector family bridge
set services rpm rfc2544-benchmarking tests test-name l2b-reflector direction egress
set services rpm rfc2544-benchmarking tests test-name l2b-reflector test-interface
ge-1/1/5.0
set interfaces ge-1/1/6 flexible-vlan-tagging
set interfaces ge-1/1/6 mtu 9192
set interfaces ge-1/1/6 encapsulation flexible-ethernet-services
set interfaces ge-1/1/6 unit 0 encapsulation vlan-bridge
set interfaces ge-1/1/6 unit 0 vlan-id 100
set interfaces ge-1/1/5 flexible-vlan-tagging
set interfaces ge-1/1/5 mtu 9192
set interfaces ge-1/1/5 encapsulation flexible-ethernet-services
set interfaces ge-1/1/5 unit 0 encapsulation vlan-bridge
set interfaces ge-1/1/5 unit 0 vlan-id 100
set bridge-domains bd1 domain-type bridge
set bridge-domains bd1 vlan-id 500
set bridge-domains bd1 interface ge-1/1/6.0
set bridge-domains bd1 interface ge-1/1/5.0
Configuring Throughput Benchmarking Test Parameters on the ACX Series Router
Step-by-Step The following configuration requires you to configure a test profile for the throughput
Procedure test and reference the test-profile in a unique test-name. The test-name defines the
parameters for the throughput test to be performed on the ACX router.
To configure the throughput test parameters on the ACX Router:
1. In configuration mode, at the [edit] hierarchy level, configure a real-time performance
monitoring service (RPM) instance and an RFC2544-based benchmarking test for
the RPM instance.
[edit]
user@host# edit services rpm rfc2544-benchmarking
2. Define a name for the first test profile—for example, tput for the throughput test
profile.
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile tput
3. Configure the type of test to be performed as throughput, specify the packet size
as 128 bytes, and define the theoretical maximum bandwidth for the test in kilobits
per second (Kbps), with a value from 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles test-profile tput]
204 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
user@host# set test-type throughput packet-size 128 bandwidth-kbps 900000
4. Enter the up command twice to go to the [edit services rpm rfc2544-benchmarking]
level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles test-profile tput ]
user@host# up
user@host# up
5. Define a name for the throughput test—for example, tput-test. The test name can
be up to 32 characters in length.
[edit services rpm rfc2544-benchmarking ]
user@host# edit tests test-name tput-test
6. Specify the name of the test profile, tput, to be associated with the test name.
[edit services rpm rfc2544-benchmarking tests test-name tput-test]
user@host# set test-profile tput
7. Configure the source and destination MAC address for the test packet.
[edit services rpm rfc2544-benchmarking tests test-name tput-test]
user@host# set source-mac-address 00:00:00:00:11:11 destination-mac-address
00:00:00:00:22:22
8. Configure the outer VLAN ID for the test frames and specify the service type under
test to be E-LAN.
[edit services rpm rfc2544-benchmarking tests test-name tput-test]
user@host# set ovlan-id 400 service-type elan
9. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name tput-test]
user@host# set mode initiate-and-terminate
10. Configure the family type, bridge, for the benchmarking test and specify the direction,
egress. Also, specify the source and destination UDP port to be used in the UDP
headers of the test packet.
[edit services rpm rfc2544-benchmarking tests test-name tput-test]
user@host# set family bridge direction egress source-udp-port 200
destination-udp-port 200
11. Specify the duration of each iteration in seconds, with a value from 10 seconds to
1,728,000 seconds, and specify the logical interface, ge-0/2/1.0, on which the
RFC2544-benchmarking tests are run.
[edit services rpm rfc2544-benchmarking tests test-name tput-test]
user@host# set test-iterator-duration 20 test-interface ge-1/1/3.0
Copyright © 2014, Juniper Networks, Inc. 205
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Configuring Back-to-Back Frames Benchmarking Test Parameters on the ACX
Series Router
Step-by-Step The following configuration requires you to configure a test profile for the back to back
Procedure frames test and reference the test-profile in a unique test-name. The test-name defines
the parameters for the back to back frames test to be performed on the ACX router.
To configure the back-to-back frames test parameters on the ACX Router:
1. In configuration mode, at the [edit] hierarchy level, configure a real-time performance
monitoring service (RPM) instance and an RFC2544-based benchmarking test for
the RPM instance.
[edit]
user@host# edit services rpm rfc2544-benchmarking
2. Define a name for the back-to-back test profile—for example, b2bt.
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile b2bt
3. Configure the type of test to be performed as back-to-back frames, specify the
packet size as 128 bytes, and define the theoretical maximum bandwidth for the
test in kilobits per second, with a value from 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles test-profile b2bt]
user@host# set test-type back-toback-frames packet-size 4444 bandwidth-kbps
950000
4. Enter the up command twice to go to the [edit services rpm rfc2544-benchmarking]
level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles test-profile b2bt ]
user@host# up
user@host# up
5. Define a name for the back-to-back frames test—for example, b2bt-test. The test
name can be up to 32 characters in length.
[edit services rpm rfc2544-benchmarking ]
user@host# edit tests test-name b2bt-test
6. Specify the name of the test profile, b2bt, to be associated with the test name.
[edit services rpm rfc2544-benchmarking tests test-name b2bt-test]
user@host# set test-profile b2bt
7. Configure the source and destination MAC address for the test packet.
[edit services rpm rfc2544-benchmarking tests test-name b2bt-test]
user@host# set source-mac-address 00:00:00:00:11:11 destination-mac-address
00:00:00:00:22:22
8. Configure the outer VLAN ID for the test frames and specify the service type under
test.
[edit services rpm rfc2544-benchmarking tests test-name b2bt-test]
user@host# set ovlan-id 400 service-type elan
206 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
9. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name b2bt-test]
user@host# set mode initiate-and-terminate
10. Configure the family type, bridge, for the benchmarking test and specify the direction,
egress.
[edit services rpm rfc2544-benchmarking tests test-name b2bt-test]
user@host# set family bridge direction egress
11. Specify the duration of each iteration in seconds, with a value from 10 seconds to
1,728,000 seconds. Also, specify the logical interface, ge-0/2/1.0, on which the
RFC2544-based benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name b2bt-test]
user@host# set test-iterator-duration 20 test-interface ge-1/1/3.0
Configuring Latency Benchmarking Test Parameters on the ACX Series Router
Step-by-Step The following configuration requires you to configure a test profile for the latency test
Procedure and reference the test-profile in a unique test-name. The test-name defines the
parameters for the latency test to be performed on the ACX router.
To configure the latency test parameters on the ACX Router:
1. In configuration mode, at the [edit] hierarchy level, configure a real-time performance
monitoring service (RPM) instance and an RFC2544-based benchmarking test for
the RPM instance.
[edit]
user@host# edit services rpm rfc2544-benchmarking
2. Define a name for the latency test profile—for example, lty.
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile lty
3. Configure the type of test to be performed as latency, specify the packet size of the
test packet, and define the maximum bandwidth for the test in kilobits per second,
with a value form 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles]
user@host# set test-profile lty test-type latency packet-size 512 bandwidth-kbps
1000000
4. Enter the up command twice to go to the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles test-profile lty]
user@host# up
user@host# up
5. Define a name for the latency test—for example, lty-test. The test name can be up
to 32 characters in length.
[edit services rpm rfc2544-benchmarking ]
user@host# edit tests test-name lty-test
Copyright © 2014, Juniper Networks, Inc. 207
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
6. Specify the name of the test profile, lty, to be associated with the test name.
[edit services rpm rfc2544-benchmarking tests test-name lty-test]
user@host# set test-profile lty
7. Configure the source and destination MAC address for the test packet.
[edit services rpm rfc2544-benchmarking tests test-name lty-test]
user@host# set source-mac-address 00:00:00:00:11:11 destination-mac-address
00:00:00:00:22:22
8. Configure the outer VLAN ID for the test frames and specify the service type under
test.
[edit services rpm rfc2544-benchmarking tests test-name lty-test]
user@host# set ovlan-id 400 service-type elan
9. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name lty-test]
user@host# set mode initiate-and-terminate
10. Configure the family type, bridge, for the benchmarking test and specify the direction,
egress. Also, specify the source and destination UDP port to be used in the UDP
headers of the test packet.
[edit services rpm rfc2544-benchmarking tests test-name lty-test]
user@host# set family bridge direction egress source-udp-port 200
destination-udp-port 200
11. Specify the duration of each iteration in seconds, with a value from 10 seconds to
1,728,000 seconds. Also, specify the logical interface, ge-0/2/1.0, on which the
RFC2544-based benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name lty-test]
user@host# set test-iterator-duration 20 test-interface ge-1/1/3.0
Configuring Frame Loss Benchmarking Test Parameters on the ACX Series Router
Step-by-Step The following configuration requires you to configure a test profile for the frame loss test
Procedure and reference the test-profile in a unique test-name. The test-name defines the
parameters for the frame loss test to be performed on the ACX router.
To configure the frame loss test parameters on the ACX Router:
1. In configuration mode, at the [edit] hierarchy level, configure a real-time performance
monitoring service (RPM) instance and an RFC2544-based benchmarking test for
the RPM instance.
[edit]
user@host# edit services rpm rfc2544-benchmarking
2. Define a name for the frame loss test profile—for example, frloss.
[edit services rpm rfc2544-benchmarking]
user@host# edit profiles test-profile frloss
208 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
3. Configure the type of test performed as frame loss, specify the packet size of the
test packet, and define the maximum bandwidth for the test in kilobits per second,
with a value from 1 Kbps through 1,000,000 Kbps.
[edit services rpm rfc2544-benchmarking profiles]
user@host# set test-profile frloss test-type frame-loss packet-size 1600
bandwidth-kbps 1000000
4. Enter the up command to go to the previous level in the configuration hierarchy.
[edit services rpm rfc2544-benchmarking profiles ]
user@host# up
5. Define a name for the frame loss test—for example, frloss-test. The test name can
be up to 32 characters in length.
[edit services rpm rfc2544-benchmarking ]
user@host# edit tests test-name frloss-test
6. Specify the name of the test profile, frloss, to be associated with the test name.
[edit services rpm rfc2544-benchmarking tests test-name frloss-test]
user@host# set test-profile frloss
7. Configure the source and destination MAC address for the test packet.
[edit services rpm rfc2544-benchmarking tests test-name frloss-test]
user@host# set source-mac-address 00:00:00:00:11:11 destination-mac-address
00:00:00:00:22:22
8. Configure the outer VLAN ID for the test frames and specify the service type under
test.
[edit services rpm rfc2544-benchmarking tests test-name frloss-test]
user@host# set ovlan-id 400 service-type elan
9. Specify the test mode for the packets that are sent during the benchmarking test
as initiation and termination.
[edit services rpm rfc2544-benchmarking tests test-name frloss-test]
user@host# set mode initiate-and-terminate
10. Configure the family type, bridge, for the benchmarking test and specify the direction,
egress. Also, specify the source and destination UDP port to be used in the UDP
headers of the test packet.
[edit services rpm rfc2544-benchmarking tests test-name frloss-test]
user@host# set family bridge direction egress source-udp-port 200
destination-udp-port 200
11. Specify the duration of each iteration in seconds, with a value from 10 seconds to
1,728,000 seconds. Also, specify the logical interface, ge-0/2/1.0, on which the
RFC2544-based benchmarking test is run.
[edit services rpm rfc2544-benchmarking tests test-name frloss-test]
user@host# set test-iterator-duration 20 test-interface ge-1/1/3.0
12. Enter the exit command to go to the [edit] hierarchy level.
[edit services rpm rfc2544-benchmarking tests test-name test4 ]
user@host# exit
Copyright © 2014, Juniper Networks, Inc. 209
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Configuring Other Benchmarking Test Parameters on the ACX Series Router
Step-by-Step The following example requires you to navigate various levels in the configuration
Procedure hierarchy. For information about navigating the CLI, see Using the CLI Editor in
Configuration Mode in the CLI User Guide.
To configure the interface and bridge domain on the ACX Router:
1. Configure the Layer 2 NNI interface on which the tests must be run from the [edit]
hierarchy level.
[edit]
user@host# edit interfaces ge-1/2/1
2. Configure flexible VLAN tagging for the transmission of untagged frames or 802.1Q
single-tagged and dual-tagged frames on the logical interface. You can also specify
the maximum transmission unit (MTU) size for the interface and the encapsulation.
[edit interfaces ge-1/2/1]
user@host# set flexible-vlan-tagging mtu 9192 encapsulation
flexible-ethernet-services
3. Configure a logical unit for the interface, specify the encapsulation, and configure
the VLAN ID on the logical interfaces.
[edit interfaces ge-1/2/1]
user@host# set unit 0 encapsulation vlan-bridge vlan-id 400
4. Configure the Layer 2 UNI interface.
[edit]
user@host# edit interfaces ge-1/1/3
5. Configure flexible VLAN tagging for transmission of non-tagged frames or 802.1Q
single-tag and dual-tag frames on the logical interface. You can also specify the
maximum transmission unit (MTU) size for the interface and the encapsulation.
[edit interfaces ge-1/1/3]
user@host# set flexible-vlan-tagging mtu 9192 encapsulation
flexible-ethernet-services
6. Configure a logical unit for the interface and specify the encapsulation and configure
the VLAN ID on the logical interfaces.
[edit interfaces ge-1/1/3]
user@host# set unit 0 encapsulation vlan-bridge vlan-id 400
7. Configure the bridge domain, bd1, and specify the VLAN ID associated with the
bridge domain and the associated interfaces from the [edit] hierarchy level.
[edit ]
user@host# set bridge-domains bd1 vlan-id 600 interface ge-1/2/1.0
user@host# set bridge-domains bd1 vlan-id 600 intreface ge-1/1/3.0
210 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Configuring Benchmarking Test Parameters on the MX104 Router
Step-by-Step The following configuration requires you to configure a unique test-name for the
Procedure benchmarking test on the MX104 router. The test-name defines the parameters for the
benchmarking test to be performed. Because the test interface and test MAC addresses
are the same, you can create a single test configuration at the reflector (MX104).
To configure the benchmarking test parameters on the MX104 Router:
1. In configuration mode, at the [edit] hierarchy level, configure a real-time performance
monitoring service (RPM) instance and an RFC2544-based benchmarking test for
the RPM instance.
[edit]
user@host# edit services rpm rfc2544-benchmarking
2. Define a name for the test—for example, l2b-reflector. The test name can be up to
32 characters in length.
[edit services rpm rfc2544-benchmarking ]
user@host# edit tests test-name l2b-reflector
3. Specify the source and destination MAC addresses of the test packet.
[edit services rpm rfc2544-benchmarking test-name l2b-reflector]
user@host# set source-mac-address 00:00:00:00:11:11 destination-mac-address
00:00:00:00:22:22
4. Specify the service type under test and the mode which is reflect, at the reflector.
[edit services rpm rfc2544-benchmarking test-name l2b-reflector]
user@host# set service-type elan
5. Specify the mode which is reflect at the reflector.
[edit services rpm rfc2544-benchmarking test-name l2b-reflector]
user@host# set mode reflect
6. Configure the family type, bridge, for the benchmarking test and specify the direction,
egress. Also, specify the logical interface, ge-1/1/5.0, on which the RFC2544-based
benchmarking test is being run.
[edit services rpm rfc2544-benchmarking tests test-name l2b-reflector]
user@host# set family bridge direction egress test-interface ge-1/1/5.0
Configuring Other Benchmarking Test Parameters on the MX104 Router
Step-by-Step The following example requires you to navigate various levels in the configuration
Procedure hierarchy. For information about navigating the CLI, see Using the CLI Editor in
Configuration Mode in the CLI User Guide.
To configure the interface and bridge domain on the MX104 Router:
1. Configure the Layer 2 NNI interface on which the tests must be run.
[edit]
user@host# edit interfaces ge-1/1/6
Copyright © 2014, Juniper Networks, Inc. 211
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
2. Configure flexible VLAN tagging for transmission of untagged frames or 802.1Q
single-tagged and dual-tagged frames on the logical interface. You can also specify
the maximum transmission unit (MTU) size for the interface and the encapsulation.
[edit interfaces ge-1/1/6]
user@host# set flexible-vlan-tagging mtu 9192 encapsulation
flexible-ethernet-services
3. Configure a logical unit for the interface, specify the encapsulation, and configure
the VLAN ID on the logical interface.
[edit interfaces ge-1/1/6]
user@host# set unit 0 encapsulation vlan-bridge vlan-id 400
4. Configure the Layer 2 NNI interface.
[edit]
user@host# edit interfaces ge-1/1/5
5. Configure flexible VLAN tagging for transmission of untagged frames or 802.1Q
single-tagged and dual-tagged frames on the logical interface. You can also specify
the maximum transmission unit (MTU) size for the interface and the encapsulation.
[edit interfaces ge-1/1/5]
user@host# set flexible-vlan-tagging mtu 9192 encapsulation
flexible-ethernet-services
6. Configure a logical unit for the interface, specify the encapsulation, and configure
the VLAN ID on the logical interfaces.
[edit interfaces ge-1/1/5]
user@host# set unit 0 encapsulation vlan-bridge vlan-id 400
7. Configure the bridge domain, bd1, and specify the VLAN ID associated with the
bridge domain, and the associated interfaces from the [edit] hierarchy level.
[edit ]
user@host# set bridge-domains bd1 vlan-id 500 interface ge-1/1/6.0
user@host# set bridge-domains bd1 vlan-id 500 intreface ge-1/1/5.0
Results
In configuration mode, confirm your configuration on the ACX Router and the MX104
Router by entering the show command. If the output does not display the intended
configuration, repeat the configuration instructions in this example to correct it.
Benchmarking Test Parameters on the ACX Router :
[edit interfaces]
ge-1/2/1 {
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 400;
}
}
212 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
ge-1/1/3 {
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 400;
}
}
[edit bridge-domains]
bd1 {
vlan-id 600;
interface ge-1/2/1.0;
interface ge-1/1/3.0;
}
[edit services rpm]
rfc2544-benchmarking {
profiles {
test-profile tput {
test-type throughput
packet-size 128;
bandwidth-kbps 900000;
}
test-profile b2bt {
test-type back-back-frames
packet-size 512;
bandwidth-kbps 950000;
}
test-profile lty {
test-type latency
packet-size 512;
bandwidth-kbps 100000;
}
test-profile frloss {
test-type frameloss
packet-size 1600;
bandwidth-kbps 1000000;
}
}
tests {
test-name tput-test {
interface ge-1/1/3.0;
test-profile tput;
mode initiate,terminate;
source-mac-address 00:00:00:00:11:11;
destination-mac-address 00:00:00:00:22:22;
ovlan-id 400;
service-type elan;
family bridge;
direction egress;
source-udp-port 200;
destination-udp-port 200;
test-iterator-duration 20;
Copyright © 2014, Juniper Networks, Inc. 213
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
test-name b2b-test {
interface ge-1/1/3.0;
test-profile b2bt;
mode initiate,terminate;
source-mac-address 00:00:00:00:11:11;
destination-mac-address 00:00:00:00:22:22;
ovlan-id 400;
service-type elan;
family bridge;
direction egress;
test-iterator-duration 20;
}
test-name lty-test {
interface ge-1/1/3.0;
test-profile lty;
mode initiate,terminate;
source-mac-address 00:00:00:00:11:11;
destination-mac-address 00:00:00:00:22:22;
ovlan-id 400;
service-type elan;
family bridge;
direction egress;
source-udp-port 200;
destination-udp-port 200;
test-iterator-duration 20;
}
test-name frloss-test {
interface ge-1/1/3.0;
test-profile frloss;
mode initiate,terminate;
source-mac-address 00:00:00:00:11:11;
destination-mac-address 00:00:00:00:22:22;
ovlan-id 400;
service-type elan;
family bridge;
direction egress;
source-udp-port 200;
destination-udp-port 200;
test-iterator-duration 20;
}
}
}
Benchmarking Test Parameters on the MX104 Router:
[edit interfaces]
ge-1/1/6 {
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 400;
}
}
214 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
ge-1/1/5 {
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 400;
}
}
}
}
[edit bridge-domains]
bd1 {
vlan-id 500;
interface ge-1/1/6.0;
interface ge-1/1/5.0;
[edit services rpm]
rfc2544-benchmarking {
# Note, When in reflector mode, test profile is not needed
tests {
test-name l2b-reflector {
interface ge-1/1/5.0;
source-mac-address 00:00:00:00:11:11;
destination-mac-address 00:00:00:00:22:22;
family bridge;
mode reflect;
service-type elan;
family bridge;
direction egress;
}
}
}
Verifying the Results of the Benchmarking Tests for Layer 2 Services (E-LAN) in Bridge Domains
Examine the results of the benchmarking tests that are performed on the configured
service between the ACX Router and the MX104 Router. Start the test on the reflector
first and then start the test on the initiator.
• Verifying the Throughput Benchmarking Test Results on page 215
• Verifying the Back-to-Back Benchmarking Test Results on page 217
• Verifying the Frame Loss Benchmarking Test Results on page 220
• Verifying the Latency Benchmarking Test Results on page 222
Verifying the Throughput Benchmarking Test Results
Purpose Verify that the necessary and statistical values are displayed for the benchmarking tests
that are run on the configured service between the ACX router and the MX104 router.
Copyright © 2014, Juniper Networks, Inc. 215
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Action In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the ACX router.
user@host> show services rpm rfc2544-benchmarking test-id 1 detail
Test information :
Test id: 1, Test name: tput_test, Test type: Throughput
Test mode: Initiate-and-Terminate
Test packet size: 128
Test state: TEST_STATE_COMPLETED
Status: Test-Completed
Test start time: 2014-09-24 22:21:09 PDT
Test finish time: 2014-09-24 22:21:33 PDT
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: tput
Test packet size: 128
Theoretical max bandwidth : 900000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/3.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Outer vlan-id: 400
Outer vlan priority: 0
Outer vlan cfi: 0
Outer tag protocol id: 0x8100
Source ipv4 address: 192.168.1.10
Destination ipv4 address: 192.168.1.20
Source udp port: 200
Destination udp port: 200
Rfc2544 throughput test information :
Initial test load percentage : 100.00 %
Test iteration mode : Binary
Test iteration step : 50.00 %
Theoretical max bandwidth : 900000 kbps
Test packet size: 128
Iteration Internal Duration Elapsed -------- Throughput ---------
Overhead (sec) time Theoretical Transmit Measured
1 0 20 20 100.00 % 100.00 % 100.00 %
Result of the iteration runs : Throughput Test complete for packet size 128
Best iteration : 1, Best iteration (pps) : 760135
Best iteration throughput : 100.00 %
RFC2544 Throughput test results summary:
----------------------------------------
Packet Internal Theoretical Transmit Tx Rx Measured
216 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
Measured
Size overhead rate (pps) pps Packets Packets throughput %
bandwidth (kbps)
128 0 760135 760135 15202700 15202700 100.00 %
900000
In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the MX104 router.
user@host> show services rpm rfc2544-benchmarking test-id 1 detail
Test information :
Test id: 1, Test name: l2b-reflector, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_RUNNING
Status: Running
Test start time: 2014-09-24 22:20:54 PDT
Test finish time: TEST_RUNNING
Counters last cleared: Never
Test Configuration:
Test mode: Reflect
Duration in seconds: 864000
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/5.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Service type: Elan
Elapsed Reflected Reflected
time Packets Bytes
61 15202700 1945945600
You can also use the show services rpm rfc2544-benchmarking (aborted-test | active-tests
| completed-tests | summary) command to display information about the results of each
category or state of the RFC2544-based benchmarking tests for each real-time
performance monitoring (RPM) instance.
Meaning The output displays the details of the benchmarking test that was performed. For more
information about the run show services rpm rfc2544-benchmarking operational command,
see show services rpm rfc2544-benchmarking in the CLI Explorer.
Verifying the Back-to-Back Benchmarking Test Results
Purpose Verify that the necessary and statistical values are displayed for the benchmarking tests
that are run on the configured service between the ACX router and the MX104 router.
Copyright © 2014, Juniper Networks, Inc. 217
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Action In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the ACX router.
user@host> show services rpm rfc2544-benchmarking test-id 4 detail
Test information :
Test id: 4, Test name: b2b-test, Test type: Back-Back-Frames
Test mode: Initiate-and-Terminate
Test packet size: 128 512
Test state: TEST_STATE_COMPLETED
Status: Test-Completed
Test start time: 2014-09-24 22:30:16 PDT
Test finish time: 2014-09-24 22:31:03 PDT
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: b2bt
Test packet size: 128 512
Theoretical max bandwidth : 950000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/3.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Outer vlan-id: 400
Outer vlan priority: 0
Outer vlan cfi: 0
Outer tag protocol id: 0x8100
Source ipv4 address: 192.168.1.10
Destination ipv4 address: 192.168.1.20
Source udp port: 4040
Destination udp port: 4041
Rfc2544 Back-Back test information :
Initial burst length: 20 seconds at 950000 kbps
Test iteration mode : Binary
Test iteration step : 50.00 %
Test packet size: 128
Iteration Theoretical Transmit Internal Duration Elapsed
burst length burst length overhead time
(packets) (packets)
1 16047280 16047280 0 20 20
Result of the iteration runs : Back-Back Test complete for packet size 128
Best iteration : 1
Measured burst (num sec) : 20 sec
Measured burst (num pkts) : 16047280 packets
Test packet size: 512
Iteration Theoretical Transmit Internal Duration Elapsed
burst length burst length overhead time
218 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
(packets) (packets)
1 4464280 4464280 0 20 20
Result of the iteration runs : Back-Back Test complete for packet size 512
Best iteration : 1
Measured burst (num sec) : 20 sec
Measured burst (num pkts) : 4464280 packets
RFC2544 Back-Back test results summary:
----------------------------------------
Packet Measured Burst Time
Size length (Packets) (seconds)
128 16047280 20
512 4464280 20
In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the MX104 router.
user@host> show services rpm rfc2544-benchmarking test-id 4 detail
Test information :
Test id: 4, Test name: l2b-reflector, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_RUNNING
Status: Running
Test start time: 2014-09-24 22:30:07 PDT
Test finish time: TEST_RUNNING
Counters last cleared: Never
Test Configuration:
Test mode: Reflect
Duration in seconds: 864000
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/5.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Service type: Elan
Elapsed Reflected Reflected
time Packets Bytes
58 20511560 4339763200
You can also use the show services rpm rfc2544-benchmarking (aborted-test | active-tests
| completed-tests | summary) command to display information about the results of each
category or state of the RFC2544-based benchmarking tests for each real-time
performance monitoring (RPM) instance.
Meaning The output displays the details of the benchmarking test that was performed. For more
information about the run show services rpm rfc2544-benchmarking operational command,
see show services rpm rfc2544-benchmarking in the CLI Explorer.
Copyright © 2014, Juniper Networks, Inc. 219
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Verifying the Frame Loss Benchmarking Test Results
Purpose Verify that the necessary and statistical values are displayed for the benchmarking tests
that are run on the configured service between the ACX router and the MX104 router.
Action In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the ACX router.
user@host> show services rpm rfc2544-benchmarking test-id 3 detail
Test information :
Test id: 3, Test name: frloss-test, Test type: Frame-Loss
Test mode: Initiate-and-Terminate
Test packet size: 1600
Test state: TEST_STATE_COMPLETED
Status: Test-Completed
Test start time: 2014-09-24 22:26:45 PDT
Test finish time: 2014-09-24 22:27:55 PDT
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: frloss
Test packet size: 1600
Theoretical max bandwidth : 1000000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/3.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Outer vlan-id: 400
Outer vlan priority: 0
Outer vlan cfi: 0
Outer tag protocol id: 0x8100
Source ipv4 address: 192.168.1.10
Destination ipv4 address: 192.168.1.20
Source udp port: 200
Destination udp port: 200
Rfc2544 frame-loss test information :
Initial test load percentage : 100.00 %
Test iteration mode : step-down
Test iteration step : 10 %
Theoretical max bandwidth : 1000000 kbps
Test packet size: 1600
Iteration Internal Duration Elapsed -------- Throughput --------- Frame-loss
Overhead (sec) time Theoretical Transmit Measured rate %
1 0 20 20 100.00 % 100.00 % 100.00 % 0.00 %
2 0 20 20 100.00 % 100.00 % 100.00 % 0.00 %
220 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
3 0 20 20 100.00 % 100.00 % 100.00 % 0.00 %
Result of the iteration runs : Frame-loss test complete for packet size 1600
Percentage throughput transmitted: 100.00 %
Frame-loss rate (percent) : 0.00 %
RFC2544 Frame-loss test results summary:
----------------------------------------
Packet Internal Theoretical Transmit Transmit Tx Rx
Frame Loss
Size overhead rate (pps) pps throughput Packets Packets
rate percent
1600 0 77160 77160 100.00 % 1543200 1543200
0.00 %
In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the MX104 router.
user@host> show services rpm rfc2544-benchmarking test-id 3 detail
Test information :
Test id: 3, Test name: l2b-reflector, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_RUNNING
Status: Running
Test start time: 2014-09-24 22:25:36 PDT
Test finish time: TEST_RUNNING
Counters last cleared: Never
Test Configuration:
Test mode: Reflect
Duration in seconds: 864000
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/5.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Service type: Elan
Elapsed Reflected Reflected
time Packets Bytes
95 1624361 2598977600
You can also use the show services rpm rfc2544-benchmarking (aborted-test | active-tests
| completed-tests | summary) command to display information about the results of each
category or state of the RFC2544-based benchmarking tests for each real-time
performance monitoring (RPM) instance.
Meaning The output displays the details of the benchmarking test that was performed. For more
information about the run show services rpm rfc2544-benchmarking operational command,
see show services rpm rfc2544-benchmarking in the CLI Explorer.
Copyright © 2014, Juniper Networks, Inc. 221
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Verifying the Latency Benchmarking Test Results
Purpose Verify that the necessary and statistical values are displayed for the benchmarking tests
that are run on the configured service between the ACX router and the MX104 router.
Action In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the ACX router.
user@host> show services rpm rfc2544-benchmarking test-id 5 detail
Test information :
Test id: 5, Test name: lty-test, Test type: Latency
Test mode: Initiate-and-Terminate
Test packet size: 512
Test state: TEST_STATE_COMPLETED
Status: Test-Completed
Test start time: 2014-09-24 22:33:05 PDT
Test finish time: 2014-09-24 22:40:46 PDT
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: lty
Test packet size: 512
Theoretical max bandwidth : 1000000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/3.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Outer vlan-id: 400
Outer vlan priority: 0
Outer vlan cfi: 0
Outer tag protocol id: 0x8100
Source ipv4 address: 192.168.1.10
Destination ipv4 address: 192.168.1.20
Source udp port: 200
Destination udp port: 200
Rfc2544 latency test information :
Theoretical max bandwidth : 1000000 kbps
Initial test load percentage : 100.00 %
Duration in seconds: 20
Measurement unit for timestamp: Nanoseconds
Test packet size: 512
Iteration Duration Elapsed Theoretical Transmit Throughput
------------------ Latency --------------------
(sec) time rate (pps) pps percent Minimum
Average Maximum Probe
1 20 20 234962 234962 100.00 % 44008
222 Copyright © 2014, Juniper Networks, Inc.
Chapter 11: Testing the Performance of Network Devices Using RFC 2544-Based Benchmarking
45253 47424 45096
2 20 20 234962 234962 100.00 % 44008
45237 47456 45256
3 20 20 234962 234962 100.00 % 43864
45198 46976 45144
4 20 20 234962 234962 100.00 % 43832
45243 47088 45096
5 20 20 234962 234962 100.00 % 44072
45261 46976 45176
6 20 20 234962 234962 100.00 % 43784
45214 46864 45032
7 20 20 234962 234962 100.00 % 44024
45259 47216 45240
8 20 20 234962 234962 100.00 % 44072
45290 46864 45192
9 20 20 234962 234962 100.00 % 43976
45272 46792 45208
10 20 20 234962 234962 100.00 % 44024
45206 46976 45112
11 20 20 234962 234962 100.00 % 44040
45198 47088 45176
12 20 20 234962 234962 100.00 % 44008
45223 46976 45160
13 20 20 234962 234962 100.00 % 44088
45257 47408 45176
14 20 20 234962 234962 100.00 % 43976
45183 46832 45080
15 20 20 234962 234962 100.00 % 44024
45198 47088 45112
16 20 20 234962 234962 100.00 % 43864
45206 46912 45208
17 20 20 234962 234962 100.00 % 44056
45209 46960 45176
18 20 20 234962 234962 100.00 % 44008
45198 46912 45112
19 20 20 234962 234962 100.00 % 43816
45175 47248 45000
20 20 20 234962 234962 100.00 % 43912
45202 46992 45192
Result of the iteration runs : Latency Test complete for packet size 512
Internal overhead per packet: 0
Avg (min) Latency : 43972
Avg (avg) latency : 45224
Avg (Max) latency : 47052
Avg (probe) latency : 45147
RFC2544 Latency test results summary:
----------------------------------------
Packet Internal Theoretical Transmit Tx Rx
------------------ Latency --------------------
Size overhead rate (pps) pps Packets Packets Minimum
Average Maximum Probe
512 0 234962 234962 93984800 93984800 43972
45224 47052 45147
In operational mode, enter the show services rpm rfc2544-benchmarking test-id
test-id-number detail command on the MX104 router.
user@host> show services rpm rfc2544-benchmarking test-id 5 detail
Copyright © 2014, Juniper Networks, Inc. 223
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Test information :
Test id: 5, Test name: l2b-reflector, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_RUNNING
Status: Running
Test start time: 2014-09-24 22:32:55 PDT
Test finish time: TEST_RUNNING
Counters last cleared: Never
Test Configuration:
Test mode: Reflect
Duration in seconds: 864000
Test finish wait duration in seconds: 1
Test family: Bridge
Test iterator pass threshold: 0.50 %
Test receive failure threshold: 0.00 %
Test transmit failure threshold: 0.50 %
Bridge family Configuration:
Interface : ge-1/1/5.0
Test direction: Egress
Source mac address: 00:00:00:00:11:11
Destination mac address: 00:00:00:00:22:22
Service type: Elan
Elapsed Reflected Reflected
time Packets Bytes
426 84586320 43308195840
You can also use the show services rpm rfc2544-benchmarking (aborted-test | active-tests
| completed-tests | summary) command to display information about the results of each
category or state of the RFC2544-based benchmarking tests for each real-time
performance monitoring (RPM) instance.
Meaning The output displays the details of the benchmarking test that was performed. For more
information about the run show services rpm rfc2544-benchmarking operational command,
see show services rpm rfc2544-benchmarking in the CLI Explorer.
Related • Layer 2 RFC2544-Based Benchmarking Tests Overview on page 171
Documentation
• Supported RFC2544-Based Benchmarking Statements on MX104 Routers on page 174
224 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 12
Tracking Streaming Media Traffic Using
Inline Video Monitoring
• Inline Video Monitoring Overview on page 225
• Configuring Inline Video Monitoring on page 227
• Inline Video Monitoring Syslog Messages on page 229
Inline Video Monitoring Overview
Junos OS supports inline video monitoring using Media Delivery Index (MDI) metrics.
Inline video monitoring is available on MX Series routers using only the following MPCs:
• MPCE1
• MPCE2
• MPC-16XGE
You use the video-monitoring statement at the [edit services] hierarchy level to specify
monitoring criteria for two key indicators of video traffic problems: delay factor and media
loss rate (MLR), and to apply these metrics to flows on designated interfaces.
Before you use the inline video monitoring feature, ensure that you understand the
following terms:
• media delivery index—These metrics facilitate identification of buffering needs for
streaming media. Buffering must be adequate to compensate for packet jitter, measured
by the MDI delay factor, and quality problems indicated by lost packets, measured by
the MDI media loss rate (MLR). By performing measurements under varying load
conditions, you can identify sources of significant jitter or packet loss and take
appropriate action.
• delay factor —Delay factor is the maximum observed time difference between the
arrival of media data and the drain of media data. The expected drain rate is the
nominal, constant traffic rate for constant bit rate streams or the computed traffic
rate of variable rate media stream packet data.
Copyright © 2014, Juniper Networks, Inc. 225
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
For typical stream rates of 1 megabit per second and higher, an interval of one second
provides an adequate sample time. The delay factor indicates how long a data stream
must be buffered (delayed) at its nominal bit rate to prevent packet loss.
The delay factor suggests the minimum size of the buffer required at the next
downstream node. As a stream progresses, the variation of the delay factor indicates
packet bunching or packet gaps (jitter). Greater delay factor values also indicate that
more network latency is needed to deliver a stream due to the need to pre-fill a receive
buffer before beginning the drain to guarantee no underflow.
When the nominal drain bit rate at a receiving node is known, the delay factor’s
maximum indicates the size of buffer required to accommodate packet jitter.
• Media rate variation (MRV)—This value is the difference between the expected packet
rate and actual packet rate expressed as a percentage of the expected packet rate.
• Media loss rate (MLR)—This value is the number of media packets lost over a
configurable time interval (interval-duration,) where the flow packets are packets
carrying streaming application information. A single IP packet can contain zero or more
streaming packets. For example, an IP packet typically contains seven 188-byte MPEG
transport stream packets. In this case, a single IP packet loss results in seven lost
packets counted (if those seven lost packets did not include null packets). Including
out-of-order packets is important, because many stream consumer-type devices do
not attempt to reorder packets that are received out of order.
To configure the monitoring process, define criteria templates and apply them to the
interfaces and flows you want to monitor. Monitoring templates include the following
criteria:
• Duration of each measurement cycle
• Flow rate information used to establish expected flow rates
• Threshold levels for media rate variation and media loss rate that trigger desired syslog
alerts
For each interface you want to monitor, you can define one or more filters to select flows
for monitoring. Flows are designated as input or output flows and are uniquely identified
by:
• Source IP address
• Source port
• Destination IP address
• Destination port
Junos OS supports the definition of filters for up to 256 flows, which can consist of input
flows, output flows, or a combination of input and output flows. These filters provide
criteria for selecting flows for monitoring. If the selection criteria consist of lists of IP
addresses or ports, you could exceed the maximum number of match conditions for
flows. Video monitoring selects a widely variable number of flows based on flow filters.
The total number of flows that can be measured at a time depends on the specific MPC
card being used, as shown in Table 12 on page 227.
226 Copyright © 2014, Juniper Networks, Inc.
Chapter 12: Tracking Streaming Media Traffic Using Inline Video Monitoring
When you do not define input or output flow fliters for a monitored interfaces, all flows
on the interface are subject to monitoring.
Table 12: MPC Flow Monitoring Capacity by Model
MPC Model Maximum Number of Flows Monitored Simultaneously
MPCE1 1000
MPCE2 2000
MPC-16XGE 4000
NOTE: Junos OS measures both UDP flows (the default) and RTP flows.
Junos OS differentiates media traffic over UDP or RTP by inspecting the first
byte in the UDP payload. If the first byte of the UDP payload is 0x47
(MPEG2-TS sync byte), the traffic is treated as media traffic over UDP. Traffic
is treated as media traffic over RTP if the version field is 2 and the payload
type is 33 in the RTP header. When neither of these criteria are met, the packet
is not considered for video monitoring.
Related • Configuring Inline Video Monitoring on page 227
Documentation
• show services video-monitoring mdi stats fpc-slot on page 525
• show services video-monitoring mdi errors fpc-slot on page 519
• show services video-monitoring mdi flows fpc-slot on page 521
Configuring Inline Video Monitoring
To configure inline video monitoring, perform the following tasks.
• Configuring Media Delivery Indexing Criteria on page 227
• Configuring Interface Flow Criteria on page 229
Configuring Media Delivery Indexing Criteria
To configure media delivery indexing criteria:
1. In edit mode, create a named template for video monitoring.
user@host# edit services video-monitoring templates template-name
For example,
user@host# edit services video-monitoring templates t1
2. Set the duration for sampling in seconds. Flow media delivery indexing statistics are
updated at the end of this interval.
[edit services video-monitoring templates t1]
Copyright © 2014, Juniper Networks, Inc. 227
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
user@host# set interval-duration 1
BEST PRACTICE: If you change the interval duration when a template is
being used, you cause a change in the calculated number of expected
packets in an measurement interval for the template. We recommend
that you do not change the interval duration for a template that is in use.
3. Set the inactivity timeout.
[edit services video-monitoring templates t1]
user@host# set inactivity-timeout 30
4. Configure either media-rate or layer3-packet-rate to establish expected flow rates
used to compare to monitored flow rates.
NOTE: The media rate is the configured media bit rate for the stream. The
media rate is used to establish expected packets per second (pps).
The layer 3 packet rate in packets per second (pps) and is used to establish
expected bits per second (bps).
[edit services video-monitoring templates t1]
user@host# set media-rate 2972400
5. Set delay factor thresholds for syslog message levels.
[edit services video-monitoring templates t1]
user@host# set delay-factor threshold info 100
user@host# set delay-factor threshold warning 200
user@host# set delay-factor threshold critical 300
6. Set media loss rate thresholds for syslog message levels. You can set the threshold
based on number of packets lost, or percentage of packets lost.
Or
[edit services video-monitoring templates t1]
user@host# set media-loss-rate threshold info percentage 5
user@host# set media-loss-rate threshold warning percentage 10
user@host# set media-loss-rate threshold critical percentage 20
7. Set the media rate variation thresholds for syslog message levels. The threshold is
based on the ratio of the difference between the configured media rate and the
monitored media rate to the configured media rate, expressed as a percentage.
[edit services video-monitoring templates t1]
user@host# set media-rate-variation threshold info 10
user@host# set media-rate-variation threshold warning 15
user@host# set media-rate-variation threshold critical 20
228 Copyright © 2014, Juniper Networks, Inc.
Chapter 12: Tracking Streaming Media Traffic Using Inline Video Monitoring
Configuring Interface Flow Criteria
To configure monitoring of flows for interfaces:
1. In edit mode, identify an interface for monitoring .
user@host# edit services video-monitoring interfaces interface-name
2. Identify input flows for monitoring. Flows are uniquely identified by source IP address,
source port, destination IP address, and destination port. You can restrict flow
measurement by specifying values for these identifiers. You can specify individual
addresses or ports or lists of addresses and ports. If you do not specify any identifiers,
all flows on the interface are monitored.
[edit services video-monitoring interfaces interface-name]
user@host# set input-flows input-flow-name
user@host# set input-flows input-flow-name source-address address
user@host# set input-flows input-flow-name source-port port
user@host# set input-flows input-flow-name destination-address address
user@host# set input-flows input-flow-name destination-port port
NOTE: You can configure a maximum of 256 flow definitions. If your flow
definitions contain lists of addresses and ports, you may exceed the
number of match conditions. When you exceed the limits for flows or
match conditions, you receive the following constraint message when you
commit:
'interfaces xe-0/2/2.0'
Number of flows or Number of match condition under flows exceeded
limit
error: configuration check-out failed
3. Identify output flows for monitoring, using the same options listed in Step 2.
4. Identify the template used to monitor the flows on the interface.
[edit services video-monitoring interfaces interface-name]
set template t1
Related • Inline Video Monitoring Overview on page 225
Documentation
• templates on page 371
• interfaces on page 309
Inline Video Monitoring Syslog Messages
The following examples show the syslog messages produced when configured video
monitoring thresholds are exceeded.
/var/log/messages
Mar 11 18:36:25 tstrtr01 fpc2 [MDI] DF: 56.71 ms, exceeded threshold for
flow(src:20.0.0.2 dst:30.0.0.2 sport:1024 dport:2048) ingressing at interface
Copyright © 2014, Juniper Networks, Inc. 229
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
xe-2/2/1.0 with template t1.
Mar 11 18:36:25 tstrtr01 fpc2 [MDI] MLR : 112, exceeded threshold for flow
(src:20.0.0.2 dst:30.0.0.2 sport:1024 dport:2048) ingressing at interface
xe-2/2/1.0 with template t1.
Mar 11 18:36:25 tstrtr01 fpc2 [MDI] MRV : -5.67, exceeded threshold for flow
(src:20.0.0.2 dst:30.0.0.2 sport:1024 dport:2048) ingressing at interface
xe-2/2/1.0 with template t1.
Console Messages
NPC2(tstrtr01 vty)# [Mar 12 01:40:58.411 LOG: Critical] [MDI] MLR : 420, exceeded
threshold for flow (src:20.0.0.2 dst:30.0.0.2 sport:1024 dport:2048) ingressing
at interface xe-2/2/1.0 with template t1.
[Mar 12 01:40:58.411 LOG: Critical] [MDI] MRV : -14.89, exceeded threshold for
flow (src:20.0.0.2 dst:30.0.0.2 sport:1024 dport:2048) ingressing at interface
xe-2/2/1.0 with template t1.
[Mar 12 01:40:59.412 LOG: Critical] [MDI] DF: 141.74 ms, exceeded threshold for
flow(src:20.0.0.2 dst:30.0.0.2 sport:1024 dport:2048) ingressing at interface
xe-2/2/1.0 with template t1.
Related • Configuring Inline Video Monitoring on page 227
Documentation
230 Copyright © 2014, Juniper Networks, Inc.
PART 5
Configuration Statements and
Operational Commands
• Configuration Statements on page 233
• Operational Commands on page 395
Copyright © 2014, Juniper Networks, Inc. 231
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
232 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 13
Configuration Statements
• [edit forwarding-options] Hierarchy Level on page 238
• [edit interfaces] Hierarchy Level on page 242
• [edit services dynamic-flow-control] Hierarchy Level on page 243
• [edit services flow-collector] Hierarchy Level on page 244
• [edit services flow-monitoring] Hierarchy Level on page 245
• [edit services flow-tap] Hierarchy Level on page 245
• [edit services rpm] Hierarchy Level on page 246
• accounting on page 249
• address (Interfaces) on page 250
• address (Services Dynamic Flow Capture) on page 250
• aggregate-export-interval on page 251
• aggregation on page 252
• allowed-destinations on page 253
• analyzer-address on page 253
• analyzer-id on page 254
• archive-sites on page 254
• authentication-mode on page 255
• autonomous-system-type on page 256
• bgp on page 257
• capture-group on page 258
• cflowd (Discard Accounting) on page 259
• client-list on page 260
• collector on page 260
• content-destination on page 261
• control-source on page 262
• core-dump on page 263
• data-fill on page 264
• data-format on page 264
Copyright © 2014, Juniper Networks, Inc. 233
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• data-size on page 265
• destination (Interfaces) on page 266
• destination-interface on page 267
• destination-ipv4-address (RFC 2544 Benchmarking) on page 268
• destination-mac-address (RFC2544 Benchmarking) on page 268
• destination-port on page 269
• destination-udp-port (RFC 2544 Benchmarking) on page 270
• destinations on page 270
• direction (RFC2544 Benchmarking) on page 271
• disable (Forwarding Options) on page 272
• dscp-code-point on page 273
• duplicates-dropped-periodicity on page 274
• dynamic-flow-capture on page 275
• engine-id (Forwarding Options) on page 276
• engine-type on page 277
• export-format on page 278
• extension-service on page 279
• family (Monitoring) on page 280
• family (RFC2544 Benchmarking) on page 281
• family (Sampling) on page 282
• file (Sampling) on page 283
• file (Trace Options) on page 284
• file-specification (File Format) on page 284
• file-specification (Interface Mapping) on page 285
• filename on page 285
• filename-prefix on page 286
• files on page 286
• filter on page 287
• flow-active-timeout on page 288
• flow-collector on page 289
• flow-export-destination on page 290
• flow-export-rate on page 290
• flow-inactive-timeout on page 291
• flow-server on page 292
• flow-table-size on page 293
• flow-tap on page 294
• ftp (Flow Collector Files) on page 295
234 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
• ftp (Transfer Log Files) on page 296
• g-duplicates-dropped-periodicity on page 297
• g-max-duplicates on page 298
• hard-limit on page 298
• hard-limit-target on page 299
• hardware-timestamp on page 299
• history-size on page 300
• host-outbound on page 300
• udp-tcp-port-swap (RFC 2544 Benchmarking) on page 301
• in-service (RFC2544 Benchmarking) on page 301
• inactivity-timeout (Services RPM) on page 302
• inline-jflow on page 302
• input (Port Mirroring) on page 303
• input (Sampling) on page 303
• input-interface-index on page 304
• input-packet-rate-threshold on page 304
• instance (Sampling) on page 305
• interface (Accounting or Sampling) on page 306
• interface (Services Flow Tap) on page 307
• interface-map on page 307
• interfaces (Services Dynamic Flow Capture) on page 308
• interfaces (Video Monitoring) on page 309
• ip-swap (RFC 2544 Benchmarking) on page 310
• ipv4-flow-table-size on page 310
• ipv4-template on page 311
• ipv6-flow-table-size on page 311
• ipv6-extended-attrib on page 312
• ipv6-template on page 312
• label-position on page 313
• local-dump on page 313
• logical-system on page 314
• match on page 314
• max-connection-duration on page 315
• max-duplicates on page 315
• max-packets-per-second on page 316
• maximum-age on page 316
• maximum-connections on page 317
Copyright © 2014, Juniper Networks, Inc. 235
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• maximum-connections-per-client on page 317
• maximum-packet-length on page 318
• maximum-sessions on page 319
• maximum-sessions-per-connection on page 319
• minimum-priority on page 320
• mode (RFC 2544 Benchmarking) on page 320
• monitoring on page 321
• moving-average-size on page 322
• mpls-ipv4-template on page 322
• mpls-template on page 323
• multiservice-options on page 323
• name-format on page 324
• next-hop (Forwarding Options) on page 325
• next-hop-group (Forwarding Options) on page 326
• no-filter-check on page 326
• no-remote-trace (Trace Options) on page 327
• no-syslog on page 327
• notification-targets on page 328
• observation-domain-id on page 329
• one-way-hardware-timestamp on page 330
• option-refresh-rate on page 331
• options-template-id on page 332
• output (Accounting) on page 333
• output (Monitoring) on page 334
• output (Port Mirroring) on page 335
• output (Sampling) on page 336
• output-interface-index on page 337
• passive-monitor-mode on page 337
• password (Flow Collector File Servers) on page 338
• password (Transfer Log File Servers) on page 338
• peer-as-billing-template on page 339
• pic-memory-threshold on page 339
• pop-all-labels on page 340
• port (Flow Monitoring) on page 341
• port (RPM) on page 341
• port (TWAMP) on page 342
• pre-rewrite-tos on page 342
236 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
• probe on page 343
• probe-count on page 344
• probe-interval on page 344
• probe-limit on page 345
• probe-server on page 346
• probe-type on page 347
• rate (Forwarding Options) on page 348
• receive-options-packets on page 348
• receive-ttl-exceeded on page 349
• reflect-mode (RFC2544 Benchmarking) on page 350
• required-depth on page 351
• retry (Services Flow Collector) on page 352
• retry-delay on page 352
• rfc2544-benchmarking on page 353
• routing-instance on page 354
• routing-instances on page 354
• rpm (Interfaces) on page 355
• rpm (Services) on page 355
• run-length on page 356
• sample-once on page 356
• sampling (Forwarding Options) on page 357
• sampling (Interfaces) on page 359
• server on page 360
• server-inactivity-timeout on page 360
• service-port on page 361
• service-type (RFC2544 Benchmarking) on page 361
• services (RPM) on page 362
• shared-key on page 362
• size on page 363
• soft-limit on page 364
• soft-limit-clear on page 364
• source-address (Forwarding Options) on page 365
• source-address (Services) on page 365
• source-addresses on page 366
• source-id on page 366
• source-ipv4-address (RFC 2544 Benchmarking) on page 367
• source-mac-address (RFC2544 Benchmarking) on page 367
Copyright © 2014, Juniper Networks, Inc. 237
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• source-udp-port (RFC 2544 Benchmarking) on page 368
• stamp on page 368
• syslog on page 369
• target (Services RPM) on page 369
• tcp on page 370
• templates on page 371
• test on page 373
• tests (RFC 2544 Benchmarking) on page 374
• test-interface (RFC 2544 Benchmarking) on page 375
• test-interval on page 376
• test-name (RFC 2544 Benchmarking) on page 377
• thresholds on page 378
• traceoptions (Forwarding Options) on page 379
• traceoptions (RPM) on page 380
• transfer on page 381
• transfer-log-archive on page 382
• traps on page 383
• ttl on page 384
• twamp on page 385
• twamp-server on page 385
• template (Forwarding Options) on page 386
• template-id on page 387
• template-refresh-rate on page 388
• trio-flow-offload on page 388
• udp on page 389
• unit on page 390
• username (Services) on page 391
• variant on page 391
• version on page 392
• version9 (Forwarding Options) on page 392
• video-monitoring on page 393
• world-readable on page 394
[edit forwarding-options] Hierarchy Level
To configure flow monitoring and accounting properties, include the following statements
at the [edit forwarding-options] hierarchy level:
[edit forwarding-options]
accounting name {
238 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
output {
aggregate-export-interval seconds;
cflowd hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
port port-number;
version format;
}
flow-active-timeout seconds;
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
}
}
monitoring name {
family family {
output {
cflowd hostname port port-number;
export-format format;
flow-active-timeout seconds;
flow-export-destination {
collector-pic;
}
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
input-interface-index number;
output-interface-index number;
source-address address;
}
}
}
next-hop-group group-names {
interface interface-name {
next-hop address;
}
}
port-mirroring {
input {
rate rate;
run-length number;
maximum-packet-length bytes
}
family (inet | inet6) {
Copyright © 2014, Juniper Networks, Inc. 239
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
output {
interface interface-name {
next-hop address;
}
no-filter-check;
}
}
traceoptions {
file filename {
files number;
size bytes;
(world-readable | no-world-readable);
}
}
}
sampling {
disable;
sample-once;
input {
rate number;
run-length number;
max-packets-per-second number;
maximum-packet-length bytes;
}
traceoptions {
no-remote-trace;
file filename <files number> <size bytes> <match expression> <world-readable |
no-world-readable>;
}
family (inet | inet6 | mpls) {
disable;
output {
aggregate-export-interval seconds;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
extension-service service-name;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
240 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
engine-id number;
engine-type number;
source-address address;
}
file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
}
}
instance instance-name {
disable;
input {
rate number;
run-length number;
max-packets-per-second number;
maximum-packet-length bytes;
}
family (inet | inet6 | mpls) {
disable;
output {
aggregate-export-interval seconds;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
extension-service service-name;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
inline-jflow {
source-address address;
flow-export-rate rate;
Copyright © 2014, Juniper Networks, Inc. 241
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
}
}
}
}
NOTE: For the complete [edit forwarding-options] hierarchy, see the Routing
Policies, Firewall Filters, and Traffic Policers Feature Guide for Routing Devices.
This section documents only the statements used in flow monitoring and
accounting services.
Related • [edit interfaces] Hierarchy Level on page 242
Documentation
• [edit services flow-monitoring] Hierarchy Level on page 245
[edit interfaces] Hierarchy Level
To configure flow monitoring and accounting interfaces, include the following statements
at the [edit interfaces] hierarchy level:
[edit interfaces]
mo-fpc/pic/port {
unit logical-unit-number {
family inet {
accounting {
destination-class-usage;
source-class-usage direction;
}
}
address address {
destination address;
}
filter {
group filter-group-number;
input filter-name;
output filter-name;
}
receive-options-packets;
receive-ttl-exceeded;
sampling direction;
}
}
multiservice-options {
(core-dump | no-core-dump);
(syslog | no-syslog);
flow-control-options {
down-on-flow-control;
dump-on-flow-control;
reset-on-flow-control;
}
}
(at-fpc/pic/port | fe-fpc/pic/port | ge-fpc/pic/port) {
242 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
passive-monitor-mode;
}
so-fpc/pic/port {
unit logical-unit-number {
passive-monitor-mode;
}
}
Related • [edit forwarding-options] Hierarchy Level on page 238
Documentation
• [edit services flow-monitoring] Hierarchy Level on page 245
[edit services dynamic-flow-control] Hierarchy Level
To configure dynamic flow capture, include the dynamic-flow-capture statement at the
[edit services] hierarchy level:
[edit services]
dynamic-flow-capture {
capture-group client-name {
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destinations ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
duplicates-dropped-periodicity seconds;
input-packet-rate-threshold rate;
interfaces interface-name;
max-duplicates number;
pic-memory-threshold percentage percentage;
}
g-duplicates-dropped-periodicity seconds;
g-max-duplicates number;
traceoptions{
file filename <files number> <size size> <world-readable | non-world-readable>;
}
}
Related • Configuring Junos Capture Vision on page 37
Documentation
Copyright © 2014, Juniper Networks, Inc. 243
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
[edit services flow-collector] Hierarchy Level
To configure flow collection, include the flow-collector statement at the [edit services]
hierarchy level:
flow-collector {
analyzer-address address;
analyzer-id name;
destinations {
ftp:url {
password "password";
}
file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
collector interface-name;
file-specification variant-number;
}
}
retry number;
retry-delay seconds;
transfer-log-archive {
archive-sites {
ftp:url {
password "password";
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
}
}
Related • Configuring Flow Collection on page 28
Documentation
• Sending cflowd Records to Flow Collector Interfaces on page 31
• Configuring Flow Collection Mode and Interfaces on Services PICs on page 32
244 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
[edit services flow-monitoring] Hierarchy Level
services {
flow-monitoring {
version9 {
template template-name {
flow-active-timeout seconds;
flow-inactive-timeout seconds;
ipv4-template {
nexthop-options {
mpls {
label-position [ positions ];
}
}
}
ipv6-template;
mpls-template {
label-position [ positions ];
}
mpls-ipv4-template {
label-position [ positions ];
}
option-refresh-rate {
packets packets;
seconds seconds;
}
peer-as-billing-template;
template-refresh-rate {
packets packets;
seconds seconds;
}
peer-as-billing-template;
option-refresh-rate packets;
template-refresh-rate packets;
}
}
}
}
Related • Notational Conventions Used in Junos OS Configuration Hierarchies
Documentation
• [edit services] Hierarchy Level
[edit services flow-tap] Hierarchy Level
To configure flow-tap services, include the flow-tap statement at the [edit services]
hierarchy level. You can also specify whether you want to apply the flow-tap service to
IPv4 traffic or IPv6 traffic by including the family inet | inet6 statement. If the family
statement is not included in the configuration, the flow-tap service is applied only to the
IPv4 traffic.
flow-tap {
interface interface-name;
Copyright © 2014, Juniper Networks, Inc. 245
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
family inet | inet6;
}
Other statements are configured at the [edit interfaces] and [edit system] hierarchy
levels.
Related • Junos Packet Vision Architecture on page 48
Documentation
• Configuring Junos Packet Vision on page 49
• Configuring FlowTapLite on page 52
[edit services rpm] Hierarchy Level
To configure Real-Time Performance Monitoring (RPM) services, include the rpm
statement at the [edit services]hierarchy level:
[edit services]
rpm {
bgp {
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name [routing-instances routing-instance-name];
moving-average-size number;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances instance-name;
test-interval interval;
}
probe owner {
test test-name {
data-fill data;
data-size size;
destination-interface interface-name;
destination-port port;
dscp-code-point dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance instance-name;
source-address address;
target (url url | address address);
test-interval interval;
thresholds thresholds;
traps traps;
}
}
246 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
probe-server {
tcp {
destination-interface interface-name;
port number;
}
udp {
destination-interface interface-name;
port number;
}
}
probe-limit limit;
traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size>
<world-readable | no-world-readable>;
flag flag;
}
twamp {
server {
authentication-mode (authenticated | encrypted | none);
client-list list-name {
[ address address ];
}
inactivity-timeout seconds;
maximum-connections-duration hours;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
server-inactivity-timeout minutes;
}
}
rfc2544-benchmarking {
tests{
test-name test-name {
test-interface interface-name;
mode reflect;
family (inet | ccc);
destination-ipv4-address address;
destination-udp-port port-number;
source-ipv4-address address;
source-udp-port port-number;
direction (egress | ingress);
}
}
}
}
NOTE: RPM does not require an Adaptive Services (AS) or Multiservices PIC
or Multiservices Dense Port Concentrator (DPC) unless you are configuring
RPM timestamping as described in “Configuring RPM Timestamping” on
page 152.
Copyright © 2014, Juniper Networks, Inc. 247
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
• Configuring RPM Receiver Servers on page 151
• Limiting the Number of Concurrent RPM Probes on page 152
• Configuring RPM Timestamping on page 152
• Configuring TWAMP on page 156
• Enabling RPM for the Junos OS extension-provider package on page 168
• Tracing RPM Operations on page 161
248 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
accounting
Syntax accounting name {
output {
aggregate-export-interval seconds;
cflowd hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
port port-number;
version format;
}
flow-active-timeout seconds;
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
}
}
Hierarchy Level [edit forwarding-options]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the discard accounting instance name and options.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Discard Accounting on page 70
Documentation
Copyright © 2014, Juniper Networks, Inc. 249
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
address (Interfaces)
Syntax address address {
destination address;
}
Hierarchy Level [edit interfaces interface-name unit logical-unit-numberfamily family]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the interface address.
Options address—Address of the interface.
The remaining statement is explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Junos OS Network Interfaces Library for Routing Devices for other options not associated
Documentation with flow monitoring.
• Configuring Flow Monitoring on page 6
• Configuring Traffic Sampling on page 59
address (Services Dynamic Flow Capture)
Syntax address address;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name content-destination
identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description Configure an IP address for the flow capture destination.
Options address—IP address for the content destination.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Content Destination on page 38
Documentation
250 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
aggregate-export-interval
Syntax aggregate-export-interval seconds;
Hierarchy Level [edit forwarding-options accounting name output],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output],
[edit forwarding-options sampling family (inet |inet6 |mpls) output]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the duration, in seconds, of the interval for exporting aggregate accounting
information.
Options seconds—Duration.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Discard Accounting on page 70
Documentation
Copyright © 2014, Juniper Networks, Inc. 251
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
aggregation
Syntax aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
Hierarchy Level [edit forwarding-options accounting output cflowd hostname],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname],
[edit forwarding-options sampling family (inet |inet6 |mpls) output flow-server hostname]
Release Information Statement introduced before Junos OS Release 7.4.
Description For cflowd version 8 only, specify the type of data to be aggregated; cflowd records and
sends only those flows that match the specified criteria.
Options autonomous-system—Aggregate by autonomous system (AS) number.
caida-compliant—Record source and destination mask-length values in compliance with
the Version 2.1b1 release of CAIDA’s cflowd application. If this statement is not
configured, the Junos OS records source and destination mask length values in
compliance with the cflowd Configuration Guide, dated August 30, 1999.
destination-prefix—Aggregate by destination prefix.
protocol-port—Aggregate by protocol and port number.
source-destination-prefix—Aggregate by source and destination prefix.
source-prefix—Aggregate by source prefix.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Flow Aggregation on page 86
Documentation
252 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
allowed-destinations
Syntax allowed-destinations [ identifiers ];
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description Identify flow capture destinations that are allowed in messages sent from this control
source.
Options identifier—Allowed content destination name.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
analyzer-address
Syntax analyzer-address address;
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure an IP address for the packet analyzer that overrides the default value.
Options address—IP address for packet analyzer.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring a Packet Analyzer on page 29
Documentation
Copyright © 2014, Juniper Networks, Inc. 253
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
analyzer-id
Syntax analyzer-id name;
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure an identifier for the packet analyzer that overrides the default value.
Options name—Identifier for packet analyzer.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring a Packet Analyzer on page 29
Documentation
archive-sites
Syntax archive-sites {
ftp:url {
password "password";
username username;
}
}
Hierarchy Level [edit services flow-collector transfer-log-archive]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the destination for transfer logs.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level
Related • Configuring Transfer Logs on page 30
Documentation
254 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
authentication-mode
Syntax authentication-mode (authenticated | control-only-encrypted | encrypted | none);
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.5.
Description Specify the authentication or encryption mode support for the TWAMP test protocol.
This statement is required in the configuration; if no authentication or encryption is
specified, you should set the value to none.
Options authenticated—Data packets are authenticated.
control-only-encrypted—TWAMP control packets are encrypted. TWAMP data packets
are in plain text format.
encrypted—Data packets are encrypted.
none—No authentication or encryption.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
Copyright © 2014, Juniper Networks, Inc. 255
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
autonomous-system-type
Syntax autonomous-system-type (origin | peer);
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname],
[edit forwarding-options sampling family (inet |inet6 |mpls) output flow-server hostname]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the type of AS numbers that cflowd exports.
Default origin
Options origin—Export origin AS numbers of the packet source address in the Source Autonomous
System cflowd field.
peer—Export peer AS numbers through which the packet passed in the Source
Autonomous System cflowd field.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Flow Aggregation on page 86
Documentation
256 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
bgp
Syntax bgp {
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name <routing-instances routing-instance-name>;
moving-average-size size;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances instance-name;
test-interval interval;
}
Hierarchy Level [edit services rpm bgp]
[edit protocols bgp group group-name]
[edit routing-instances instance-name protocols bgp group group-name]
[edit logical-system logical-system-name protocols bgp group group-name]
[edit logical-system logical-system-name routing-instances instance-name protocols bgp
group group-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure BGP neighbor discovery through Real-Time Performance Monitoring (RPM).
Options bgp—Define properties for configuring BGP neighbor discovery.
The remaining statements are explained separately.
NOTE: On MX Series routers, you can configure all the statements. On M
Series and T Series routers, you can configure only the logical-system and
routing-instances statements.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
Copyright © 2014, Juniper Networks, Inc. 257
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
capture-group
Syntax capture-group client-name {
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destinations ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
duplicates-dropped-periodicity seconds;
input-packet-rate-threshold rate;
interfaces interface-name;
max-duplicates number;
pic-memory-threshold percentage percentage;
}
Hierarchy Level [edit services dynamic-flow-capture]
Release Information Statement introduced in Junos OS Release 7.4.
Description Define the capture group values.
Options The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Capture Group on page 37
Documentation
258 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
cflowd (Discard Accounting)
Syntax cflowd hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
label-position {
template template-name;
}
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
}
Hierarchy Level [edit forwarding-options accounting name output],
Release Information Statement introduced before Junos OS Release 7.4.
Description Collect an aggregate of sampled flows and send the aggregate to a specified host system
that runs the collection utility cfdcollect.
You can configure up to one version 5 and one version 8 flow format at the [edit
forwarding-options accounting name output] hierarchy level.
Options hostname—The IP address or identifier of the host system (the workstation running the
cflowd utility).
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Flow Aggregation on page 86
Documentation
Copyright © 2014, Juniper Networks, Inc. 259
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
client-list
Syntax client-list list-name {
address address;
}
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description List of allowed control client hosts that can connect to this server. Each entry is a Classless
Interdomain Routing (CIDR) address (IP address plus mask) that represents a network
of allowed hosts. You can configure more than one list, but you must configure at least
one client address to enable TWAMP. Each list can contain up to 64 entries.
Options list-name—Name of client address list.
address—Address and mask for an allowed client.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
collector
Syntax collector interface-name;
Hierarchy Level [edit services flow-collector interface-map]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the default flow collector interface for interface mapping.
Options interface-name—Default flow collector interface.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Interface Mappings on page 30
Documentation
260 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
content-destination
Syntax content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 7.4.
Description Identify the destination for captured packets.
Options identifier—Name of the destination.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Content Destination on page 38
Documentation
Copyright © 2014, Juniper Networks, Inc. 261
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
control-source
Syntax control-source identifier {
allowed-destinations [ destinations ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 7.4.
Description Identify the source of the dynamic flow capture request.
Options identifier—Name of control source.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
262 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
core-dump
Syntax (core-dump | no-core-dump);
Hierarchy Level [edit interfaces mo-fpc/pic/port multiservice-options]
Release Information Statement introduced before Junos OS Release 7.4.
Description A useful tool for isolating the cause of a problem. Core dumping is enabled by default.
The directory /var/tmp contains core files. The Junos OS saves the current core file (0)
and the four previous core files, which are numbered from 1 through 4 (from newest to
oldest):
NOTE: By default, all members of a configured user group (with read-only
permissions) can access the core dump files and attach them to cases
associated with JTAC.
• core-dump—Enable the core dumping operation.
• no-core-dump—Disable the core dumping operation.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
Copyright © 2014, Juniper Networks, Inc. 263
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
data-fill
Syntax data-fill data;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 93. for PTX Series Packet Transport Routers.
Description Specify the contents of the data portion of Internet Control Message Protocol (ICMP)
probes. The data-fill statement is not valid with the http-get or http-metadata-get probe
types.
Options data—A hexadecimal value; for example, 0-9, A-F.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
data-format
Syntax data-format format;
Hierarchy Level [edit services flow-collector file-specification variant variant-number]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the data format for a specific file format variant.
Options format—Data format. Specify flow-compressed as the data format.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring File Formats on page 29
Documentation
264 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
data-size
Syntax data-size size;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the size of the data portion of ICMP probes. The data-size statement is not valid
with the http-get or http-metadata-get probe type.
Options data—The size can be from 0 through 65400
Default: 0
NOTE: If you configure the hardware timestamp feature (see “Configuring
RPM Timestamping” on page 152):
• The data-size default value is 32 bytes and 32 is the minimum value for
explicit configuration. The UDP timestamp probe type is an exception; it
requires a minimum data size of 52 bytes.
• The data-size must be at least 100 bytes smaller than the default MTU of
the interface of the RPM client interface.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
Copyright © 2014, Juniper Networks, Inc. 265
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
destination (Interfaces)
Syntax destination address;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number tunnel]
[edit interfaces interface-name unit logical-unit-number family inet address address],
[edit interfaces interface-name unit logical-unit-number tunnel]
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number
family inet address address]
Release Information Statement introduced before Junos OS Release 7.4.
Description For CoS on ATM interfaces, specify the remote address of the connection.
For point-to-point interfaces only, specify the address of the interface at the remote end
of the connection.
For tunnel and encryption interfaces, specify the remote address of the tunnel.
Options address—Address of the remote side of the connection.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Linear RED Profiles on ATM Interfaces
Documentation
• Multilink and Link Services Logical Interface Configuration Overview
• Configuring Encryption Interfaces
• Configuring Traffic Sampling on page 59
• Configuring Flow Monitoring on page 6
• Configuring Unicast Tunnels
266 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
destination-interface
Syntax destination-interface interface-name;
Hierarchy Level [edit services rpm probe owner test test-name],
[edit services rpm probe-server (tcp | udp)]
Release Information Statement introduced in Junos OS Release 7.5.
Description On M Series and T Series routers, specify a services (sp-) interface that adds a timestamp
to RPM probe messages. This feature is supported only with icmp-ping,
icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types. You must also
configure the rpm statement on the sp- interface and include the unit 0 family inet
statement with a /32 address.
On M Series, MX Series, and T Series routers, specify a multiservices (ms-) interface that
adds a timestamp to RPM probe messages. This feature is supported only with icmp-ping,
icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types. You must also
configure the rpm statement on the ms- interface and include the unit 0 family inet
statement with a /32 address.
To enable RPM for the extension-provider packages on the adaptive services interface,
configure the object-cache-size, policy-db-size, and package statements at the [edit
chassis fpc slot-number pic pic-number adaptive-services service-package
extension-provider] hierarchy level. For the extension-provider package, package-name
in the package package-name statement is jservices-rpm.
Options interface-name—Name of the adaptive services interface.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Timestamping on page 152
Documentation
• Configuring RPM Receiver Servers on page 151
• Configuring RPM Timestamping on page 152
• hardware-timestamp on page 299
• rpm (Interfaces) on page 355
• Enabling RPM for the Junos OS extension-provider package on page 168
Copyright © 2014, Juniper Networks, Inc. 267
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
destination-ipv4-address (RFC 2544 Benchmarking)
Syntax destination-ipv4-address address;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the destination IPv4 address to be used in generated test frames. You must
configure this option if you specify inet as the family. This option is not required if you
specify cccas the family.
Options address—Valid IPv4 address.
Default: If you do not configure the destination IPv4 address, the default value of
192.168.1.20 is used.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
destination-mac-address (RFC2544 Benchmarking)
Syntax destination-mac-address mac-address;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X53 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX104 3D Universal Edge Routers.
Description Specify the destination MAC address used in the generated test frames. This is a
mandatory parameter for family bridge.
Options mac-address—MAC address. Specify the MAC address as six hexadecimal bytes in one
of the following formats: nnnn.nnnn.nnnn or nn:nn:nn:nn:nn:nn—for example,
0011.2233.4455 or 00:11:22:33:44:55.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC2544-Based Benchmarking Test
• rfc2544-benchmarking on page 353
268 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
destination-port
Syntax destination-port port;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) port
to which a probe is sent. This statement is used only for TCP or UDP probe types.
The value for the destination-port can be only 7 when you configure along with hardware
timestamping. A constraint check prevents you for configuring any other value for the
destination port in this case.
This constraint does not apply when you are using one-way hardware timestamping
along with destination-port and either probe-type udp-ping or probe-type
udp-ping-timestamp.
Options port—The port number can be 7 or from 49,160 to 65,535.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
Copyright © 2014, Juniper Networks, Inc. 269
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
destination-udp-port (RFC 2544 Benchmarking)
Syntax destination-udp-port port-number;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the UDP port of the destination to be used in the UDP header for the generated
frames. If you do not specify the UDP port, the default value of 4041 is used.
Options port-number—UDP port number for the test frames
Default: 4041
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
destinations
Syntax destinations {
ftp:url {
password "password";
}
}
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the primary and secondary destination FTP servers.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Destination FTP Servers for Flow Records on page 28
Documentation
270 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
direction (RFC2544 Benchmarking)
Syntax direction (egress | ingress);
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the direction of the interface on which the test must be run. This parameter is
valid only for a ccc family and a bridge family. RFC2544 tests are supported only in the
egress direction or the user-to-network interface (UNI) direction of an E-line or E-LAN
service parameters in a bridge domain between two routers for unicast traffic. You cannot
compute the NNI direction of Ethernet services between two routers for multicast or
broadcast traffic.
Options egress—Run the test in the egress direction of the interface (network-to-network interface
(NNI)). This option is applicable for a ccc and bridge family.
ingress—Run the test in the ingress direction of the interface (user-to-network interface
(UNI)). You cannot configure this option for a bridge family.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 271
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
disable (Forwarding Options)
Syntax disable;
Hierarchy Level [edit forwarding-options port-mirror],
[edit forwarding-options port-mirror instance instance-name],
[edit forwarding-options sampling],
[edit forwarding-options sampling instance instance-name],
[edit forwarding-options sampling family (inet |inet6 |mpls) ],
[edit forwarding-options sampling family (inet |inet6 |mpls) output file]
Release Information Statement introduced before Junos OS Release 7.4.
Statement added to port-mirror hierarchy in Junos OS Release 9.6.
Description Disable traffic accounting, port mirroring, or sampling.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
• Configuring Port Mirroring on page 121
272 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
dscp-code-point
Syntax dscp-code-point dscp-bits;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release for PTX Series Packet Transport Routers.
Description Specify the value of the Differentiated Services (DiffServ) field within the IP header. The
DiffServ code point (DSCP) bits value must be set to a valid 6-bit pattern.
Options dscp-bits—A valid 6-bit pattern; for example, 001111, or one of the following configured
DSCP aliases:
• af11—Default: 001010
• af12—Default: 001100
• af13—Default: 001110
• af21—Default: 010010
• af22—Default: 010100
• af23 —Default: 010110
• af31 —Default: 011010
• af32 —Default: 011100
• af33 —Default: 011110
• af41 —Default: 100010
• af42 —Default:100100
• af43 —Default:100110
• be—Default: 000000
• cs1—Default: 001000
• cs2—Default: 010000
• cs3—Default: 011000
• cs4—Default: 100000
• cs5—Default: 101000
• cs6—Default: 110000
• cs7—Default: 111000
• ef—Default: 101110
• nc1—Default: 110000
Copyright © 2014, Juniper Networks, Inc. 273
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• nc2—Default: 111000
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
duplicates-dropped-periodicity
Syntax duplicates-dropped-periodicity seconds;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify the frequency for sending notifications to affected control sources when
transmission of duplicate sets of data is restricted because the max-duplicates threshold
has been reached.
Options seconds—Period for sending DuplicatesDropped notifications.
Default: 30 seconds
Usage Guidelines See .
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • g-duplicates-dropped-periodicity on page 297
Documentation
• Limiting the Number of Duplicates of a Packet on page 43
• max-duplicates on page 315
274 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
dynamic-flow-capture
Syntax dynamic-flow-capture {
capture-group client-name {
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destinations ];
minimum-priority value;
no-syslog;
notification-targets address port port-number;
service-port port-number;
shared-key value;
source-addresses [ addresses ];
}
duplicates-dropped-periodicity seconds;
input-packet-rate-threshold rate;
interfaces interface-name;
max-duplicates number;
pic-memory-threshold percentage percentage;
}
g-duplicates-dropped-periodicity seconds;
g-max-duplicates number;
}
Hierarchy Level [edit services]
Release Information Statement introduced in Junos OS Release 7.4.
Description Define the dynamic flow capture properties to be applied to traffic.
Options The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Junos Capture Vision
Documentation
Copyright © 2014, Juniper Networks, Inc. 275
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
engine-id (Forwarding Options)
Syntax engine-id number;
Hierarchy Level [edit forwarding-options accounting name output interface interface-name],
[edit forwarding-options monitoring name output interface interface-name],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
interface interface-name],
[edit forwarding-options sampling family (inet |inet6 |mpls) output interface interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the engine ID number for flow monitoring and accounting services.
Options number—Identity of accounting interface.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
• Configuring Flow Monitoring on page 6
• Configuring Discard Accounting on page 70
276 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
engine-type
Syntax engine-type number;
Hierarchy Level [edit forwarding-options accounting name output interface interface-name],
[edit forwarding-options monitoring name output interface interface-name],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
interface interface-name],
[edit forwarding-options sampling family (inet |inet6 |mpls) output interface interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the engine type number for flow monitoring and accounting services. The engine
type attribute refers to the type of the flow switching engine, such as the route processor
or a line module. The configured engine type is inserted in output cflowd packets. The
Source ID, a 32-bit value to ensure uniqueness for all flows exported from a particular
device, is the equivalent of the engine type and the engine ID fields.
NOTE: You must configure a source address in the output interface
statements. The interface-level statement of engine-type is added
automatically but you may override this value with manually configured
statements to track different flows with a single cflowd collector.
Options number—Platform-specific accounting interface type.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
• Configuring Flow Monitoring on page 6
• Configuring Discard Accounting on page 70
Copyright © 2014, Juniper Networks, Inc. 277
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
export-format
Syntax export-format format;
Hierarchy Level [edit forwarding-options monitoring name output]
Release Information Statement introduced before Junos OS Release 7.4.
Description Flow monitoring export format.
Options format—Format of the flows.
Values: 5 or 8
Default: 5
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • version on page 392
Documentation
• Exporting Flows on page 8
278 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
extension-service
Syntax extension-service service-name {
provider-specific rules;
}
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6) output]
[edit forwarding-options sampling family (inet |inet6) output]
[edit services service-set service-set-name]
Release Information Statement introduced in Junos OS Release 9.0.
Description Define a customer specific sampling configuration.
Define a service set or traffic monitoring for applications using application-specific
configuration guidelines.
NOTE: If the extension-service statement is specified while configuring a
service set, the service-order statement is mandatory.
Options provider-specific rules—Provider-specific subhierarchy for services and service sets. See
the application-specific documentation for details.
service-name—Name of the service.
Required Privilege system—To view this statement in the configuration.
Level system-control—To add this statement to the configuration.
Related • service-order
Documentation
• sampling on page 357
Copyright © 2014, Juniper Networks, Inc. 279
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
family (Monitoring)
Syntax family inet {
output {
flow-active-timeout seconds;
flow-inactive-timeout seconds;
export-format format;
cflowd hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
port port-number;
}
interface interface-name {
engine-id number;
engine-type number;
input-interface-index number;
output-interface-index number;
source-address address;
}
}
}
Hierarchy Level [edit forwarding-options monitoring name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify input and output interfaces and properties for flow monitoring. Only IPv4 (inet)
is supported.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
280 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
family (RFC2544 Benchmarking)
Syntax family (bridge | ccc | inet);
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
bridge option introduced in Junos OS Release 12.3X53 for ACX Series routers.
bridge option introduced in Junos OS Release 14.2 for MX104 3D Universal Edge Routers.
Description Configure the address type family for the benchmarking test.
Options inet—Run the test on an IPv4 service.
ccc—Run the test on a circuit cross-connect (CCC) or Ethernet pseudowire service. You
can run the RFC2544-based benchmarking test either in the egress or ingress
direction.
bridge—Indicates that the test is run on a Layer 2 Ethernet line (E- Line) or an Ethernet
LAN (E-LAN) service configured in a bridge domain. You can run the RFC2544-based
benchmarking test only in the egress direction or the user-to-network interface (UNI)
direction of an Ethernet line.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 281
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
family (Sampling)
Syntax family (inet | inet6 | mpls) {
disable;
output {
aggregate-export-interval seconds;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
extension-service service-name;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
inline-jflow {
source-address address;
flow-export-rate rate;
}
}
}
Hierarchy Level [edit forwarding-options sampling],
[edit forwarding-options sampling instance instance-name]
Release Information Statement introduced before Junos OS Release 7.4.
mpls option introduced in Release 8.3.
inet6 option introduced in Release 9.4.
282 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
Description Configure the protocol family to be sampled. IPv4 (inet) is supported for most purposes,
but you can configure family mpls to collect and export MPLS label information or family
inet6 to collect and export IPv6 traffic using flow aggregation version 9.
The remaining statements are explained separately.
NOTE: The inline-jflow statement is valid only under the [edit
forwarding-options sampling instance instance-name family inet output]
hierarchy level. The file statement is valid only under the [edit
forwarding-options sampling family inet output] hierarchy level.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
file (Sampling)
Syntax file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
Hierarchy Level [edit forwarding-options sampling family inet output]
Release Information Statement introduced before Junos OS Release 7.4.
Description Collect the traffic samples in a file.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
Copyright © 2014, Juniper Networks, Inc. 283
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
file (Trace Options)
Syntax file filename <files number <size bytes> <world-readable | no-world-readable>;
Hierarchy Level [edit forwarding-options port-mirroring traceoptions],
[edit forwarding-options sampling traceoptions]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure information about the files that contain trace logging information.
Options filename—The name of the file containing the trace information.
Default: /var/log/sampled
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Tracing Traffic Sampling Operations on page 65
Documentation
file-specification (File Format)
Syntax file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the file format for the flow collection files.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring File Formats on page 29
Documentation
284 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
file-specification (Interface Mapping)
Syntax file-specification {
variant variant-number;
}
Hierarchy Level [edit services flow-collector interface-map]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the default file specification for interface mapping.
Options variant-number—Default file format variant.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
filename
Syntax filename filename;
Hierarchy Level [edit forwarding-options sampling family (inet |inet6 |mpls) output file]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the name of the output file.
Options filename—Name of the file in which to place the traffic samples. All files are placed in
the directory /var/tmp.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
Copyright © 2014, Juniper Networks, Inc. 285
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
filename-prefix
Syntax filename-prefix prefix;
Hierarchy Level [edit services flow-collector transfer-log-archive]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the filename prefix for log files.
Options prefix—Filename identifier.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Transfer Logs on page 30
Documentation
files
Syntax files number;
Hierarchy Level [edit forwarding-options port-mirroring traceoptions file],
[edit forwarding-options sampling family (inet |inet6 |mpls) output file],
[edit forwarding-options sampling traceoptions file]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the total number of files to be saved with samples or trace data.
Options number—Maximum number of traffic sampling or trace log files. When a file named
sampling-file reaches its maximum size, it is renamed sampling-file.0, then
sampling-file.1, and so on, until the maximum number of traffic sampling files is
reached. Then the oldest sampling file is overwritten.
Range: 1 through 100 files
Default: 5 files for sampling output; 10 files for trace log information
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
• Configuring Traffic Sampling on page 59
286 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
filter
Syntax filter {
input filter-name;
output filter-name;
group filter-group-number;
}
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family inet]
Release Information Statement introduced before Junos OS Release 7.4.
Description Apply a firewall filter to an interface. You can also use filters for encrypted traffic.
Options group filter-group-number—Define an interface to be part of a filter group. The default
filter group number is 0.
input filter-name—Name of one filter to evaluate when packets are received on the
interface.
output filter-name—Name of one filter to evaluate when packets are transmitted on the
interface.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Routing Policies, Firewall Filters, and Traffic Policers Feature Guide for Routing Devices
Documentation or the Junos OS Administration Library for Routing Devices
• Configuring Flow Monitoring on page 6
Copyright © 2014, Juniper Networks, Inc. 287
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
flow-active-timeout
Syntax flow-active-timeout seconds;
Hierarchy Level [edit forwarding-options accounting name output],
[edit forwarding-options monitoring name output],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output],
[edit forwarding-options sampling family (inet |inet6 |mpls) output],
[edit services flow-monitoring version9]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced before Junos OS Release 7.4.
Support at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level added in Junos OS Release 10.2.
Description Set the interval after which an active flow is exported.
NOTE: The router must include an Adaptive Services, Multiservices, or
Monitoring Services PIC for this statement to take effect.
Options seconds—Duration of the timeout period.
Range: 60 through 1800 seconds (for forwarding-options configurations); 10 through
600 seconds (for services configurations)
Default: 1800 seconds (for forwarding-options configurations); 60 seconds (for services
configurations)
NOTE: In active flow monitoring, the cflowd or flow monitoring version 9
records are exported after a time period that is a multiple of 60 seconds and
greater than or equal to the configured active timeout value. For example, if
the active timeout value is 90 seconds, the cflowd or flow monitoring version
9 records are exported at 120-second intervals. If the active timeout value is
150 seconds, the cflowd or flow monitoring version 9 records are exported
at 180-second intervals, and so forth.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Time Periods when Flow Monitoring is Active and Inactive on page 9
Documentation
• Configuring the Version 9 Template Properties on page 92
288 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
flow-collector
Syntax flow-collector {
analyzer-address address;
analyzer-id name;
destinations {
ftp:url {
password "password";
}
}
file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
collector interface-name;
file-specification variant-number;
}
}
retry number;
retry-delay seconds;
transfer-log-archive {
archive-sites {
ftp:url {
password "password";
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
}
Hierarchy Level [edit services]
Release Information Statement introduced before Junos OS Release 7.4.
Description Define the flow collection.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Copyright © 2014, Juniper Networks, Inc. 289
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Flow Collection
Documentation
flow-export-destination
Syntax flow-export-destination {
(cflowd-collector | collector-pic);
}
Hierarchy Level [edit forwarding-options monitoring group-name family inet output]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure flow collection.
Options cflowd-collector—cflowd collector.
collector-pic—Collector PIC.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Exporting Flows on page 8
Documentation
flow-export-rate
Syntax flow-export-rate rate;
Hierarchy Level [edit forwarding-options sampling instance instance-name family inet output inline-jflow]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the flow export rate of monitored packets in kpps.
Options rate—Flow export rate of monitored packets in kpps (from 1 to 400).
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Discard Accounting on page 70
Documentation
• Configuring Flow Monitoring on page 6
• Configuring Traffic Sampling on page 59
290 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
flow-inactive-timeout
Syntax flow-inactive-timeout seconds;
Hierarchy Level [edit forwarding-options accounting name output],
[edit forwarding-options monitoring name output],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output],
[edit forwarding-options sampling family (inet |inet6 |mpls) output],
[edit services flow-monitoring version9]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced before Junos OS Release 7.4.
Support at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level added in Junos OS Release 10.2.
Description Set the interval of inactivity that marks a flow inactive.
NOTE: The router must include an Adaptive Services, Multiservices, or
Monitoring Services PIC for this statement to take effect.
Options seconds—Duration of the timeout period.
Range: 60 through 1800 seconds (for forwarding-options configurations); 10 through
600 seconds (for services configurations)
Default: 1800 seconds (for forwarding-options configurations); 60 seconds (for services
configurations)
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Time Periods when Flow Monitoring is Active and Inactive on page 9
Documentation
• Configuring the Version 9 Template Properties on page 92
Copyright © 2014, Juniper Networks, Inc. 291
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
flow-server
Syntax flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output],
[edit forwarding-options sampling family (inet |inet6 |mpls) output]
Release Information Statement introduced before Junos OS Release 7.4.
version9 statement introduced in Junos OS Release 8.3.
Description Collect an aggregate of sampled flows and send the aggregate to a specified host system
that runs the collection utility cfdcollect. Specify a host system to collect sampled flows
using the version 9 format.
You can configure up to one version 5 and one version 8 flow format at the [edit
forwarding-options sampling family (inet | inet6| mpls) output flow-server hostname]
hierarchy level. For the same configuration, you can specify only either version 9 flow
record formats or formats using versions 5 and 8, not both types of formats.
Options hostname—The IP address–IPv4 or IPv6–or identifier of the host system (the
workstationeither running the cflowd utility or collecting traffic flows using version 9).
You can configure only one host system for version 9.
NOTE: IPv6 coniguration for flow-server is supported only in Junos OS Release
12.3 and later.
Note that when you configure an IPv6 address for the flow-server statement,
you must also configure an IPv6 address for the inline-jflow source-address
statement at the [edit forwarding-options sampling instance instance-name
family (inet | inet6 | mpls) output] hierarchy level.
292 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
flow-table-size
Syntax flow-table-size {
ipv4-flow-table-size units;
ipv6-flow-table-size units;
ipv6-extended-attrib;
}
Hierarchy Level [edit chassis fpc slot-number inline-services]
Release Information Statement introduced in Junos OS Release 12.1.
ipv6-extended-attrib option added in Junos OS Release 14.2 for MX Series routers.
Description Configure the size of hash tables for inline services sampling.
Options The remaining statements are defined separately.
Copyright © 2014, Juniper Networks, Inc. 293
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
flow-tap
Syntax flow-tap {
(interface interface-name | tunnel-interface interface-name | family (inet | inet6));
}
Hierarchy Level [edit services]
Release Information Statement introduced in Junos OS Release 8.1.
Description Enable the flow-tap or FlowTapLite application on an interface. FlowTapLite is a lighter
version of the flow-tap application that is available on MX Series platforms, M120 routers,
and M320 routers with Enhanced III FPCs only.
Options interface interface-name—Specify the interface name for the flow-tap application.
tunnel-interface interface-name—Specify the tunnel interface name for the FlowTapLite
application.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • [edit services flow-tap] Hierarchy Level
Documentation
• Configuring Junos Packet Vision on page 49
294 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
ftp (Flow Collector Files)
Syntax ftp:url;
Hierarchy Level [edit services flow-collector destination]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the primary and secondary destination FTP server addresses.
Options url—FTP server address. The URL can include the following macros, typed in braces:
• {%D}—Date
• {%T)—Time when the file is created
• {%I}—Description string for the logical interface configured using the
collector interface-name statement at the [edit services flow-collector interface-map]
hierarchy
• {%N}—Unique, sequential number for each new file created
• {am_pm}—AM or PM
• {date}—Current date using the {year} {month} {day} macros
• {day}—From 01 through 31
• {day_abbr}—Sun through Sat
• {day_full}—Sunday through Saturday
• {generation number}—Unique, sequential number for each new file created
• {hour_12}—From 01 through 12
• {hour_24}—From 00 through 23
• {ifalias}—Description string for the logical interface configured using the collector
statement at the [edit services flow-collector interface-map] hierarchy
• {minute}—From 00 through 59
• {month}—From 01 through 12
• {month_abbr}—Jan through Dec
• {month_full}—January through December
• {num_zone}—From -2359 to +2359; this macro is not supported
• {second}—From 00 through 60
• {time}—Time the file is created, using the {hour_24} {minute} {second} macros
• {time_zone}—Time zone code name of the locale; for example, gmt (this macro is not
supported).
• {year}—In the format YYYY; for example, 1970
Copyright © 2014, Juniper Networks, Inc. 295
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• {year_abbr}—From 00 through 99
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Destination FTP Servers for Flow Records on page 28
Documentation
ftp (Transfer Log Files)
Syntax ftp:url;
Hierarchy Level [edit services flow-collector transfer-log-archive archive-sites]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the primary and secondary destination FTP server addresses.
Options url—FTP server address.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Transfer Logs on page 30
Documentation
296 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
g-duplicates-dropped-periodicity
Syntax g-duplicates-dropped-periodicity seconds;
Hierarchy Level [edit services dynamic-flow-capture]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify the frequency for sending notifications to affected control sources when
transmission of duplicate sets of data is restricted because the g-max-duplicates threshold
has been reached. This setting is applied globally; the duplicates-dropped-periodicity
setting applied at the capture-group level overrides the global setting.
Default The default period for sending notifications is 30 seconds.
Options seconds—Period for sending DuplicatesDropped notifications.
Usage Guidelines See .
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • duplicates-dropped-periodicity on page 274
Documentation
• Limiting the Number of Duplicates of a Packet on page 43
Copyright © 2014, Juniper Networks, Inc. 297
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
g-max-duplicates
Syntax g-max-duplicates number;
Hierarchy Level [edit services dynamic-flow-capture]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify the maximum number of content destinations to which DFC PICs can send data
from a single input set of packets. Limiting the number of duplicates reduces the load
on the PIC. This setting is applied globally; the max-duplicates setting applied at the
capture-group level overrides the global setting.
Default If no value is configured, a default setting of 3 is used.
Options number—Maximum number of content destinations.
Range: 1 through 64
Usage Guidelines See .
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • max-duplicates on page 315
Documentation
• Limiting the Number of Duplicates of a Packet on page 43
hard-limit
Syntax hard-limit bandwidth;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name content-destination identifier]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify a bandwidth threshold at which the dynamic flow capture application begins
deleting criteria, until the bandwidth falls below the hard-limit-target value.
Options bandwidth—Hard limit threshold, in bits per second.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • hard-limit-target on page 299
Documentation
• Configuring the Content Destination on page 38
298 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
hard-limit-target
Syntax hard-limit-target bandwidth;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name content-destination identifier]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify a bandwidth threshold at which the dynamic flow capture application stops
deleting criteria.
Options bandwidth—Target value, in bits per second.
Usage Guidelines See .
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • hard-limit on page 298
Documentation
• Configuring the Content Destination on page 38
hardware-timestamp
Syntax hardware-timestamp;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced in Junos OS Release 8.1.
Statement applied to MX Series routers in Junos OS Release 10.0.
Statement introduced in Junos OS Release 10.3 for EX Series switches.
Description On MX Series routers, on M-320 routers using the Enhanced Queuing MPC, and on EX
Series switches only, enable timestamping of RPM probe messages in the Packet
Forwarding Engine host processor. This feature is supported only with icmp-ping,
icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types.
When you configure either probe-type udp-ping or probe-type udp-ping-timestamp along
with the hardware-timestamp command, the value for the destination-port can be only
7. A constraint check prevents you for configuring any other value for the destination port
in this case.
This constraint does not apply when you are configuring one-way-hardware-timestamp.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Timestamping on page 152
Documentation
Copyright © 2014, Juniper Networks, Inc. 299
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
history-size
Syntax history-size size;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the number of stored history entries.
Options size—A value from 0 to 512.
Default: 50
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
host-outbound
Syntax host-outbound media-interface;
Hierarchy Level [edit chassis]
Release Information Statement introduced in Junos OS Release 13.2 on MX Series 3D Universal Edge Routers.
Description Enable Layer 2 port mirroring of host-generated outbound packets only on MPCs on MX
Series 3D Universal Edge routers.
This statement enables all Routing Engine-generated Layer 2 injections to execute egress
logical interface filters.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Examples: Layer 2 Port-Mirroring at Multiple Levels of the Chassis
Documentation
• Configuring Port Mirroring
• Layer 2 Port Mirroring Overview
300 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
udp-tcp-port-swap (RFC 2544 Benchmarking)
Syntax udp-tcp-port-swap;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X53 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX Series routers.
Description Swaps source and destination UDP and TCP ports at the reflected frames.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC 2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC 2544-Based Benchmarking Test
• rfc2544-benchmarking on page 353
in-service (RFC2544 Benchmarking)
Syntax in-service;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X53 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX104 3D Universal Edge Routers.
Description Runs the test in the in-service mode. In this mode, while the test is running, the rest of
the data traffic sent to and from the UNI port under test on the service are not interrupted.
Control protocol packets and control protocol peering are not interrupted.
If this mode is not configured, the test runs in the default out-of-service mode. In the
out-of-service mode, while the test is running, all the data traffic sent to and from the
UNI port under test on the service is interrupted. Control protocol peering is not interrupted
whereas control protocol packets such as CFM sessions are interrupted.
Default The default service mode for the reflecting egress interface for an E-LAN service is
out-of-service mode.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC2544-Based Benchmarking Test
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 301
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
inactivity-timeout (Services RPM)
Syntax inactivity-timeout seconds;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description Inactivity timeout period, in seconds.
Options seconds—Length of time the session is inactive before it times out.
Default: 1800 seconds
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
inline-jflow
Syntax inline-jflow {
source-address address;
flow-export-rate rate;
}
Hierarchy Level [edit forwarding-options sampling instance instance-name family inet output]
Release Information Statement introduced in Junos OS Release 10.2.
Statement introduced in Junos OS Release 14.2 for T4000 routers with Type 5 FPC.
Description Specify inline flow monitoring for traffic from the designated address.
Options address—Source IP address.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Active flow Monitoring on page 78
Documentation
302 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
input (Port Mirroring)
Syntax input {
maximum-packet-lengthbytes
rate number;
run-length number;
}
Hierarchy Level [edit forwarding-options port-mirroring],
[edit forwarding-options port-mirroring instance instance-name]
[edit forwarding-options port-mirroring family (inet | inet6)]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure port mirroring on a logical interface.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
input (Sampling)
Syntax input {
max-packets-per-second number;
rate number;
run-length number;
maximum-packet-length bytes;
}
Hierarchy Level [edit forwarding-options sampling],
[edit forwarding-options sampling instance instance-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure traffic sampling on a logical interface.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
Copyright © 2014, Juniper Networks, Inc. 303
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
input-interface-index
Syntax input-interface-index number;
Hierarchy Level [edit forwarding-options monitoring name output interface interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify a value for the input interface index that overrides the default supplied by SNMP.
Options number—Input interface index value.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
input-packet-rate-threshold
Syntax input-packet-rate-threshold rate;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 7.4.
Description Specify a packet rate threshold value that triggers a system log warning message.
Options rate—Threshold value.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Thresholds on page 42
Documentation
304 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
instance (Sampling)
Syntax instance instance-name {
disable;
input {
rate number;
run-length number;
max-packets-per-second number;
maximum-packet-length bytes;
}
family (inet | inet6 | mpls) {
disable;
output {
aggregate-export-interval seconds;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
extension-service service-name;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
inline-jflow {
source-address address;
flow-export-rate rate;
}
}
}
}
Hierarchy Level [edit forwarding-options sampling]
Release Information Statement introduced in Junos OS Release 9.6.
Description Configure a sampling instance.
Copyright © 2014, Juniper Networks, Inc. 305
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Sampling Instance Configuration on page 69
Documentation
interface (Accounting or Sampling)
Syntax interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
Hierarchy Level [edit forwarding-options accounting name output],
[edit forwarding-options sampling family (inet |inet6 |mpls) output],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the output interface for monitored traffic.
Options interface-name—Name of the interface.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Discard Accounting on page 70
Documentation
• Configuring Traffic Sampling on page 59
306 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
interface (Services Flow Tap)
Syntax interface sp-fpc/pic/port.logical-unit-number;
Hierarchy Level [edit services flow-tap]
Release Information Statement introduced in Junos OS Release 8.1.
Description Specify the AS PIC interface used with the flow-tap application. Any AS PIC available in
the router can be assigned, and any logical interface on the AS PIC can be used.
Options interface-name—Name of the DFC interface.
You cannot configure flow-tap services on channelized interfaces.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Junos Packet Vision Interface on page 49
Documentation
interface-map
Syntax interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
collector interface-name;
file-specification variant-number;
}
}
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Match an input interface with a flow collector interface and apply the preset file
specifications to the input interface.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Interface Mappings on page 30
Documentation
Copyright © 2014, Juniper Networks, Inc. 307
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
interfaces (Services Dynamic Flow Capture)
Syntax interfaces interface-name;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 7.4.
Description Specify the DFC interface used with the control source configured in the same capture
group.
Options interface-name—Name of the DFC interface.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the DFC PIC Interface on page 40
Documentation
308 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
interfaces (Video Monitoring)
Syntax interfaces {
interface-name {
family {
inet {
input-flows {
input-flow-name {
source-address [ address ];
destination-address [ address ];
source-port [ port ];
destination-port [ port ];
template template-name;
}
}
output-flows {
output-flow-name {
source-address [ address ];
destination-address [ address ];
source-port [ port ];
destination-port [ port ];
template template-name;
}
}
}
}
}
}
Hierarchy Level [edit services video-monitoring]
Release Information Statement introduced in Junos OS Release 14.1.
Description Define video monitoring for specified input or output flows on selected interfaces.
Options interface-name—Name of the interace to monitor.
address—Source or destination IPv4 address or prefix value.
port—Port number.
Range: 0 through 65,535
template-name—Name of the template used to monitor flows on an interface.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Video Monitoring on page 227
Documentation
Copyright © 2014, Juniper Networks, Inc. 309
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
ip-swap (RFC 2544 Benchmarking)
Syntax ip-swap;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X53 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX Series routers.
Description This statement is not applicable for family bridge.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC 2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC 2544-Based Benchmarking Test
• rfc2544-benchmarking on page 353
ipv4-flow-table-size
Syntax ipv4-flow-table-size units;
Hierarchy Level [edit chassis fpc slot-number inline-services flow-table-size]
Description Configure the size of the IPv4 flow table in units of 256K entries.
NOTE: Any changes in the configured size of the flow has table sizes initiates
an automatic reboot of the FPC.
Options units—Number of 256K flow entries available for the IPv4 flow table.
Range: 1 through 15
Default: 15 (3840K)
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Active flow Monitoring on page 78
Documentation
310 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
ipv4-template
Syntax ipv4-template;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 8.3.
Support at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level added in Junos OS Release 10.2.
Description Specify that the flow aggregation version 9 template is used only for IPv4 records.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
ipv6-flow-table-size
Syntax ipv6-flow-table-size units;
Hierarchy Level [edit chassis fpc slot-number inline-services ipv6 flow-table-size]
Description Configure the size of the IPv6 flow table in units of 256K entries.
NOTE: Any changes in the configured size of the flow has table sizes initiates
an automatic reboot of the FPC.
Options units—Number of 256K flow entries available for the IPv6 flow table.
Range: 1 through 15
Default: 1K
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Active flow Monitoring on page 78
Documentation
Copyright © 2014, Juniper Networks, Inc. 311
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
ipv6-extended-attrib
Syntax ipv6-extended-attrib;
Hierarchy Level [edit chassis fpc slot-number inline-services ipv6 flow-table-size]
Description Enable the inclusion of element ID, 54, fragmentIdentification, and element ID, 64,
ipv6ExtensionHeaders, in IPFIX flow templates that are exported to the flow collector
NOTE: Collection of IPv4 fragmentation IDs occurs automatically without
having to configure this setting explicitly.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Active flow Monitoring on page 78
Documentation
ipv6-template
Syntax ipv6-template;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 9.4.
Support at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level added in Junos OS Release 10.2.
Description Specify that the flow aggregation version 9 template is used only for IPv6 records.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
312 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
label-position
Syntax label-position [ positions ];
Hierarchy Level [edit services flow-monitoring version9 template template-name mpls-ipv4-template],
[edit services flow-monitoring version9 template template-name mpls-template]
Release Information Statement introduced in Junos OS Release 8.3.
Description Specify positions for up to three labels in the active flow monitoring version 9 template.
Default [1 2 3]
Options positions—Numbered positions for the labels.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
local-dump
Syntax (local-dump | no-local-dump);
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname],
[edit forwarding-options sampling family (inet |inet6 |mpls) output flow-server hostname]
Release Information Statement introduced before Junos OS Release 7.4.
Description Enable collection of cflowd records in a log file.
Options no-local-dump—Do not dump cflowd records to a log file before exporting.
local-dump—Dump cflowd records to a log file before exporting.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Flow Aggregation on page 86
Documentation
Copyright © 2014, Juniper Networks, Inc. 313
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
logical-system
Syntax logical-system logical-system-name {
[ routing-instances instance-name ];
}
Hierarchy Level [edit services rpm bgp]
Release Information Statement introduced in Junos OS Release 7.6.
Description Specify the logical system used by the probes.
The remaining statements are explained separately.
Options logical-system-name—Logical system name.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
match
Syntax match expression;
Hierarchy Level [edit forwarding-options port-mirroring traceoptions file],
[edit forwarding-options sampling traceoptions file]
Release Information Statement introduced before Junos OS Release 7.4.
Description Regular expression for lines to be logged for tracing.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
• Configuring Traffic Sampling on page 59
314 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
max-connection-duration
Syntax max-connection-duration hours;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 11.1.
Description Specify the maximum time a connection can exist between a client and the server.
Options hours—Number of hours a connection can exist between a client and the server.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
max-duplicates
Syntax max-duplicates number;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify the maximum number of content destinations to which the DFC PIC can send
data from a single input set of packets. Limiting the number of duplicates reduces the
load on the PIC. This setting overrides the globally applied g-max-duplicates setting.
Default If no value is configured, a default setting of 3 is used.
Options number—Maximum number of content destinations.
Range: 1 through 64
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • g-max-duplicates on page 298
Documentation
• Limiting the Number of Duplicates of a Packet on page 43
Copyright © 2014, Juniper Networks, Inc. 315
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
max-packets-per-second
Syntax max-packets-per-second number;
Hierarchy Level [edit forwarding-options sampling input],
[edit forwarding-options sampling instance instance-name input]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the traffic threshold that must be exceeded before packets are dropped. A value
of 0 instructs the Packet Forwarding Engine not to sample any traffic.
NOTE: When you configure active monitoring and specify a Monitoring
Services, Adaptive Services, or Multiservices PIC in the output statement, the
max-packets-per-second value is ignored.
Options number—Maximum number of packets per second.
Range: 0 through 65,535
Default: 1000
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
maximum-age
Syntax maximum-age minutes;
Hierarchy Level [edit services flow-collector transfer-log-archive]
Release Information Statement introduced before Junos OS Release 7.4.
Description Maximum age of transfer log file.
Options maximum-age minutes—Transfer log file age.
Range: 1 through 360
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Transfer Logs on page 30
Documentation
316 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
maximum-connections
Syntax maximum-connections count;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description Maximum number of allowed connections between the server and all control client hosts.
Options count—Maximum number of connections.
Range: 1 through 1000
Default: 64
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
maximum-connections-per-client
Syntax maximum-connections-per-client count;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description Maximum number of allowed connections between the server and a single control client
host.
Options count—Maximum number of connections.
Range: 1 through 500
Default: 64
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
Copyright © 2014, Juniper Networks, Inc. 317
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
maximum-packet-length
Syntax maximum-packet-length bytes;
Hierarchy Level [edit forwarding-options analyzer analyzer-name input],
[edit forwarding-options port-mirroring input],
[edit forwarding-options port-mirroring instance instance-name input],
[edit forwarding-options sampling input],
[edit forwarding-options sampling instance instance-name input]
Release Information Statement introduced in Junos OS Release 9.6.
Statement introduced in Junos OS Release 12.1X48 for PTX Series Packet Transport
Routers.
The [edit forwarding-options analyzer analyzer-name input] hierarchy level for MX Series
routers introduced in Junos OS Release 14.1.
Description Set the maximum length of the packet used for port mirroring or traffic sampling. Packets
with lengths greater than the specified maximum are truncated.
NOTE: The maximum-packet-length statement is not supported on MX80
routers.
NOTE: For MX-Series devices with Modular Port Interface Concentrators
(MPCs), when maximum-packet-length (clip length) is configured for
port-mirrored packets and the mirror-destination interface is a
next-hop-group, the clip length would be effective only for the first member
interface of the next-hop-group. The mirrored packet copy sent to the rest
of the interfaces would not be clipped.
Native analyzer sessions (that is, the [edit forwarding-options analyzer
analyzer-name input] hierarchy level for MX Series routers) can be configured
without specifying input parameters, which would mean that the instance
uses default input values: rate = 1 and maximum-packet-length = 0.
Options bytes—Maximum length (in bytes) of the mirrored packet or the sampled packet.
Range: 0 through 9216
Default: 0
For MX Series routers with Modular Port Concentrators (MPCs), port-mirrored or sampled
packets can be truncated (or clipped) to any length in the range of 1 to 255 bytes.
Only 1 to 255 are valid values for packet truncation on these devices. For other devices,
the range is from 0 to 9216. A maximum-packet-length value of zero represents that
truncation is disabled, and the entire packet is mirrored or sampled.
318 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring
Documentation
• Configuring Traffic Sampling
maximum-sessions
Syntax maximum-sessions count;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description Maximum number of allowed test sessions the server can have running at one time.
Options count—Maximum number of sessions.
Range: 1 through 2048
Default: 64
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
maximum-sessions-per-connection
Syntax maximum-sessions-per-connection count;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description Maximum number of allowed sessions the server can open on a single client connection.
Options count—Maximum number of sessions.
Default: 64
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
Copyright © 2014, Juniper Networks, Inc. 319
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
minimum-priority
Syntax minimum-priority value;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify the minimum priority for the control source.
Options value—Minimum priority value; if not specified, defaults to 0.
Range: 0 through 254
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
mode (RFC 2544 Benchmarking)
Syntax mode reflect;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the test mode for the packets that are sent during the benchmarking test.
Options reflect—Causes the test frames to be reflected on the chosen service (IPv4 or Ethernet).
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
320 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
monitoring
Syntax monitoring name {
family inet {
output {
cflowd hostname port-number;
export-format cflowd-version-5;
flow-active-timeout seconds;
flow-export-destination {
(cflowd-collector | collector-pic);
}
flow-inactive-timeout seconds;
interface interface-name {
number;
engine-type number;
input-interface-index number;
output-interface-index number;
source-address address;
}
}
}
}
Hierarchy Level [edit forwarding-options]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the flow monitoring instance name and properties.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
Copyright © 2014, Juniper Networks, Inc. 321
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
moving-average-size
Syntax moving-average-size number;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced in Junos OS Release 8.5.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement Introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Enable statistical calculation operations to be performed across a configurable number
of the most recent samples.
Options number—Number of samples to be used in calculations.
Range: 0 through 255
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
mpls-ipv4-template
Syntax mpls-ipv4-template {
label-position [ positions ];
}
Hierarchy Level [edit services flow-monitoring version9 template template-name]
Release Information Statement introduced in Junos OS Release 8.3.
Description Specify the flow aggregation version 9 properties for templates that combine IPv4 and
MPLS records. The remaining statement is explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
322 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
mpls-template
Syntax mpls-template {
label-position [ positions ];
}
Hierarchy Level [edit services flow-monitoring version9 template template-name]
Release Information Statement introduced in Junos OS Release 8.3.
Description Specify the flow aggregation version 9 properties for templates used only for MPLS
records. The remaining statement is explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
multiservice-options
Syntax multiservice-options {
(core-dump | no-core-dump);
(syslog | no-syslog);
flow-control-options {
down-on-flow-control;
dump-on-flow-control;
reset-on-flow-control;
}
}
Hierarchy Level [edit interfaces mo-fpc/pic/port]
Release Information Statement introduced before Junos OS Release 7.4.
Description For flow-monitoring interfaces only, configure multiservice-specific interface properties.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
Copyright © 2014, Juniper Networks, Inc. 323
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
name-format
Syntax name-format “format”;
Hierarchy Level [edit services flow-collector file-specification variant variant-number]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the name format for a specific file format. The files may include supported macros.
Use macros to organize files on the external machine to which they are exported from
the collector PIC.
Options format—Specify the filename format, within quotation marks. The name format can
include the following macros, typed in braces:
• {%D}—Date
• {%T)—Time when the file is created
• {%I}—Description string for the logical interface configured using the collector
statement at the [edit services flow-collector interface-map] hierarchy level
• {%N}—Unique, sequential number for each new file created
• {am_pm}—AM or PM
• {date}—Current date using the{year} {month} {day} macros
• {day}—From01 through 31
• {day_abbr}—Sun through Sat
• {day_full}—Sunday through Saturday
• {generation number}—Unique, sequential number for each new file created
• {hour_12}—From 01 through 12
• {hour_24}—From 00 through 23
• {ifalias}—Description string for the logical interface configured using the collector
statement at the [edit services flow-collector interface-map] hierarchy level
• {minute}—From 00 through 59
• {month}—From 01through 12
• {month_abbr}—Jan through Dec
• {month_full}—January through December
• {num_zone}—From -2359 through +2359; this macro is not supported
• {second}—From 00 through 60
• {time}—Time the file is created, using the {hour_24} {minute} {second} macros
• {time_zone}—Time zone code name of the locale; for example,gmt (this macro is not
supported).
324 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
• {year}—In the format YYYY; for example, 1970
• {year_abbr}—From 00 through 99
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring File Formats on page 29
Documentation
next-hop (Forwarding Options)
Syntax next-hop address;
Hierarchy Level [edit forwarding-options port-mirroring family (inet | inet6) output interface interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the next-hop address for sending copies of packets to an analyzer.
Options address—IP address of the next-hop router.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
Copyright © 2014, Juniper Networks, Inc. 325
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
next-hop-group (Forwarding Options)
Syntax next-hop-group group-name {
interface interface-name {
next-hop address;
}
}
Hierarchy Level [edit forwarding-options]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the next-hop address for sending copies of packets to an analyzer.
It is implicitly assumed that a subgroup is up only if more than one interface in the
subgroup is up.
Options address—IP address of the next-hop router. Each next-hop group supports up to 16
next-hop addresses. Up to 30 next-hop groups are supported. Each next-hop group
must have at least two next-hop addresses.
group-name—Name of next-hop group. Up to 30 next-hop groups are supported for the
router. Each next-hop group is expected to have at least two next-hop addresses.
interface-name—Name of interface used to reach the next-hop destination.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
no-filter-check
Syntax no-filter-check;
Hierarchy Level [edit forwarding-options port-mirroring family (inet | inet6) output]
Release Information Statement introduced before Junos OS Release 7.4.
Description Disable filter checking on the port-mirroring interface.
This statement is required when you send port-mirrored traffic to a Tunnel PIC that has
a filter applied to it.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
326 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
no-remote-trace (Trace Options)
Syntax no-remote-trace;
Hierarchy Level [edit forwarding-options port-mirroring traceoptions],
[edit forwarding-options sampling traceoptions]
Release Information Statement introduced before Junos OS Release 7.4.
Description Disable remote tracing.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Tracing Traffic Sampling Operations on page 65
Documentation
no-syslog
Syntax no-syslog;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description Disable system logging of control protocol requests and responses. By default, these
messages are logged.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring System Logging on page 41
Documentation
Copyright © 2014, Juniper Networks, Inc. 327
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
notification-targets
Syntax notification-targets address port port-number;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description List of destination IP addresses and User Datagram Protocol (UDP) ports to which DFC
PICs log exception information and control protocol state transitions, such as timeout
values.
Options address address—Allowed destination IP address.
port port-number—Allowed destination UDP port number.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
328 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
observation-domain-id
Syntax observation-domain-id domain-id;
Hierarchy Level [edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 14.1.
Description For IPFIX flows, an identifier of an Observation Domain is locally unique to an exporting
process of the templates. The export process uses the Observation Domain ID to uniquely
identify to the collection process in which the flows were metered. We recommend that
you configure this ID to be inquie for each IPFIX flow. A value of 0 indicates that no specific
Observation Domain is identified by this information element. Typically, this attribute is
used to limit the scope of other information elements. If the observation domain is not
unique, the collector cannot uniquely identify an IPFIX device.
If you configure the same Observation Domain ID for different template types, such as
for IPv4 and IPv6, it does not impact flow monitoring because the actual or the base
observation domain ID is transmitted in the flow. The actual observation domain ID is
derived from the value you configure and also in conjunction with other parameters such
as the slot number, lookup chip (LU) instance, Packet Forwarding Engine instance. Such
a method of computation of the observation domain ID ensures that this ID is not the
same for two IPFIX devices.
Options domain-id—Specify a unique identifier for the observation domain for IPFIX flows.
Range: 0 through 255
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Observation Domain ID and Source ID for Version 9 and IPFIX Flows on
Documentation page 106
• Configuring Template ID and Options Template ID for Version 9 and IPFIX Flows on
page 109
Copyright © 2014, Juniper Networks, Inc. 329
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
one-way-hardware-timestamp
Syntax one-way-hardware-timestamp;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced in Junos OS Release 8.5.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Description Enable timestamping of RPM probe messages for one-way delay and jitter measurements.
You must configure this statement along with the destination-interface statement to
invoke timestamping. This feature is supported only with icmp-ping, icmp-ping-timestamp,
udp-ping, and udp-ping-timestamp probe types.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Timestamping on page 152
Documentation
• destination-interface on page 267
• hardware-timestamp on page 299
330 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
option-refresh-rate
Syntax option-refresh-rate packets packets seconds seconds;
Hierarchy Level [edit services flow-monitoring version9],
[edit services flow-monitoring version9 template template-name]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 8.3.
Support at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level added in Junos OS Release 10.2.
Description Specify the refresh rate, in either packets or seconds.
Options packets—Refresh rate, in number of packets.
Range: 1 through 480,000
Default: 4800
seconds—Refresh rate, in number of seconds.
Range: 10 through 600
Default: 600
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
Copyright © 2014, Juniper Networks, Inc. 331
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
options-template-id
Syntax options-template-id id;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 14.1.
Description Define a unique options template ID to be used for flow aggregation of version 9 and
IPFIX flows. If you do not configure values for the template ID and options template ID,
default values are assumed for these IDs, which are different for the various address
families. If you configure the same template ID or options template ID value for different
address families, such a setting is not processed properly and might cause unexpected
behavior. For example, if you configure the same template ID value for both IPv4 and
IPv6, the collector validates the export data based on the template ID value that it last
receives. In this case, if IPv6 is configured after IPv4, the value is effective for IPv6 and
the default value is used for IPv4.
Options id—Specify a unique identifier for the options template to be used for version 9 or IPFIX
flows.
Range: 1024 through 65535
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Observation Domain ID and Source ID for Version 9 and IPFIX Flows on
Documentation page 106
• Configuring Template ID and Options Template ID for Version 9 and IPFIX Flows on
page 109
332 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
output (Accounting)
Syntax output {
aggregate-export-interval seconds;
cflowd hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
}
flow-active-timeout seconds;
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
}
Hierarchy Level [edit forwarding-options accounting name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure cflowd, output interfaces, and flow properties.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Discard Accounting on page 70
Documentation
Copyright © 2014, Juniper Networks, Inc. 333
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
output (Monitoring)
Syntax output {
cflowd hostname port port-number;
export-format format;
flow-active-timeout seconds;
flow-export-destination {
(cflowd-collector | collector-pic);
}
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
input-interface-index number;
output-interface-index number;
source-address address;
}
}
Hierarchy Level [edit forwarding-options monitoring name family inet]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure cflowd, output interfaces, and flow properties.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
334 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
output (Port Mirroring)
Syntax output {
interface interface-name {
next-hop address;
}
no-filter-check;
}
Hierarchy Level [edit forwarding-options port-mirroring family (inet | inet6)]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure output interfaces and flow properties.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
Copyright © 2014, Juniper Networks, Inc. 335
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
output (Sampling)
Syntax output {
aggregate-export-interval seconds;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
extension-service service-name;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
inline-jflow {
source-address address;
flow-export-rate rate;
}
}
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls)],
[edit forwarding-options sampling family (inet |inet6 |mpls)]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure cflowd or flow monitoring, output files and interfaces, and flow properties.
The statements are explained separately.
336 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
NOTE: The inline-jflow statement is valid only under the [edit
forwarding-options sampling instance instance-name family inet output]
hierarchy level. The file statement is valid only under the [edit
forwarding-options sampling family inet output] hierarchy level.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
output-interface-index
Syntax output-interface-index number;
Hierarchy Level [edit forwarding-options monitoring name output interface interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify a value for the output interface index that overrides the default supplied by SNMP.
Options number—Output interface index value.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
passive-monitor-mode
Syntax passive-monitor-mode;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number]
Release Information Statement introduced before Junos OS Release 7.4.
Description For Asynchronous Transfer Mode (ATM), SONET/SDH, Fast Ethernet, and Gigabit Ethernet
interfaces only, monitor packet flows from another router. If you include this statement
in the configuration, the SONET/SDH interface does not send keepalives or alarms, and
does not participate actively on the network.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Passive Flow Monitoring on page 18
Documentation
• multiservice-options on page 323
Copyright © 2014, Juniper Networks, Inc. 337
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
password (Flow Collector File Servers)
Syntax password "password";
Hierarchy Level [edit services flow-collector destination ftp:url]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the primary and secondary destination FTP server password.
Options password—FTP server password.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Destination FTP Servers for Flow Records on page 28
Documentation
password (Transfer Log File Servers)
Syntax password "password";
Hierarchy Level [edit services flow-collector transfer-log-archive archive-sites]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the primary and secondary destination FTP server password.
Options password—FTP server password.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Transfer Logs on page 30
Documentation
338 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
peer-as-billing-template
Syntax peer-as-billing-template;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
Release Information Statement introduced in Junos OS Release 10.4.
Description Enables the extraction of bandwidth usage information for billing purposes in PIC-based
sampling configurations. This capability is supported on routers and applies only to IPv4
and IPv6 traffic.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
pic-memory-threshold
Syntax pic-memory-threshold percentage percentage;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name]
Release Information Statement introduced in Junos OS Release 7.4.
Description Specify a PIC memory usage percentage that triggers a system log warning message.
Options percentage—PIC memory threshold value.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Thresholds on page 42
Documentation
Copyright © 2014, Juniper Networks, Inc. 339
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
pop-all-labels
Syntax pop-all-labels {
required-depth number;
}
Hierarchy Level [edit interfaces interface-name atm-options mpls],
[edit interfaces interface-name fastether-options mpls],
[edit interfaces interface-name gigether-options mpls],
[edit interfaces interface-name sonet-options mpls]
Release Information Statement introduced before Junos OS Release 7.4.
Description For passive monitoring on ATM, SONET/SDH, Fast Ethernet, and Gigabit Ethernet
interfaces only, removes up to two MPLS labels from incoming IP packets. For passive
monitoring on T Series devices, removes up to five MPLS labels from incoming IP packets.
This statement has no effect on IP packets with more than two MPLS labels, or IP packets
with more than five MPLS labels on T Series devices. Packets with MPLS labels cannot
be processed by the monitoring PIC; if packets with MPLS labels are forwarded to the
monitoring PIC, they are discarded.
The remaining statement is explained separately.
Default If you omit this statement, the MPLS labels are not removed, and the packet is not
processed by the monitoring PIC.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Passive Flow Monitoring for MPLS Encapsulated Packets on page 20
Documentation
• Junos OS Network Interfaces Library for Routing Devices
340 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
port (Flow Monitoring)
Syntax port port-number;
Hierarchy Level [edit forwarding-options accounting name output cflowd hostname],
[edit forwarding-options monitoring name family inet output cflowd hostname],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname],
[edit forwarding-options sampling family (inet | inet6 | mpls) output flow-server hostname]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the User Datagram Protocol (UDP) port number on the cflowd host system or
flow server.
Options port-number—Any valid UDP port number on the host system.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Flow Aggregation on page 86
Documentation
port (RPM)
Syntax port number;
Hierarchy Level [edit services rpm probe-server (tcp | udp)]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the port number for the probe server.
Options number—Port number for the probe server. The value can be 7 or 49,160 through 65,535.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Receiver Servers on page 151
Documentation
Copyright © 2014, Juniper Networks, Inc. 341
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
port (TWAMP)
Syntax port number;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 9.3.
Description TWAMP server listening port.
Options number—Port number.
Range: 1 through 65,535
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
pre-rewrite-tos
Syntax pre-rewrite-tos;
Hierarchy Level [edit forwarding-options sampling]
Release Information Statement introduced in Junos OS Release 14.1
Description Preserve prenormalized type-of-service (ToS) value for egress sampled or mirrored
packets. This configuration preserves the prerewrite ToS value for all forms of sampling,
such as Routing Engine-based sampling, port mirroring, flow monitoring, and so on. This
statement is effective for egress sampling only.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
342 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
probe
Syntax probe owner {
test test-name {
data-fill data;
data-size size;
destination-interface interface-name;
destination-port port;
dscp-code-point dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance instance-name;
source-address address;
target (url | address);
test-interval interval;
thresholds thresholds;
traps traps;
}
}
Hierarchy Level [edit services rpm]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Description Specify an owner name. The owner name combined with the test name represent a single
RPM configuration instance.
Options owner—Specify an owner name up to 32 characters in length.
The remaining statements are explained separately.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
Copyright © 2014, Juniper Networks, Inc. 343
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
probe-count
Syntax probe-count count;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the number of probes within a test.
Options count—A value from 1 through 15.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
probe-interval
Syntax probe-interval interval;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the time to wait between sending packets, in seconds.
Options interval—Number of seconds, from 1 through 255.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
344 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
probe-limit
Syntax probe-limit limit;
Hierarchy Level [edit services rpm]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Configure the maximum number of concurrent probes allowed.
Options limit—Maximum number of concurrent probes allowed.
Range: 1 through 500(PTX Series Packet Transport Routers only) 1 through 200
Default: 100
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Limiting the Number of Concurrent RPM Probes on page 152
Documentation
Copyright © 2014, Juniper Networks, Inc. 345
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
probe-server
Syntax probe-server {
tcp {
destination-interface interface-name;
port number;
}
udp {
destination-interface interface-name;
port number;
}
}
Hierarchy Level [edit services rpm]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the server to act as a receiver for the probes.
The remaining statements are explained separately.
NOTE: The destination-interface statement is not supported on PTX Series
routers.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Receiver Servers on page 151
Documentation
346 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
probe-type
Syntax probe-type type;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the packet and protocol contents of a probe.
Options type—Specify one of the following probe type values:
• http-get—(Not available at the [edit services rpm bgp] hierarchy level.) Sends a
Hypertext Transfer Protocol (HTTP) get request to a target URL.
• http-metadata-get—(Not available at the [edit services rpm bgp] hierarchy level.)
Sends an HTTP get request for metadata to a target URL.
• icmp-ping—Sends ICMP echo requests to a target address.
• icmp-ping-timestamp—Sends ICMP timestamp requests to a target address.
• tcp-ping—Sends TCP packets to a target.
• udp-ping—Sends UDP packets to a target.
• udp-ping-timestamp—Sends UDP timestamp requests to a target address.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
Copyright © 2014, Juniper Networks, Inc. 347
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
rate (Forwarding Options)
Syntax rate number;
Hierarchy Level [edit forwarding-options analyzer analyzer-name input]
[edit forwarding-options port-mirroring input],
[edit forwarding-options sampling input],
[edit forwarding-options sampling instance instance-name input],
[edit forwarding-options port-mirroring family (inet|inet6) input]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.1X48 for PTX Series Packet Transport
Routers.
The [edit forwarding-options analyzer analyzer-name input] hierarchy level for MX Series
routers introduced in Junos OS Release 14.1.
Description Set a ratio of the number of packets to be sampled. For example, if you specify a rate of
10, every tenth packet (1 packet out of 10) is sampled.
Native analyzer sessions (that is, the [edit forwarding-options analyzer analyzer-name
input] hierarchy level for MX Series routers) can be configured without specifying input
parameters, which would mean that the instance uses default input values: rate = 1 and
maximum-packet-length = 0.
Options number—Denominator of the ratio.
Range: 1 through 65,535
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring
Documentation
• Configuring Traffic Sampling
receive-options-packets
Syntax receive-options-packets;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family inet]
Release Information Statement introduced before Junos OS Release 7.4.
Description When you enable passive monitoring, this statement is required for conformity with
cflowd records structure.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Passive Flow Monitoring on page 18
Documentation
348 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
receive-ttl-exceeded
Syntax receive-ttl-exceeded;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family inet]
Release Information Statement introduced before Junos OS Release 7.4.
Description When you enable passive monitoring, this statement is required for conformity with
cflowd records structure.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Enabling Passive Flow Monitoring on page 18
Documentation
Copyright © 2014, Juniper Networks, Inc. 349
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
reflect-mode (RFC2544 Benchmarking)
Syntax reflect-mode (mac-rewrite | mac-swap | no-mac-swap | no-ip-swap | no-udp-tcp-port-swap);
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX104 3D Universal Edge Routers.
Description Specify the reflection mode for the benchmarking test.
Options mac-rewrite—(ACX Series routers only) Enable rewriting of the MAC address on the
reflected frames. The MAC addresses specified in the source-mac-address and
destination-mac-address options are used.
mac-swap—Swaps the source and destination MAC addresses in the test frame. This is
the default behavior.
NOTE: In bridge families, when the service type is ELAN, MAC addresses
are swapped by default, on the reflected frames. And, when the service
type is ELINE , MAC addresses are not swapped by default.
no-mac-swap—Does not swap the source and destination MAC addresses in the test
frame. The frame is returned to the originator without any modification to the MAC
addresses.
no-ip-swap—(ACX Series routers only) Does not swap the source and destination IP
addresses in the test frame. The frame is returned to the originator without any
modification to the IP addresses. This parameter is applicable for bridge families
and it is optional for bridge families.
no-udp-tcp-port-swap—(ACX Series routers only) Does not swap the TCP and UDP ports
in the test frame. This parameter is applicable for bridge families and it is optional
for bridge families.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC2544-Based Benchmarking Test
• Layer 2 RFC2544-Based Benchmarking Tests Overview on page 171
• rfc2544-benchmarking on page 353
350 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
required-depth
Syntax required-depth number;
Hierarchy Level [edit interfaces interface-name atm-options mpls pop-all-labels],
[edit interfaces interface-name fastether-options mpls pop-all-labels],
[edit interfaces interface-name gigether-options mpls pop-all-labels],
[edit interfaces interface-name sonet-options mpls pop-all-labels]
Release Information Statement introduced before Junos OS Release 7.4.
Description For passive monitoring on ATM, SONET/SDH, Fast Ethernet, and Gigabit Ethernet
interfaces only, specify the number of MPLS labels an incoming packet must have for
the pop-all-labels statement to take effect.
If you include the required-depth 1 statement, the pop-all-labels statement takes effect
for incoming packets with one label only. If you include the required-depth 2 statement,
the pop-all-labels statement takes effect for incoming packets with two labels only.
Options number—Number of MPLS labels on incoming IP packets.
Range: 1 through 2 labels.
Default: If you omit this statement, the pop-all-labels statement takes effect for incoming
packets with one or two labels. The default is equivalent to including the
required-depth [ 1 2 ] statement.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Passive Flow Monitoring for MPLS Encapsulated Packets on page 20
Documentation
• Junos OS Network Interfaces Library for Routing Devices
Copyright © 2014, Juniper Networks, Inc. 351
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
retry (Services Flow Collector)
Syntax retry number;
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the maximum number of attempts the flow collector interface will make to
transfer log files to the FTP server.
Options number—Maximum number of transfer retry attempts.
Range: 0 through 10
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Retry Attempts on page 31
Documentation
retry-delay
Syntax retry-delay seconds;
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the amount of time the flow collector interface waits between retry attempts.
Options seconds—Amount of time between transfer retry attempts.
Range: 0 through 60
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Retry Attempts on page 31
Documentation
352 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
rfc2544-benchmarking
Syntax rfc2544-benchmarking {
tests{
test-name test-name {
test-interface interface-name;
mode reflect;
family (bridge| inet | ccc);
destination-ipv4-address address;
destination-udp-port port-number;
source-ipv4-address address;
source-udp-port port-number;
direction (egress | ingress);
}
}
}
Hierarchy Level [edit services rpm]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Configure the parameters for the RFC 2544-based benchmarking test. You must configure
a test profile, which specifies the type of test and the manner in which it must be
performed, and associate the test profile with a test name. The test name that you
configure contains details, such as the address family and the test mode, for the test.
You can associate the same test profile with multiple test names.
Options rfc2544-benchmarking—Define the attributes for the RFC 2544-based benchmarking
test to examine and analyze the performance characteristics of a network
interconnecting device.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• show services rpm rfc2544-benchmarking on page 493
• show services rpm rfc2544-benchmarking test-id on page 498
Copyright © 2014, Juniper Networks, Inc. 353
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
routing-instance
Syntax routing-instance instance-name;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the routing instance used by the probes.
Options instance-name—A routing instance configured at the [edit routing-instance] hierarchy level.
Default: Internet routing table inet.0.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
routing-instances
Syntax routing-instances instance-name;
Hierarchy Level [edit services rpm bgp],
[edit services rpm bgp logical-system logical-system-name]
Release Information Statement introduced in Junos OS Release 7.6.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the routing instance used by the probes.
Options instance-name—A routing instance configured at the [edit routing-instances] hierarchy
level.
Default: Internet routing table inet.0.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
354 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
rpm (Interfaces)
Syntax rpm (client | server);
Hierarchy Level [edit interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 8.1.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Description Associate an RPM client (router or switch that originates RPM probes) or RPM server
with a specified interface.
Options client—Identifier for RPM client router or switch.
server—Identifier for RPM server.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Timestamping on page 152
Documentation
rpm (Services)
Syntax rpm {
bgp {
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name <routing-instances routing-instance-name>;
moving-average-size number;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances instance-name;
test-interval interval;
}
Hierarchy Level [edit services]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure BGP neighbor discovery through RPM.
The remaining statements are explained separately.
Usage Guidelines See “Configuring BGP Neighbor Discovery Through RPM” on page 158.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Copyright © 2014, Juniper Networks, Inc. 355
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
run-length
Syntax run-length number;
Hierarchy Level [edit forwarding-options port-mirroring input],
[edit forwarding-options port-mirroring instance port-mirroring-instance-name input],
[edit forwarding-options port-mirroring family (inet|inet6) input],
[edit forwarding-options sampling input],
[edit forwarding-options sampling instance instance-name input]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.1x48 for PTX Series Packet Transport
Routers.
Description Set the number of samples following the initial trigger event. The configuration enables
you to sample packets following those already being sampled.
Options number—Number of samples.
Range: 0 through 20
Default: 0
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Applying Filters to Forwarding Tables
Documentation
• Configuring Port Mirroring on page 121
• Configuring Traffic Sampling on page 59
sample-once
Syntax sample-once;
Hierarchy Level [edit forwarding-options sampling]
Release Information Statement introduced in Junos OS Release 9.6.
Description Sample traffic for active monitoring only once.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
356 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
sampling (Forwarding Options)
Syntax sampling {
disable;
sample-once;
family (inet | inet6 | mpls) {
disable;
output {
aggregate-export-interval seconds;
extension-service service-name;
file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
flow-active-timeout seconds;
flow-inactive-timeout seconds;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version9 {
template template-name;
}
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
}
}
input {
max-packets-per-second number;
maximum-packet-length bytes;
rate number;
run-length number;
}
instance instance-name {
disable;
Copyright © 2014, Juniper Networks, Inc. 357
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
family (inet | inet6 | mpls) {
disable;
output {
aggregate-export-interval seconds;
extension-service service-name;
flow-active-timeout seconds;
flow-inactive-timeout seconds;
flow-server hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
version-ipfix {
template template-name;
}
version9 {
template template-name;
}
}
inline-jflow {
source-address address;
flow-export-rate rate;
}
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}
}
}
input {
max-packets-per-second number;
maximum-packet-length bytes;
rate number;
run-length number;
}
}
pre-rewrite-tos;
traceoptions {
no-remote-trace;
file filename <files number> <size bytes> <match expression> <world-readable |
no-world-readable>;
}
}
358 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
Hierarchy Level [edit forwarding-options]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Description Configure traffic sampling.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
• Applying Filters to Forwarding Tables
• Configuring Active Flow Monitoring Using Version 9
• Configuring Flow Aggregation (cflowd)
• Configuring Port Mirroring
• Tracing Traffic-Sampling Operations
sampling (Interfaces)
Syntax sampling direction;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family inet],
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number
family inet]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the direction of traffic to be sampled.
Options direction can be one of the following:
input—Configure at least one expected ingress point.
output—Configure at least one expected egress point.
input output—On a single interface, configure at least one expected ingress point and
one expect egress point.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Junos OS Services Interfaces Library for Routing Devices
Documentation
• Configuring Flow Monitoring on page 6
Copyright © 2014, Juniper Networks, Inc. 359
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
server
Syntax server {
client-list list-name {
[ address address ];
}
inactivity-timeout seconds;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
}
Hierarchy Level [edit services rpm twamp]
Release Information Statement introduced in Junos OS Release 9.3.
Description TWAMP server configuration settings.
Options The remaining statements are described separately.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
server-inactivity-timeout
Syntax server-inactivity-timeout minutes;
Hierarchy Level [edit services rpm twamp server]
Release Information Statement introduced in Junos OS Release 11.1.
Description The maximum time the Two-Way Active Measurement Protocol (TWAMP) server has
to finish the TWAMP control protocol negotiation.
Options minutes—Number of minutes the TWAMP server has to finish the TWAMP control protocol
negotiation.
Default: 15 minutes
Range: 1-30 minutes
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
360 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
service-port
Syntax service-port port-number;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description Identify the User Datagram Protocol (UDP) port number for control protocol requests.
Options port-number—Port number for control protocol request messages.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
service-type (RFC2544 Benchmarking)
Syntax service-type (elan | eline) ;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X53 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX104 3D Universal Edge Routers.
Description Mention the service under test. Possible values are elan and eline. This statement is
applicable only for the bridge family or when the mode is configured as reflect. When the
service type is elan, MAC addresses are swapped by default on the reflected frames. The
no-mac-swap is not supported in this service type. When the service type is eline, MAC
addresses are not swapped by default in the reflected frames. Use the mac-swap option
to swap the addresses.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC2544-Based Benchmarking Test
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 361
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
services (RPM)
Syntax services rpm { ... }
Hierarchy Level [edit]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Define the service rules to be applied to traffic.
Options rpm—Identifies the RPM set of rules statements.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
• Configuring RPM Receiver Servers on page 151
• Limiting the Number of Concurrent RPM Probes on page 152
• Configuring RPM Timestamping on page 152
• Configuring TWAMP on page 156
• Enabling RPM for the Junos OS extension-provider package on page 168
shared-key
Syntax shared-key value;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description Configure the authentication key value.
Options value—Secret authentication value shared between a control source and destination.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
362 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
size
Syntax size bytes;
Hierarchy Level [edit forwarding-options port-mirroring traceoptions file],
[edit forwarding-options sampling family (inet |inet6 |mpls) output file],
[edit forwarding-options sampling traceoptions file]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the maximum size of each file containing sample or log data. The file size is
limited by the number of files to be created and the available hard disk space.
When a traffic sampling file named sampling-file reaches the maximum size, it is renamed
sampling-file.0. When the sampling-file again reaches its maximum size, sampling-file.0
is renamed sampling-file.1 and sampling-file is renamed sampling-file.0. This renaming
scheme continues until the maximum number of traffic sampling files is reached. Then
the oldest traffic sampling file is overwritten.
Options bytes—Maximum size of each traffic sampling file or trace log file, in kilobytes
(KB), megabytes (MB), or gigabytes (GB).
Syntax: xk to specify KB, xm to specify MB, or xg to specify GB
Range: 10 KB through the maximum file size supported on your router
Default: 1 MB for sampling data; 128 KB for log information
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
• Configuring Traffic Sampling on page 59
Copyright © 2014, Juniper Networks, Inc. 363
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
soft-limit
Syntax soft-limit bandwidth;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name content-destination identifier]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify a bandwidth threshold at which congestion notifications are sent to each control
source of the criteria that point to this content destination. If the control source is
configured with the syslog statement, a log message will also be generated.
Options bandwidth—Soft limit threshold, in bits per second.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Content Destination on page 38
Documentation
soft-limit-clear
Syntax soft-limit-clear bandwidth;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name content-destination identifier]
Release Information Statement introduced in Junos OS Release 9.2.
Description Specify a bandwidth threshold at which the latch set by the soft-limit threshold is cleared.
Options bandwidth—Soft-limit clear threshold, in bits per second.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Content Destination on page 38
Documentation
• soft-limit on page 364
364 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
source-address (Forwarding Options)
Syntax source-address address;
Hierarchy Level [edit forwarding-options accounting name outputinterface interface-name],
[edit forwarding-options monitoring namefamilyfamily inet output interface interface-name],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
interface interface-name],
[edit forwarding-options sampling family (inet |inet6 |mpls) output interface interface-name],
[edit forwarding-options sampling instance instance-name family inet output inline-jflow]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the source address for monitored packets.
Options address—Interface source address.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Discard Accounting on page 70
Documentation
• Configuring Flow Monitoring on page 6
• Configuring Traffic Sampling on page 59
source-address (Services)
Syntax source-address address;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the source IP address used for probes. If the source IP address is not one of the
router’s or switch’s assigned addresses, the packet will use the outgoing interface’s
address as its source.
Options address—Valid IP address.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
Copyright © 2014, Juniper Networks, Inc. 365
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
source-addresses
Syntax source-addresses [ addresses ];
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name control-source identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description List of IP addresses from which the control source can send control protocol requests
to the Juniper Networks router.
Options address—Allowed IP source address.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Control Source on page 39
Documentation
source-id
Syntax source-id source-id;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
Release Information Statement introduced in Junos OS Release 14.1.
Description For version 9 flows, a 32-bit value that identifies the Exporter Observation Domain is
called the source ID. NetFlow collectors use the combination of the source IP address
and the source ID field to separate different export streams originating from the same
exporter.
Options source-id—Specify a unique identifier for the source for version 9 flows.
Range: 0 through 255
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Observation Domain ID and Source ID for Version 9 and IPFIX Flows on
Documentation page 106
• Configuring Template ID and Options Template ID for Version 9 and IPFIX Flows on
page 109
366 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
source-ipv4-address (RFC 2544 Benchmarking)
Syntax source-ipv4-address address;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the source IPv4 address to be used in generated test frames. This parameter is
optional for both ccc and inet families. If you do not configure the source IPv4 address
for an inet family, the source address of the interface is used to transmit the test frames.
Options address—Valid IPv4 address.
Default: If you do not configure the source IPv4 address for a ccc family, default
value of 192.168.1.10 is used.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
source-mac-address (RFC2544 Benchmarking)
Syntax source-mac-address mac-address;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X53 for ACX Series routers.
Statement introduced in Junos OS Release 14.2 for MX104 3D Universal Edge Routers.
Description Specify the source MAC address used in generated test frames. This parameter is
applicable for a bridge family.
Options mac-address—Source MAC address. Specify the MAC address as six hexadecimal bytes
in one of the following formats: nnnn.nnnn.nnnn or nn:nn:nn:nn:nn:nn; for example,
0011.2233.4455 or 00:11:22:33:44:55.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • RFC2544-Based Benchmarking Tests Overview
Documentation
• Configuring an RFC2544-Based Benchmarking Test
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 367
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
source-udp-port (RFC 2544 Benchmarking)
Syntax source-udp-port port-number;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 12.3X52 for ACX Series routers.
Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the UDP port of the source to be used in the UDP header for the generated frames.
If you do not specify the UDP port, the default value of 4041 is used.
Options port-number—Source UDP port number for the test frames
Default: 4041
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
stamp
Syntax (stamp | no-stamp);
Hierarchy Level [edit forwarding-options sampling family (inet |inet6 |mpls) output file]
Release Information Statement introduced before Junos OS Release 7.4.
Description Include a timestamp with each line in the output file.
Options no-stamp—Do not include timestamps. This is the default.
stamp—Include a timestamp with each line of packet sampling information.
Default: No timestamp is included.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Traffic Sampling on page 59
Documentation
368 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
syslog
Syntax (syslog | no-syslog);
Hierarchy Level [edit interfaces mo-fpc/pic/port multiservice-options]
Release Information Statement introduced before Junos OS Release 7.4.
Description System logging is enabled by default. The system log information of the Monitoring
Services PIC is passed to the kernel for logging in the/var/log directory.
• syslog—Enable PIC system logging.
• no-syslog—Disable PIC system logging.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Monitoring on page 6
Documentation
target (Services RPM)
Syntax target (url url | address address);
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Packet Transport Routers.
Description Specify the destination address or URL used for the probes.
Options url url—For HTTP probe types, specify a fully formed URL that includes http:// in the URL
address.
address address—For all other probe types, specify an IPv4 address for the target host.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
Copyright © 2014, Juniper Networks, Inc. 369
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
tcp
Syntax tcp {
destination-interface interface-name;
port port;
}
Hierarchy Level [edit services rpm probe-server]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the port information for the TCP server.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Receiver Servers on page 151
Documentation
370 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
templates
Syntax templates {
template-name {
interval-duration interval-duration;
inactive-timeout inactive-timeout;
rate {
(layer3 layer3-packets-per-second | media media-bits-per-second);
}
delay-factor {
;
threshold {
(info | warning | critical) delay-factor-threshold;
}
}
media-loss-rate {
disable;
threshold {
(info | warning | critical) percentage mlr-percentage | packet-count mlr-packet-count);
}
}
media-rate-variation {
disable;
threshold {
(info | warning | critical) mrv-variation;
}
}
media-packets-count-in-layer3 media-packets-count-in-layer3;
media-packet-size media-packet-size;
}
}
Hierarchy Level [edit services video-monitoring]
Release Information Statement introduced in Junos OS Release 14.1.
Description Configure the media delivery index template containing the measurement parameters
for video monitoring.
Options delay-factor—Define delay factor syslog threshold levels.
delay-factor-threshold—Delay factor threshold in milliseconds. When the threshold is
exceeded, a syslog message is generated.
Default: 0—Do not generate syslogs.
Range: 0 though 65535 milliseconds
disable—Disable logging for the threshold.
inactive-timeout—Number of seconds of flow inactivity after which time media delivery
index statistics collection for a flow is terminated.
Range: 30 through 300 seconds
Copyright © 2014, Juniper Networks, Inc. 371
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
info | warning | critical—Level of syslog message generated when a threshold is exceeded.
interval-duration—Number of seconds after which time media delivery index flow
monitoring statistics for the interval are reported.
Range: 1 through 50
layer3-packets-per-second—Layer 3 packet rate in IP packets per second.
Range: 0 though 4,294,967,295 pps
media-bits-per-second—Media bit rate for the stream in bits per second.
media-loss-rate—Define media loss rate syslog threshold levels.
media-packets-count-in-layer-3—Number of media packets in an IP packet.
Range: 1 through 32
media-packet-size—Size of media packet in bits.
Default: 188
Range: 1 through 2048
media-rate-variation—Define delay factor syslog threshold levels.
mlr-packet-count—Media loss rate threshold expressed as the number of packets dropped.
When the threshold is exceeded, a syslog message is generated.
mlr-percentage—Media loss rate threshold expressed as the percentage of total packets
dropped. When the threshold is exceeded, a syslog message is generated.
Range: 0 through 100
mrv-variation—Media rate variation threshold. The variation is the ratio of actual media
rate to the configured media rate, expressed as a percentage.
template-name—Name of the template containing media delivery index measurement
criteria. The template can be assigned to an interface.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Video Monitoring on page 227
Documentation
372 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
test
Syntax test test-name {
data-fill data;
data-size size;
destination-interface interface-name;
destination-port port;
dscp-code-point dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance instance-name;
source-address address;
target (url url | address address);
test-interval interval;
thresholds thresholds;
traps traps;
}
Hierarchy Level [edit services rpm probe owner]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the range of probes over which the standard deviation, average, and jitter are
calculated. The test name combined with the owner name represent a single RPM
configuration instance.
Options test-name—Specify a test name. The name can be up to 32 characters in length.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
Copyright © 2014, Juniper Networks, Inc. 373
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
tests (RFC 2544 Benchmarking)
Syntax tests {
test-name test-name {
test-interface interface-name;
mode reflect;
family (inet | ccc);
destination-ipv4-address address;
destination-udp-port port-number;
source-ipv4-address address;
source-udp-port port-number;
direction (egress | ingress);
}
}
Hierarchy Level [edit services rpm rfc2544-benchmarking]
Release Information Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the attributes of the test iteration, such as the address family (type of service,
IPv4 or Ethernet), the logical interface, test duration, and test packet size, that are used
for a benchmarking test to be run. The test name combined with the test profile represent
a single real-time performance monitoring (RPM) configuration instance.
Options tests—Define the test iteration for the RFC 2544-based benchmarking test.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
374 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
test-interface (RFC 2544 Benchmarking)
Syntax test-interface interface-name;
Hierarchy Level [edit services rpm rfc2544-benchmarkingtests test-name test-name]
Release Information Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Specify the logical interface on which the RFC 2544-based benchmarking test is run. If
you configure an inet family and the test mode to initiate and terminate test frames on
the same device, the interface you configure is not effective. Instead, the test is run on
the egress logical interface that is determined using route lookup on the specified
destination IPv4 address. If you configure an inet family and the test mode to reflect the
frames back on the sender from the other end, the logical interface is used as the interface
to enable the reflection service (reflection is performed on the packets entering the
specified interface). If you not configure the logical interface for reflection test mode, a
lookup is performed on the source IPv4 address to determine the interface that hosts
the address.
Options interface-name—Name of the logical interface on which the test needs to be run.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 375
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
test-interval
Syntax test-interval frequency;
Hierarchy Level [edit services rpm bgp],
[edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the time to wait between tests, in seconds.
Options frequency—Number of seconds, from 0 through 86400.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring BGP Neighbor Discovery Through RPM on page 158
Documentation
• Configuring RPM Probes on page 147
376 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
test-name (RFC 2544 Benchmarking)
Syntax test-name test-name {
test-interface interface-name;
mode reflect;
family (inet | ccc);
destination-ipv4-address address;
destination-udp-port port-number;
source-ipv4-address address;
source-udp-port port-number;
direction (egress | ingress);
}
Hierarchy Level [edit services rpm rfc2544-benchmarking tests]
Release Information Statement introduced in Junos OS Release 13.3 for MX104 3D Universal Edge Routers.
Description Define the name of the RFC 2544-based benchmarking test. For each unique test name
that you configure, you can specify a test profile, which contains the settings for a test
and its type, and also a test interface, which contains the settings for test packets that
are sent and received on the selected interface.
Options test-name—Specify a test name. The name can be up to 32 characters in length.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 377
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
thresholds
Syntax thresholds thresholds;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Packet Series Transport Routers.
Description Specify thresholds used for the probes. A system log message is generated when the
configured threshold is exceeded. Likewise, an SNMP trap (if configured) is generated
when a threshold is exceeded.
Options thresholds—Specify one or more threshold measurements. The following options are
supported:
• egress-time—Measures maximum source-to-destination time per probe.
• ingress-time—Measures maximum destination-to-source time per probe.
• jitter-egress—Measures maximum source-to-destination jitter per test.
• jitter-ingress—Measures maximum destination-to- source jitter per test.
• jitter-rtt—Measures maximum jitter per test, from 0 through 60,000,000 microseconds.
• rtt—Measures maximum round-trip time per probe, in microseconds.
• std-dev-egress—Measures maximum source-to-destination standard deviation per
test.
• std-dev-ingress—Measures maximum destination-to-source standard deviation per
test.
• std-dev-rtt—Measures maximum standard deviation per test, in microseconds.
• successive-loss—Measures successive probe loss count, indicating probe failure.
• total-loss—Measures total probe loss count indicating test failure, from 0 through 15.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
378 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
traceoptions (Forwarding Options)
Syntax traceoptions {
no-remote-trace;
file filename <files number> <size bytes> <match expression> <world-readable |
no-world-readable>;
}
Hierarchy Level [edit forwarding-options port-mirroring],
[edit forwarding-options sampling]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure traffic sampling tracing operations.
The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Tracing Traffic Sampling Operations on page 65
Documentation
Copyright © 2014, Juniper Networks, Inc. 379
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
traceoptions (RPM)
Syntax traceoptions {
file filename <files number> <match regular-expression > <size maximum-file-size>
<world-readable | no-world-readable>;
flag flag;
}
Hierarchy Level [edit services rpm]
Release Information Statement introduced in Junos OS Release 13.2.
Description Define tracing operations for RPM processes.
Options file filename—Name of the file to receive the output of the tracing operation. All files are
placed in the directory /var/log.
Default: rmopd
files number—(Optional) Maximum number of trace files to create before overwriting the
oldest one. If you specify a maximum number of files, you also must specify a
maximum file size with the size option.
Range: 2 through 1000
Default: 3 files
match regular-expression—(Optional) Refine the output to include lines that contain the
regular expression.
size maximum-file-size—(Optional) Maximum size of each trace file. By default, the number
entered is treated as bytes. Alternatively, you can include a suffix to the number to
indicate kilobytes (KB), megabytes (MB), or gigabytes (GB). If you specify a maximum
file size, you also must specify a maximum number of trace files with the files option.
Range: 10 KB through 1 GB
Default: 128 KB
world-readable—(Optional) Enable unrestricted file access.
no-world-readable—(Default) Disable unrestricted file access. This means the log file
can be accessed only by the user who configured the tracing operation.
flag flag—Tracing operation to perform. To specify more than one tracing operation,
include multiple flag statements. You can include the following flags:
• all—Trace all operations.
• configuration—Trace configuration events.
• error—Trace events related to catastrophic errors in daemon.
• ipc—Trace IPC events.
• ppm—Trace ppm events.
• statistics—Trace statistics.
380 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
Required Privilege trace—To view this statement in the configuration.
Level trace-control—To add this statement to the configuration.
Related • Tracing RPM Operations on page 161
Documentation
transfer
Syntax transfer {
record-level number;
timeout seconds;
}
Hierarchy Level [edit services flow-collector file-specification variant variant-number]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify when to send the flow collection file. The file is sent when either of the two
conditions is met.
Options record-level number—Number of flow collection files collected.
timeout seconds—Timeout duration.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring File Formats on page 29
Documentation
Copyright © 2014, Juniper Networks, Inc. 381
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
transfer-log-archive
Syntax transfer-log-archive {
archive-sites {
ftp:url {
password "password";
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
Hierarchy Level [edit services flow-collector]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure the filename prefix, maximum age, and destination FTP server for log files
containing the transfer activity history for a flow collector interface.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Transfer Logs on page 30
Documentation
382 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
traps
Syntax traps traps;
Hierarchy Level [edit services rpm probe owner test test-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Set the trap bit to generate traps for probes. Traps are sent if the configured threshold
is met or exceeded.
Options traps—Specify one or more traps. The following options are supported:
• egress-jitter-exceeded—Generates traps when the jitter in egress time threshold is met
or exceeded.
• egress-std-dev-exceeded—Generates traps when the egress time standard deviation
threshold is met or exceeded.
• egress-time-exceeded—Generates traps when the maximum egress time threshold is
met or exceeded.
• ingress-jitter-exceeded—Generates traps when the jitter in ingress time threshold is
met or exceeded.
• ingress-std-dev-exceeded—Generates traps when the ingress time standard deviation
threshold is met or exceeded.
• ingress-time-exceeded—Generates traps when the maximum ingress time threshold
is met or exceeded.
• jitter-exceeded—Generates traps when the jitter in round-trip time threshold is met or
exceeded.
• probe-failure—Generates traps for successive probe loss thresholds crossed.
• rtt-exceeded—Generates traps when the maximum round-trip time threshold is met
or exceeded.
• std-dev-exceeded—Generates traps when the round-trip time standard deviation
threshold is met or exceeded.
• test-completion—Generates traps when a test is completed.
• test-failure—Generates traps when the total probe loss threshold is met or exceeded.
NOTE: For RPM traps to be generated, you must configure the
remote-operations SNMP trap category by including the categories statement
at the [edit snmp trap-group trap-group-name hierarchy level.
Copyright © 2014, Juniper Networks, Inc. 383
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Probes on page 147
Documentation
• categories
ttl
Syntax ttl hops;
Hierarchy Level [edit services dynamic-flow-capture capture-group client-name content-destination
identifier]
Release Information Statement introduced in Junos OS Release 7.4.
Description Time-to-live (TTL) value for the IP-IP header.
Options hops—TTL value.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring the Content Destination on page 38
Documentation
384 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
twamp
Syntax twamp {
server {
authentication-mode mode;
client-list list-name {
[ address address ];
}
inactivity-timeout seconds;
max-connection-duration hours;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
server-inactivity-timeout minutes;
}
}
Hierarchy Level [edit services rpm]
Release Information Statement introduced in Junos OS Release 9.3.
Description Two-Way Active Measurement Protocol (TWAMP) configuration settings.
The remaining statements are described separately.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
twamp-server
Syntax twamp-server;
Hierarchy Level [edit interfaces sp-fpc/pic/port unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 9.3.
Description Specify the service PIC logical interface to provide the TWAMP service.
Required Privilege system—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring TWAMP on page 156
Documentation
Copyright © 2014, Juniper Networks, Inc. 385
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
template (Forwarding Options)
Syntax template template-name;
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname version9],
[edit forwarding-options sampling family (inet |inet6 |mpls) output flow-server hostname
version9]
Release Information Statement introduced in Junos OS Release 8.3.
Description Specify flow monitoring version 9 template to be used for output of sampling records.
Options template-name—Name of the version 9 template.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
386 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
template-id
Syntax template-id id;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 14.1.
Description Define a template ID to be used for flow aggregation of version 9 and IPFIX flows. If you
do not configure values for the template ID and options template ID, default values are
assumed for these IDs, which are different for the various address families. If you configure
the same template ID or options template ID value for different address families, such
a setting is not processed properly and might cause unexpected behavior. For example,
if you configure the same template ID value for both IPv4 and IPv6, the collector validates
the export data based on the template ID value that it last receives. In this case, if IPv6
is configured after IPv4, the value is effective for IPv6 and the default value is used for
IPv4.
Options id—Specify a unique identifier for the template to be used for version 9 or IPFIX flows.
Range: 1024 through 65535
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Observation Domain ID and Source ID for Version 9 and IPFIX Flows on
Documentation page 106
• Configuring Template ID and Options Template ID for Version 9 and IPFIX Flows on
page 109
Copyright © 2014, Juniper Networks, Inc. 387
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
template-refresh-rate
Syntax template-refresh-rate packets packets seconds seconds;
Hierarchy Level [edit services flow-monitoring version9 template template-name]
[edit services flow-monitoringversion-ipfix template template-name]
Release Information Statement introduced in Junos OS Release 8.3.
Support at the [edit services flow-monitoring version-ipfix template template-name]
hierarchy level added in Junos OS Release 10.2.
Description Specify the refresh rate, in either packets or seconds.
Options packets—Refresh rate, in number of packets.
Range: 1 through 480,000
Default: 4800
seconds—Refresh rate, in number of seconds.
Range: 10 through 600
Default: 600
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
trio-flow-offload
Syntax trio-flow-offload minimum-bytes minimum-bytes;
Hierarchy Level [edit interfaces interface-name services-options]
Release Information Statement introduced in Junos OS Release 12.1.
Description Enable any plug-in or daemon on a PIC to generate a flow offload request to of-load
flows to the Packet Forwarding Engine. This command is available on MX Series routers
with Modular Port Concentrators (MPCs) and Modular Interface Cards (MICs).
Options minimum-bytes—The minimum number of bytes that trigger offloading. When this option
is omitted, offloading is triggered when both the forward and reverse flows of the
session have begun, meaning that at least one packet has flowed in each direction.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Flow Offloading on page 15
Documentation
388 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
udp
Syntax udp {
destination-interface interface-name;
port port;
}
Hierarchy Level [edit services rpm probe-server]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Specify the port information for the UDP server.
The remaining statements are explained separately.
NOTE: The destination-interface statement is not supported on PTX Series
routers.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring RPM Receiver Servers on page 151
Documentation
Copyright © 2014, Juniper Networks, Inc. 389
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
unit
Syntax unit logical-unit-number {
family inet {
address address {
destination destination-address;
}
filter {
group filter-group-number;
input filter-name;
output filter-name;
}
sampling direction;
}
}
Hierarchy Level [edit interfaces interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure a logical interface on the physical device. You must configure a logical interface
to be able to use the physical device.
Options logical-unit-number—Number of the logical unit.
Range: 0 through 16,384
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Junos OS Network Interfaces Library for Routing Devices for other statements that do
Documentation no affect services interfaces.
• Junos OS Network Interfaces Library for Routing Devices
390 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
username (Services)
Syntax username user-name;
Hierarchy Level [edit services flow-collector transfer-log-archive archive-sites]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the username for the transfer log server.
Options username—FTP server username.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Transfer Logs on page 30
Documentation
variant
Syntax variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
Hierarchy Level [edit services flow-collector file-specification]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure a variant of the file format.
Options The statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring File Formats on page 29
Documentation
Copyright © 2014, Juniper Networks, Inc. 391
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
version
Syntax version format;
Hierarchy Level [edit forwarding-options accounting name output flow-server hostname],
[edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname],
[edit forwarding-options sampling family (inet |inet6 |mpls) output flow-server hostname]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the version format of the aggregated flows exported to a cflowd server.
Options format—Format of the flows.
Values: 5 or 8
Default: 5
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • export-format on page 278
Documentation
• Enabling Flow Aggregation on page 86
version9 (Forwarding Options)
Syntax version9 {
template template-name;
}
Hierarchy Level [edit forwarding-options sampling instance instance-name family (inet |inet6 |mpls) output
flow-server hostname],
[edit forwarding-options sampling family (inet |inet6 |mpls) output flow-server hostname]
Release Information Statement introduced in Junos OS Release 8.3.
Description Specify flow monitoring version 9 properties to apply to output sampling records. The
remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Flow Aggregation to Use Version 9 Flow Templates on page 91
Documentation
392 Copyright © 2014, Juniper Networks, Inc.
Chapter 13: Configuration Statements
video-monitoring
Syntax video-monitoring {
templates {
template-name {
interval-duration interval-duration;
inactive-timeout inactive-timeout;
rate {
(layer3 layer3-packets-per-second | media media-bits-per-second);
}
delay-factor {
disable;
threshold {
(info | warning | critical) delay-factor-threshold;
}
}
media-loss-rate {
disable;
threshold {
(info | warning | critical) percentage mlr-percentage | packet-count
mlr-packet-count);
}
}
media-rate-variation {
;
threshold {
(info |warning | critical) mrv-variation;
}
}
media-packets-count-in-layer3 media-packets-count-in-layer3;
media-packet-size media-packet-size;
}
}
interfaces {
interface-name {
family {
inet {
input-flows {
input-flow-name {
source-address [ address ];
destination-address [ address ];
source-port [ port ];
destination-port [ port ];
template template-name;
}
}
output-flows {
output-flow-name {
source-address [ address ];
destination-address [ address ];
source-port [ port ];
destination-port [ port ];
template template-name;
}
Copyright © 2014, Juniper Networks, Inc. 393
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
}
}
}
}
}
}
Hierarchy Level [edit services]
Release Information Statement introduced in Junos OS Release 14.1.
Description Define the options for video monitoring using media delivery index options for metrics.
The remaining statements are explained separately.
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Inline Video Monitoring on page 227
Documentation
world-readable
Syntax (world-readable | no-world-readable);
Hierarchy Level [edit forwarding-options port-mirroring traceoptions file],
[edit forwarding-options sampling family (inet |inet6 |mpls) output file],
[edit forwarding-options sampling traceoptionsfile]
Release Information Statement introduced before Junos OS Release 7.4.
Description Enable unrestricted file access.
Options no-world-readable—Restrict file access to owner. This is the default.
world-readable—Enable unrestricted file access.
Default: no-world-readable
Required Privilege interface—To view this statement in the configuration.
Level interface-control—To add this statement to the configuration.
Related • Configuring Port Mirroring on page 121
Documentation
• Configuring Traffic Sampling on page 59
394 Copyright © 2014, Juniper Networks, Inc.
CHAPTER 14
Operational Commands
• clear passive-monitoring statistics
• clear services accounting statistics inline-jflow
• clear services accounting statistics inline-jflow
• clear services dynamic-flow-capture
• clear services flow-collector statistics
• clear services rpm twamp server connection
• clear services video-monitoring mdi errors fpc-slot
• clear services video-monitoring mdi statistics fpc-slot
• request services flow-collector change-destination primary interface
• request services flow-collector change-destination secondary interface
• request services flow-collector test-file-transfer
• show forwarding-options next-hop-group
• show forwarding-options port-mirroring
• show interfaces (Dynamic Flow Capture)
• show interfaces (Flow Collector)
• show interfaces (Flow Monitoring)
• show passive-monitoring error
• show passive-monitoring flow
• show passive-monitoring memory
• show passive-monitoring status
• show passive-monitoring usage
• show services accounting aggregation
• show services accounting aggregation template
• show services accounting errors
• show services accounting flow
• show services accounting flow-detail
• show services accounting memory
• show services accounting packet-size-distribution
Copyright © 2014, Juniper Networks, Inc. 395
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
• show services accounting status
• show services accounting usage
• show services dynamic-flow-capture content-destination
• show services dynamic-flow-capture control-source
• show services dynamic-flow-capture statistics
• show services flow-collector file interface
• show services flow-collector input interface
• show services flow-collector interface
• show services rpm active-servers
• show services rpm history-results
• show services rpm probe-results
• show services rpm rfc2544-benchmarking
• show services rpm rfc2544-benchmarking test-id
• show services rpm twamp server connection
• show services rpm twamp server session
• show services video-monitoring mdi errors fpc-slot
• show services video-monitoring mdi flows fpc-slot
• show services video-monitoring mdi stats fpc-slot
• test services rpm rfc2544-benchmarking test
396 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
clear passive-monitoring statistics
Syntax clear passive-monitoring statistics (all | interface interface-name)
Release Information Command introduced in Junos OS Release 7.6.
Description (M40e, M160, and M320 routers and T Series routers only) Clear statistics for one passive
monitoring interface or for all passive monitoring interfaces.
Options all—Clear statistics for all configured passive monitoring interfaces.
interface interface-name—Clear statistics for the specified passive monitoring interface
(mo-fpc/pic/port).
Required Privilege network
Level
List of Sample Output clear passive-monitoring statistics on page 397
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
clear passive-monitoring statistics
user@host> clear passive-monitoring statistics interface mo-5/0/0
Copyright © 2014, Juniper Networks, Inc. 397
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
clear services accounting statistics inline-jflow
Syntax clear services accounting statistics inline-jflow
<inline-jflow (fpc-slot slot-number)>
Release Information Command introduced in Junos OS Release 14.2 for MX Series routers.
Description Clear inline flow statistics for a specified FPC.
Options fpc-slot slot-number—Clear inline flow statistics for the specified FPC.
• MX80 routers only—Replace slot-number with a value from 0 through 1.
• MX104 routers only—Replace slot-number with a value from 0 through 2.
• MX240 routers only—Replace slot-number with a value from 0 through 2.
• MX480 routers only—Replace slot-number with a value from 0 through 5.
• MX960 routers only—Replace slot-number with a value from 0 through 11.
• MX2010 routers only—Replace slot-number with a value from 0 through 9.
• MX2020 routers only—Replace slot-number with a value from 0 through 19.
Required Privilege view
Level
Related • show services accounting flow on page 447
Documentation
Sample Output
clear services accounting statistics inline-jflow
user@host> regress@mobsoln480b# run clear services accounting statistics inline-jflow fpc-slot
5
Statistics Cleared
398 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
clear services accounting statistics inline-jflow
Syntax clear services accounting statistics inline-jflow
<inline-jflow (fpc-slot slot-number)>
Release Information Command introduced in Junos OS Release 14.2 for MX Series routers.
Description Clear inline flow statistics for a specified FPC.
Options fpc-slot slot-number—Clear inline flow statistics for the specified FPC.
• MX80 routers only—Replace slot-number with a value from 0 through 1.
• MX104 routers only—Replace slot-number with a value from 0 through 2.
• MX240 routers only—Replace slot-number with a value from 0 through 2.
• MX480 routers only—Replace slot-number with a value from 0 through 5.
• MX960 routers only—Replace slot-number with a value from 0 through 11.
• MX2010 routers only—Replace slot-number with a value from 0 through 9.
• MX2020 routers only—Replace slot-number with a value from 0 through 19.
Required Privilege view
Level
Related • show services accounting flow on page 447
Documentation
Sample Output
clear services accounting statistics inline-jflow
user@host> regress@mobsoln480b# run clear services accounting statistics inline-jflow fpc-slot
5
Statistics Cleared
Copyright © 2014, Juniper Networks, Inc. 399
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
clear services dynamic-flow-capture
Syntax clear services dynamic-flow-capture capture-group group-name
<criteria-identifier identifier>
<destination-identifier identifier>
<force>
<static>
Release Information Command introduced in Junos OS Release 7.4.
Description (M320 routers and T Series routers only) Clear dynamic flow capture information for
specified capture group.
Options capture-group group-name—Capture-group identifier.
criteria-identifier identifier—(Optional) Criteria identifier.
destination-identifier identifier—(Optional) Content destination identifier.
force—(Optional) Force clearing of criteria.
static—(Optional) Clear static criteria.
Required Privilege network
Level
List of Sample Output clear services dynamic-flow-capture on page 400
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
clear services dynamic-flow-capture
user@host> clear services dynamic-flow-capture capture-group flow-a
400 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
clear services flow-collector statistics
Syntax clear services flow-collector statistics (all | interface interface-name)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Clear statistics for one flow
collector interface or for all flow collector interfaces.
Options all—Clear statistics for all configured flow collector interfaces.
interface interface-name—Clear statistics for the specified flow collector interface
(cp-fpc/pic/port).
Required Privilege network
Level
List of Sample Output clear services flow-collector statistics on page 401
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
clear services flow-collector statistics
user@host> clear services flow-collector statistics interface cp-5/0/0
Flow collector interface: cp-5/0/0
Interface state: Collecting flows
Statistics cleared successfully
Copyright © 2014, Juniper Networks, Inc. 401
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
clear services rpm twamp server connection
Syntax clear services rpm twamp server connection
<connection-id>
Release Information Command introduced in Junos OS Release 9.3.
Description Clear connections established between the real-time performance monitoring (RPM)
Two-Way Active Measurement Protocol (TWAMP) server and control clients. By default
all established connections are cleared (along with the sessions on those connections).
To clear only a specific connection, specify the connection ID when you issue the
command.
Options connection-id—(Optional) Clear only the specified connection.
Required Privilege clear
Level
402 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
clear services video-monitoring mdi errors fpc-slot
Syntax clear services video-monitoring mdi errors fpc-slot fpc-slot
Release Information Command introduced in Junos OS Release 14.1.
Description Clear all media delivery index error counters.
Options fpc-slot—Number of the fpc slot.
Required Privilege clear
Level
Related • show services video-monitoring mdi stats fpc-slot on page 525
Documentation
Copyright © 2014, Juniper Networks, Inc. 403
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
clear services video-monitoring mdi statistics fpc-slot
Syntax clear services video-monitoring mdi statistics fpc-slot fpc-slot
Release Information Command introduced in Junos OS Release 14.1.
Description Clear all media delivery index statistics counters except for active flows.
Options fpc-slot—Number of the fpc slot.
Required Privilege clear
Level
Related • show services video-monitoring mdi stats fpc-slot on page 525
Documentation
404 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
request services flow-collector change-destination primary interface
Syntax request services flow-collector change-destination primary interface cp-fpc/pic/port
<clear-files>
<clear-logs>
<immediately | gracefully>
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Switch to the primary File
Transfer Protocol (FTP) server that is configured as a flow collector.
Options none—Switch to the primary FTP server.
cp-fpc/pic/port—Specify the flow collector interface name for the primary destination.
clear-files—(Optional) Request clearing of existing data files in the FTP wait queue when
the switch takes place.
clear-logs—(Optional) Request clearing of existing logs when the switch takes place.
immediately | gracefully—(Optional) Specify whether you want the switch to take place
immediately, or to affect only newly created files.
Required Privilege maintenance
Level
List of Sample Output request services flow-collector change-destination primary interface on page 405
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
request services flow-collector change-destination primary interface
user@host> request services flow-collector change-destination primary interface cp-6/0/0
Flow collector interface: cp-6/0/0
Interface state: Collecting flows
Destination change successful
Copyright © 2014, Juniper Networks, Inc. 405
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
request services flow-collector change-destination secondary interface
Syntax request services flow-collector change-destination secondary interface cp-fpc/pic/port
<clear-files>
<clear-logs>
<immediately | gracefully>
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Switch to the secondary File
Transfer Protocol (FTP) server that is configured as a flow collector.
Options none—Switch to the secondary FTP server.
cp-fpc/pic/port—Specify the flow collector interface name (cp-fpc/pic/port) for the
secondary destination.
clear-files—(Optional) Request clearing of existing data files in the FTP wait queue when
the switch takes place.
clear-logs—(Optional) Request clearing of existing logs when the switch takes place.
immediately | gracefully—(Optional) Specify whether you want the switch to take place
immediately, or to affect only newly created files.
Required Privilege maintenance
Level
List of Sample Output request services flow-collector change-destination secondary interface on page 406
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
request services flow-collector change-destination secondary interface
user@host> request services flow-collector change-destination secondary interface cp-6/0/0
Flow collector interface: cp-6/0/0
Interface state: Collecting flows
Destination change successful
406 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
request services flow-collector test-file-transfer
Syntax request services flow-collector test-file-transfer filename interface (all | cp-fpc/pic/port)
(channel-zero | channel-one) (primary | secondary)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers, PTX Series, and T Series routers only) Transfer a test
file to the primary or secondary File Transfer Protocol (FTP) server that is configured as
a flow collector. This command verifies that the output side of the flow collector interface
is operating properly.
Options filename—Name of the test file to transfer.
interface all | cp-fpc/pic/port)—Transfer a test file of flows from all configured flow
collector interfaces or from only the specified interface.
channel-zero | channel-one—Transfer a file from export channel 0 (unit 0) or channel 1
(unit 1) of the PIC.
primary | secondary—Transfer a file to the primary or secondary server configured as a
flow collector.
Required Privilege network
Level
List of Sample Output request services flow-collector test-file-transfer on page 407
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
request services flow-collector test-file-transfer
user@router> request services flow-collector test-file-transfer test_file interface cp-7/1/0
channel-one primary
Flow collector interface: cp-7/1/0
Interface state: Collecting flows
Response: Test file transfer successfully scheduled
Copyright © 2014, Juniper Networks, Inc. 407
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show forwarding-options next-hop-group
Syntax show forwarding-options next-hop-group
<terse | brief | detail>
<group-name>
Release Information Command introduced in Junos OS Release 9.6.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Support for IPv6 introduced in Junos OS Release 14.2 for the MX Series routers.
Description Display current state of next-hop groups.
Options terse | brief | detail—(Optional) Display the specified level of output.
group-name—(Optional) Display a single next-hop group.
Required Privilege view
Level
Related • show forwarding-options port-mirroring on page 411
Documentation
List of Sample Output show forwarding-options next-hop-group terse on page 409
show forwarding-options next-hop-group brief on page 409
show forwarding-options next-hop-group detail on page 409
Output Fields Table 13 on page 408 lists the output fields for the show forwarding-options next-hop-group
command. Output fields are listed in the approximate order in which they appear.
Table 13: show forwarding-options next-hop-group Output Fields
Field Name Field Description Level of Output
Next-hop-group Name of next-hop group. All levels
Type Next-hop group type, such as inet, inet6 or layer-2. All levels
State Next-hop group state, either up or down. All levels
Members Interfaces Names of interfaces to which next-hop group members belong. brief detail
Member Subgroup Names of subgroups to which next-hop group members belong. brief detail
Number of Number of next-hop group members configured. detail
members
configured
Number of Number of next-hop group members that are up. detail
members that are
up
408 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 13: show forwarding-options next-hop-group Output Fields (continued)
Field Name Field Description Level of Output
Number of Number of subgroups configured. detail
subgroups
configured
Number of Number of subgroups that are up. detail
subgroups that are
up
Sample Output
show forwarding-options next-hop-group terse
user@host> show forwarding-options next-hop-group terse
Next-hop-group Type State
nhg inet up
nhg6 inet6 up
vpls_nhg_2 layer-2 down
show forwarding-options next-hop-group brief
user@host> show forwarding-options next-hop-group brief
Next-hop-group: nhg
Type: inet
State: up
Members Interfaces:
ge-0/2/8.0 next-hop 30.1.1.10
ge-5/1/8.0 next-hop 10.1.1.10
ge-5/1/9.0 next-hop 20.1.1.10
Next-hop-group: nhg6
Type: inet6
State: up
Members Interfaces:
ge-5/1/5.0 next-hop 10::1:1:10
ge-5/1/6.0 next-hop 20::1:1:10
Member Subgroup: nhsg6
Members Interfaces:
ge-5/0/4.0 next-hop 3::1:1:1
ge-5/1/4.0 next-hop 4::1:1:1
Next-hop-group: vpls_nhg_2
Type: layer-2 State: down
show forwarding-options next-hop-group detail
user@host> show forwarding-options next-hop-group detail
Next-hop-group: nhg
Type: inet
State: up
Number of members configured : 3
Number of members that are up : 3
Number of subgroups configured : 0
Number of subgroups that are up : 0
Copyright © 2014, Juniper Networks, Inc. 409
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Members Interfaces: State
ge-0/2/8.0 next-hop 30.1.1.10 up
ge-5/1/8.0 next-hop 10.1.1.10 up
ge-5/1/9.0 next-hop 20.1.1.10 up
Next-hop-group: nhg6
Type: inet6
State: up
Number of members configured : 2
Number of members that are up : 2
Number of subgroups configured : 1
Number of subgroups that are up : 1
Members Interfaces: State
ge-5/1/5.0 next-hop 10::1:1:10 up
ge-5/1/6.0 next-hop 20::1:1:10 up
Member Subgroup: nhsg6 up
Number of members configured : 2
Number of members that are up : 2
Members Interfaces: State
ge-5/0/4.0 next-hop 3::1:1:1 up
ge-5/1/4.0 next-hop 4::1:1:1 up
Next-hop-group: vpls_nhg_2
Number of members configured : 2
Number of members that are up : 0
Number of subgroups configured : 0
Number of subgroups that are up : 0
Type: layer-2 State: down
Members Interfaces: State
ge-2/2/1.100 down
ge-2/3/9.0 down
410 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show forwarding-options port-mirroring
Syntax show forwarding-options port-mirroring
<terse | detail>
<instance-name>
Release Information Command introduced in Junos OS Release 9.6.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Description Display current state of port-mirroring instances.
Options terse | detail—(Optional) Display the specified level of output.
instance-name—(Optional) Display a single port-mirroring instance.
Required Privilege view
Level
Related
Documentation
List of Sample Output show forwarding-options port-mirroring terse on page 412
show forwarding-options port-mirroring detail on page 412
Output Fields Table 14 on page 411 lists the output fields for the show forwarding-options port-mirroring
command. Output fields are listed in the approximate order in which they appear.
Table 14: show forwarding-options port-mirroring Output Fields
Field Name Field Description Level of Output
Instance Name Name of port-mirroring instance. All levels
Instance Id Instance identification number. All levels
State Instance state, either up or down. All levels
Input parameters
Rate Rate (ratio of packets sampled). detail
Run-length Run length (number of consecutive packets sampled). detail
Maximum-packet-length Maximum packet length. detail
Output parameters
Family Protocol family. detail
State Instance state, either up or down. detail
Destination Destination (next-hop group name). detail
Copyright © 2014, Juniper Networks, Inc. 411
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Sample Output
show forwarding-options port-mirroring terse
user@host> show forwarding-options port-mirroring terse
Instance Name Instance Id State
&global_instance 1 up
inst1 2 up
show forwarding-options port-mirroring detail
user@host> show forwarding-options port-mirroring detail
Instance Name: &global_instance
Instance Id: 1 State: up
Input parameters:
Rate: 10
Run-length: 4
Maximum-packet-length: 0
Output parameters:
Family: inet State: up Destination: inet_nhg
Family: vpls/eth-switch State: up Destination: vpls_nhg
Instance Name: inst1
Instance Id: 2 State: up
Input parameters:
Rate: 1
Run-length: 0
Maximum-packet-length: 200
Output parameters:
Family: inet State: up Destination: inet_nhg
Family: vpls/eth-switch State: down Destination: vpls_nhg_2
412 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show interfaces (Dynamic Flow Capture)
Syntax show interfaces dfc-fpc/pic/port:channel
<brief | detail | extensive | terse>
<descriptions>
<media>
<snmp-index snmp-index>
<statistics>
Release Information Command introduced in Junos OS Release 7.4.
Description (M320 and M120 routers and T Series routers only) Display status information about the
specified dynamic flow capture interface.
Options dfc-fpc/pic/port:channel—Display standard status information about the specified dynamic
flow capture interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP index
of the interface.
statistics—(Optional) Display static interface statistics.
Required Privilege view
Level
List of Sample Output show interfaces (Dynamic Flow Capture) on page 416
Output Fields Table 15 on page 413 lists the output fields for the show interfaces (Dynamic Flow Capture)
command. Output fields are listed in the approximate order in which they appear.
Table 15: Dynamic Flow Capture show interfaces Output Fields
Field Name Field Description Level of Output
Physical Interface
Physical interface Name of the physical interface. All levels
Enabled Sate of the interface. Possible values are described in the “Enabled Field” section All levels
under Common Output Fields Description.
Interface index Physical interface index number, which reflects its initialization sequence. detail extensive none
SNMP ifIndex SNMP index number for the physical interface. detail extensive none
Type Type of interface. All levels
Copyright © 2014, Juniper Networks, Inc. 413
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 15: Dynamic Flow Capture show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Link-level type Encapsulation type used on the physical interface. All levels
MTU Maximum Transmit Unit (MTU). Size of the largest packet to be transmitted. All levels
Speed Network speed on the interface. All levels
Device flags Information about the physical device. Possible values are described in the All levels
“Device Flags” section under Common Output Fields Description.
Interface flags Information about the interface. Possible values are described in the “Interface All levels
Flags” section under Common Output Fields Description.
Link type Data transmission type. All levels
Link flags Information about the link. Possible values are described in the “Link Flags” All levels
section under Common Output Fields Description.
Last flapped Date, time, and how long ago the interface went from down to up. The format detail extensive
is Last flapped: year-month-day hour:minute:second timezone (hour:minute:second
ago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Input Rate Input rate in bits per second (bps) and packets per second (pps). None specified
Output Rate Output rate in bps and pps. None specified
Traffic statistics Number and rate of bytes and packets received and transmitted on the physical detail extensive
interface.
• Input rate, Output rate—Number of bits per second (packets per second)
received and transmitted on the interface.
• Input packets, Output packets—Number of packets received and transmitted
on the interface.
Input errors • Errors—Input errors on the interface. extensive
• Drops—Number of packets dropped by the output queue of the I/O Manager
ASIC.
• Framing errors—Number of packets received with an invalid frame checksum
(FCS).
• Runts—Frames received smaller than the runt threshold.
• Giants—Frames received larger than the giant threshold.
• Policed Discards—Frames that the incoming packet match code discarded
because the frames did not recognize them or were not of interest. Usually,
this field reports protocols that the Junos OS does not support.
• Resource errors—Sum of transmit drops.
414 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 15: Dynamic Flow Capture show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Output errors • Carrier transitions—Number of times the interface has gone from down to up. extensive
This number does not normally increment quickly, increasing only when the
cable is unplugged, the far-end system is powered down and then up, or
another problem occurs. If the number of carrier transitions increments quickly,
possibly once every 10 seconds, the cable, the remote system, or the interface
is malfunctioning.
• Errors—Sum of outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/O Manager
ASIC. If the interface is saturated, this number increments once for every
packet dropped by the ASIC RED mechanism.
• Resource errors—Sum of transmit drops.
Logical Interface
Logical interface Name of the logical interface. All levels
Index Logical interface index number, which reflects its initialization sequence. detail extensive none
SNMP ifIndex Logical interface SNMP interface index number. detail extensive none
Flags Information about the logical interface; values are described in the “Logical All levels
Interface Flags” section under Common Output Fields Description.
Encapsulation Encapsulation on the logical interface. All levels
Input packets Number of packets received on the logical interface. None specified
Output packets Number of packets transmitted on the logical interface. None specified
Traffic statistics Total number of bytes and packets received and transmitted on the logical detail extensive
interface. These statistics are the sum of the local and transit statistics. When
a burst of traffic is received, the value in the output packet rate field might briefly
exceed the peak cell rate. It takes awhile (generally, less than 1 second) for this
counter to stabilize.
• Input bytes, Output bytes—Number of bytes received and transmitted on the
interface.
• Input packets, Output packets—Number of packets received and transmitted
on the interface.
Protocol Protocol family configured on the logical interface (such as iso or inet6). detail extensive none
MTU MTU size on the logical interface. detail extensive none
Flags Information about the protocol family flags. Possible values are described in detail extensive none
the “Family Flags” section under Common Output Fields Description.
Addresses, Flags Addresses associated with the logical interface and information about the detail extensive none
address flags. Possible values are described in the “Addresses Flags” section
under Common Output Fields Description.
Copyright © 2014, Juniper Networks, Inc. 415
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 15: Dynamic Flow Capture show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Destination IP address of the remote side of the connection. detail extensive none
Local IP address of the logical interface. detail extensive none
Sample Output
show interfaces (Dynamic Flow Capture)
user@host> show interfaces dfc-0/0/0
Physical interface: dfc-0/0/0, Enabled, Physical link is Up
Interface index: 146, SNMP ifIndex: 36
Type: Adaptive-Services, Link-level type: Dynamic-Flow-Capture, MTU: 9192, Speed:
2488320kbps
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps 16384
Link type : Full-Duplex
Link flags : None
Last flapped : 2005-08-26 15:08:36 PDT (01:18:42 ago)
Input rate : 0 bps (0 pps)
Output rate : 44800440 bps (100000 pps)
Logical interface dfc-0/0/0.0 (Index 67) (SNMP ifIndex 43)
Flags: Point-To-Point SNMP-Traps Encapsulation: Dynamic-Flow-Capture
Input packets : 74
Output packets: 132
Protocol inet, MTU: 9192
Flags: Receive-options, Receive-TTL-Exceeded
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.36.100.1, Local: 10.36.100.2
Logical interface dfc-0/0/0.1 (Index 68) (SNMP ifIndex 49)
Flags: Point-To-Point SNMP-Traps Encapsulation: Dynamic-Flow-Capture
Input packets : 0
Output packets: 402927263
Protocol inet, MTU: 9192
Flags: Receive-options, Receive-TTL-Exceeded
Logical interface dfc-0/0/0.2 (Index 69) (SNMP ifIndex 50)
Flags: Point-To-Point SNMP-Traps Encapsulation: Dynamic-Flow-Capture
Input packets : 0
Output packets: 0
Protocol inet, MTU: 9192
Flags: Receive-options, Receive-TTL-Exceeded
Logical interface dfc-0/0/0.16383 (Index 70) (SNMP ifIndex 44)
Flags: Point-To-Point SNMP-Traps Encapsulation: Dynamic-Flow-Capture
Input packets : 1427
Output packets: 98
Protocol inet, MTU: 9192
Flags: Receive-options, Receive-TTL-Exceeded
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.0.0.16, Local: 10.0.0.1
416 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show interfaces (Flow Collector)
Syntax show interfaces cp-fpc/pic/port:channel
<brief | detail | extensive | terse>
<descriptions>
<media>
<snmp-index snmp-index>
<statistics>
Release Information Command introduced before Junos OS Release 7.4.
Description (M Series and T Series routers only) Display status information about the specified flow
collector interface.
Options cp-fpc/pic/port:channel—Display standard status information about the specified flow
collector interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP index
of the interface.
statistics—(Optional) Display static interface statistics.
Required Privilege view
Level
List of Sample Output show interfaces extensive (Flow Collector) on page 421
Output Fields Table 16 on page 417 lists the output fields for the show interfaces (Flow Collector)
command. Output fields are listed in the approximate order in which they appear.
Table 16: Flow Collector Show interfaces Output Fields
Field Name Field Description Level of Output
Physical Interface
Physical Interface Name of the physical interface type. All levels
Link Status of the link: up or down. All levels
Enabled State of the interface type. Possible values are described in the “Enabled All levels
Devices” section under Common Output Fields Description.
Interface index Physical interface index number, which reflects its initialization sequence. detail extensive none
SNMP ifIndex SNMP index number for the physical interface. detail extensive none
Copyright © 2014, Juniper Networks, Inc. 417
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 16: Flow Collector Show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Generation Unique number for use by Juniper Networks technical support only. detail extensive
Type Type of interface. All levels
Link-level type Encapsulation type used on the physical interface. All levels
MTU Maximum Transmit Unit (MTU). Size of the largest packet to be transmitted. All levels
Clocking Reference clock source of the interface. All levels
Speed Network speed on the interface. All levels
Device flags Information about the physical device. Possible values are described in the All levels
“Device Flags” section under Common Output Fields Description.
Interface flags Information about the interface. Possible values are described in the “Interface All levels
Flags” section under Common Output Fields Description.
Link type Data transmission type. All levels
Link flags Information about the link. Possible values are described in the “Link Flags” All levels
section under Common Output Fields Description.
Physical info Information about the physical interface. All levels
Hold-times Current interface hold-time up and hold-time down. Value is in milliseconds. detail extensive none
Current address Configured MAC address. detail extensive none
Hardware address Media access control (MAC) address of the interface. detail extensive none
Alternate link Backup link address. detail extensive none
address
Last flapped Date, time, and how long ago the interface went from down to up. The format detail extensive
is Last flapped: year-month-day hour:minute:second timezone (hour:minute:second
ago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Statistics last Time when the statistics for the interface were last set to zero. detail extensive
cleared
Traffic statistics Number and rate of bytes and packets received and transmitted on the physical detail extensive
interface.
• Input bytes, Output bytes—Number of bytes received and transmitted on the
interface.
• Input packets, Output packets—Number of packets received and transmitted
on the interface.
418 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 16: Flow Collector Show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Input errors • Errors—Input errors on the interface. extensive
• Drops—Number of packets dropped by the output queue of the I/O Manager
ASIC.
• Framing errors—Number of packets received with an invalid frame checksum
(FCS).
• Runts—Frames received smaller than the runt threshold.
• Giants—Frames received larger than the giant threshold.
• Policed Discards—Frames that the incoming packet match code discarded
because the frames did not recognize them or were not of interest. Usually,
this field reports protocols that Junos does not support.
• Resource errors—Sum of transmit drops.
Output errors • Carrier transitions —Number of times the interface has gone from down to up. extensive
This number does not normally increment quickly, increasing only when the
cable is unplugged, the far-end system is powered down and then up, or
another problem occurs. If the number of carrier transitions increments quickly,
possibly once every 10 seconds, the cable, the remote system, or the interface
is malfunctioning.
• Errors—Sum of outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/O Manager
ASIC. If the interface is saturated, this number increments once for every
packet dropped by the ASIC RED mechanism.
• Resource errors—Sum of transmit drops.
Logical Interface
Logical interface Name of the logical interface All levels
Index Logical interface index number, which reflects its initialization sequence. detail extensive none
SNMP ifIndex Logical interface SNMP interface index number. detail extensive none
Generation Unique number for use by Juniper Networks technical support only. detail extensive
Flags Information about the logical interface; values are described in the “Logical All levels
Interface Flags” section under Common Output Fields Description.
Encapsulation Encapsulation on the logical interface. All levels
Traffic statistics Total number of bytes and packets received and transmitted on the logical detail extensive
interface. These statistics are the sum of the local and transit statistics. When
a burst of traffic is received, the value in the output packet rate field might briefly
exceed the peak cell rate. It takes awhile (generally, less than 1 second) for this
counter to stabilize.
• Input bytes, Output bytes—Number of bytes received and transmitted on the
interface.
• Input packets, Output packets—Number of packets received and transmitted
on the interface.
Copyright © 2014, Juniper Networks, Inc. 419
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 16: Flow Collector Show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Local statistics Statistics for traffic received from and transmitted to the Routing Engine. When detail extensive
a burst of traffic is received, the value in the output packet rate field might briefly
exceed the peak cell rate. It takes awhile (generally, less than 1 second) for this
counter to stabilize.
Transit statistics Statistics for traffic transiting the router. When a burst of traffic is received, the detail extensive
value in the output packet rate field might briefly exceed the peak cell rate. It
takes awhile (generally, less than 1 second) for this counter to stabilize.
Protocol Protocol family configured on the logical interface (such as iso or inet6). detail extensive none
MTU MTU size on the logical interface. detail extensive none
Generation Unique number for use by Juniper Networks technical support only. detail extensive
Route table Route table in which this address exists; for example, Route table:0 refers to detail extensive
inet.0.
Flags Information about the protocol family flags. Possible values are described in detail extensive none
the “Family Flags” section under Common Output Fields Description.
Addresses, Flags Information about the address flags. Possible values are described in the detail extensive none
“Addresses Flags” section under Common Output Fields Description.
Destination IP address of the remote side of the connection. detail extensive none
Local IP address of the logical interface. detail extensive none
Broadcast Broadcast address. detail extensive none
Generation Unique number for use by Juniper Networks technical support only. detail extensive
420 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Sample Output
show interfaces extensive (Flow Collector)
user@host> show interfaces extensive cp-5/0/0
Physical interface: cp-5/0/0, Enabled, Physical link is Up
Interface index: 145, SNMP ifIndex: 52, Generation: 29
Type: Flow-collector, Link-level type: Flow-collection, MTU: 9192,
Clocking: Unspecified, Speed: 800mbps
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps 16384
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: Unspecified, Hardware address: Unspecified
Alternate link address: Unspecified
Last flapped : 2005-05-24 16:48:11 PDT (00:12:04 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 2041661287 0 bps
Output bytes : 3795049544 43816664 bps
Input packets: 1365534 0 pps
Output packets: 3865644 3670 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,
Policed discards: 0, Resource errors: 0
Output errors:
Carrier transitions: 2, Errors: 0, Drops: 0, MTU errors: 0,
Resource errors: 0
Logical interface cp-5/0/0.0 (Index 74) (SNMP ifIndex 53) (Generation 28)
Flags: Point-To-Point SNMP-Traps Encapsulation: Flow-collection
Traffic statistics:
Input bytes : 1064651568
Output bytes : 37144290
Input packets: 711324
Output packets: 713672
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 1064651568 0 bps
Output bytes : 37144290 0 bps
Input packets: 711324 0 pps
Output packets: 713672 0 pps
Protocol inet, MTU: 9192, Generation: 39, Route table: 0
Flags: Receive-options, Receive-TTL-Exceeded
Addresses, Flags: Is-Preferred Is-Primary
Destination: 4.0.0.2, Local: 4.0.0.1, Broadcast: Unspecified,
Generation: 40
Logical interface cp-5/0/0.1 (Index 75) (SNMP ifIndex 54) (Generation 29)
Flags: Point-To-Point SNMP-Traps Encapsulation: Flow-collection
Traffic statistics:
Input bytes : 976793823
Output bytes : 34099481
Input packets: 652729
Output packets: 655127
Copyright © 2014, Juniper Networks, Inc. 421
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 976793823 0 bps
Output bytes : 34099481 0 bps
Input packets: 652729 0 pps
Output packets: 655127 0 pps
Protocol inet, MTU: 9192, Generation: 40, Route table: 0
Flags: Receive-options, Receive-TTL-Exceeded
Addresses, Flags: Is-Preferred Is-Primary
Destination: 4.1.1.2, Local: 4.1.1.1, Broadcast: Unspecified,
Generation: 42
Logical interface cp-5/0/0.2 (Index 80) (SNMP ifIndex 55) (Generation 30)
Flags: Point-To-Point SNMP-Traps Encapsulation: Flow-collection
Traffic statistics:
Input bytes : 0
Output bytes : 3723079376
Input packets: 0
Output packets: 2495372
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 0 0 bps
Output bytes : 3723079376 43816664 bps
Input packets: 0 0 pps
Output packets: 2495372 3670 pps
Protocol inet, MTU: 9192, Generation: 41, Route table: 0
Flags: Receive-options, Receive-TTL-Exceeded
Addresses, Flags: Is-Preferred Is-Primary
Destination: 4.2.2.2, Local: 4.2.2.1, Broadcast: Unspecified,
Generation: 44
Logical interface cp-5/0/0.16383 (Index 81) (SNMP ifIndex 56) (Generation 31)
...
422 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show interfaces (Flow Monitoring)
Syntax show interfaces mo-fpc/pic/port:channel
<brief | detail | extensive | terse>
<descriptions>
<media>
<snmp-index snmp-index>
<statistics>
Release Information Command introduced before Junos OS Release 7.4.
Description (M Series and T Series routers only) Display status information about the specified flow
monitoring interface.
Options mo-fpc/pic/port:channel—Display standard status information about the specified flow
monitoring interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP index
of the interface.
statistics—(Optional) Display static interface statistics.
Required Privilege view
Level
List of Sample Output show interfaces extensive (Flow Monitoring) on page 426
Output Fields Table 17 on page 423 lists the output fields for the show interfaces (Flow Monitoring)
command. Output fields are listed in the approximate order in which they appear.
Table 17: Flow Monitoring show interfaces Output Fields
Field Name Field Description Level of Output
Physical Interface
Physical interface Name of the physical interface. All levels
Link Status of the link: up or down. All levels
Enabled State of the interface. Possible values are described in the “Enabled Field” All levels
section under Common Output Fields Description.
Interface index Physical interface index number, which reflects its initialization sequence. detail extensive none
SNMP ifIndex SNMP index number for the physical interface. detail extensive none
Copyright © 2014, Juniper Networks, Inc. 423
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 17: Flow Monitoring show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Generation Unique number for use by Juniper Networks technical support only. detail extensive
Description Description and name of the interface. All levels
Type Type of interface. All levels
Link-level type Encapsulation type used on the physical interface. All levels
MTU Maximum Transmit Unit (MTU). Size of the largest packet to be transmitted. All levels
Clocking Reference clock source of the interface. All levels
Speed Network speed on the interface. All levels
Device flags Information about the physical device. Possible values are described in the All levels
“Device Flags” section under Common Output Fields Description.
Interface flags Information about the interface. Possible values are described in the “Interface All levels
Flags” section under Common Output Fields Description.
Link type Data transmission type. All levels
Link flags Information about the link. Possible values are described in the “Link Flags” All levels
section under Common Output Fields Description.
Physical info Information about the physical interface. All levels
Hold-times Current interface hold-time up and hold-time down. Value is in milliseconds. detail extensive
Current address Configured MAC address. detail extensive none
Hardware address Media access control (MAC) address of the interface. detail extensive none
Alternate link Backup link address. detail extensive none
address
Last flapped Date, time, and how long ago the interface went from down to up. The format detail extensive
is Last flapped: year-month-day hour:minute:second timezone (hour:minute:second
ago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago)
Statistics last Time when the statistics for the interface were last set to zero. detail extensive
cleared
424 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 17: Flow Monitoring show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Traffic statistics Number and rate of bytes and packets received and transmitted on the physical detail extensive
interface.
• Input bytes, Output bytes—Number of bytes received and transmitted on the
interface.
• Input packets, Output packets—Number of packets received and transmitted
on the interface.
Input errors • Errors—Input errors on the interface. extensive
• Drops—Number of packets dropped by the output queue of the I/O Manager
ASIC.
• Framing errors—Number of packets received with an invalid frame checksum
(FCS).
• Runts—Frames received smaller than the runt threshold.
• Giants—Frames received larger than the giant threshold.
• Policed Discards—Frames that the incoming packet match code discarded
because the frames did not recognize them or were not of interest. Usually,
this field reports protocols that Junos does not support.
• Resource errors—Sum of transmit drops.
Output errors • Carrier transitions—Number of times the interface has gone from down to up. extensive
This number does not normally increment quickly, increasing only when the
cable is unplugged, the far-end system is powered down and then up, or
another problem occurs. If the number of carrier transitions increments quickly,
possibly once every 10 seconds, the cable, the remote system, or the interface
is malfunctioning.
• Errors—Sum of outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/O Manager
ASIC. If the interface is saturated, this number increments once for every
packet dropped by the ASIC Red mechanism.
• Resource errors—Sum of transmit drops.
Logical Interface
Logical interface Name of the logical interface. All levels
Index Logical interface index number, which reflects its initialization sequence. detail extensive none
SNMP ifIndex Logical interface SNMP interface index number. detail extensive none
Generation Unique number for use by Juniper Networks technical support only. detail extensive
Flags Information about the logical interface; values are described in the “Logical All levels
Interface Flags” section under Common Output Fields Description.
Encapsulation Encapsulation on the logical interface. All levels
Copyright © 2014, Juniper Networks, Inc. 425
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 17: Flow Monitoring show interfaces Output Fields (continued)
Field Name Field Description Level of Output
Traffic statistics Total number of bytes and packets received and transmitted on the logical detail extensive
interface. These statistics are the sum of the local and transit statistics. When
a burst of traffic is received, the value in the output packet rate field might briefly
exceed the peak cell rate. It takes awhile (generally, less than 1 second) for this
counter to stabilize.
• Input bytes, Output bytes—Number of bytes received and transmitted on the
interface.
• Input packets, Output packets—Number of packets received and transmitted
on the interface.
Local statistics Statistics for traffic received from and transmitted to the Routing Engine. When detail extensive
a burst of traffic is received, the value in the output packet rate field might briefly
exceed the peak cell rate. It takes awhile (generally, less than 1 second) for this
counter to stabilize.
Transit statistics Statistics for traffic transiting the router. When a burst of traffic is received, the detail extensive
value in the output packet rate field might briefly exceed the peak cell rate. It
takes awhile (generally, less than 1 second) for this counter to stabilize.
Protocol Protocol family configured on the logical interface (such as iso or inet6). detail extensive none
MTU MTU size on the logical interface. detail extensive none
Generation Unique number for use by Juniper Networks technical support only. detail extensive
Route table Route table in which this address exists; for example, Route table:0 refers to detail extensive
inet.0.
Flags Information about the protocol family flags. Possible values are described in detail extensive none
the “Family Flags” section under Common Output Fields Description.
Sample Output
show interfaces extensive (Flow Monitoring)
user@host> show interfaces mo-4/0/0 extensive
Physical interface: mo-4/0/0, Enabled, Physical link is Up
Interface index: 144, SNMP ifIndex: 42, Generation: 28
Description: monitor pic 2
Type: Adaptive-Services, Link-level type: Adaptive-Services, MTU: Unlimited,
Clocking: Unspecified, Speed: 800mbps
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps 16384
Link type : Full-Duplex
Link flags : None
Physical info : Unspecified
Hold-times : Up 0 ms, Down 0 ms
Current address: Unspecified, Hardware address: Unspecified
Alternate link address: Unspecified
Last flapped : 2005-05-24 16:43:12 PDT (00:17:46 ago)
Statistics last cleared: Never
426 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Traffic statistics:
Input bytes : 756824218 8328536 bps
Output bytes : 872916185 8400160 bps
Input packets: 508452 697 pps
Output packets: 15577196 18750 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0,
Policed discards: 0, Resource errors: 0
Output errors:
Carrier transitions: 2, Errors: 0, Drops: 0, MTU errors: 0,
Resource errors: 0
Logical interface mo-4/0/0.0 (Index 83) (SNMP ifIndex 43) (Generation 26)
Flags: Point-To-Point SNMP-Traps Encapsulation: Adaptive-Services
Traffic statistics:
Input bytes : 756781796
Output bytes : 872255328
Input packets: 507233
Output packets: 15575988
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 756781796 8328536 bps
Output bytes : 872255328 8400160 bps
Input packets: 507233 697 pps
Output packets: 15575988 18750 pps
Protocol inet, MTU: Unlimited, Generation: 38, Route table: 0
Flags: None
Logical interface mo-4/0/0.16383 (Index 84) (SNMP ifIndex 58) (Generation 27)
...
Copyright © 2014, Juniper Networks, Inc. 427
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show passive-monitoring error
Syntax show passive-monitoring error (* | all | mo-fpc/pic/port)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display passive monitoring
error statistics.
Options * | all | mo-fpc/pic/port—Display error statistics for monitoring interfaces. Use a wildcard
character, specify all interfaces, or provide a specific interface name.
Required Privilege view
Level
List of Sample Output show passive-monitoring error all on page 429
Output Fields Table 18 on page 428 lists the output fields for the show passive-monitoring error command.
Output fields are listed in the approximate order in which they appear.
Table 18: show passive-monitoring error Output Fields
Field Name Field Description
Passive monitoring Name of the passive monitoring interface.
interface
Local interface index Index counter of the local interface.
Interface state State of the passive monitoring interface:
• Monitoring—Specified interface is actively monitoring.
• Disabled—Specified interface has been disabled from the CLI.
• Not monitoring—The interface is operational, but not monitoring. This condition occurs when an
interface first comes online, or when the interface is operational, but no logical unit has been
configured under the physical interface.
• Unknown—Unknown state.
• Error—An error occurred during the process of determining the state of the interface.
Error information
Packets dropped (no Number of packets dropped because of memory shortage.
memory)
Packets dropped (not Number of non-IP packets dropped.
IP)
Packets dropped (not Number of packets dropped because they failed the IPv4 version check.
IPv4)
Packets dropped Number of packets dropped because the packet length or IP header length was too small.
(header too small)
428 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 18: show passive-monitoring error Output Fields (continued)
Field Name Field Description
Memory allocation Number of flow record memory allocation failures. A small number reflects failures to replenish the
failures free list. A large number indicates the monitoring station is almost out of memory space.
Memory free failures Number of flow record memory free failures.
Memory free list failures Number of flow records received from free list that failed. Memory is nearly exhausted or too many
new flows greater than 128 KB are being created per second.
Memory warning Whether the flows have exceeded 1 million packets per second (Mpps) on a Monitoring Services PIC
or 2 Mpps on a Monitoring Services II PIC. The response can be Yes or No.
Memory overload Whether the memory has been overloaded. The response can be Yes or No.
PPS overload Whether the PIC is receiving more packets per second than the configured threshold. The response
can be Yes or No.
BPS overload Whether the PIC is receiving more bits per second than the configured threshold. The response can
be Yes or No.
Sample Output
show passive-monitoring error all
user@host> show passive-monitoring error all
Passive monitoring interface: mo-4/0/0, Local interface index: 44
Interface state: Monitoring
Error information
Packets dropped (no memory): 0, Packets dropped (not IP): 0
Packets dropped (not IPv4): 0, Packets dropped (header too small): 0
Memory allocation failures: 0, Memory free failures: 0
Memory free list failures: 0
Memory warning: No, Memory overload: No, PPS overload: No, BPS overload: No
Passive monitoring interface: mo-4/1/0, Local interface index: 45
Interface state: Not monitoring
Error information
Packets dropped (no memory): 0, Packets dropped (not IP): 0
Packets dropped (not IPv4): 0, Packets dropped (header too small): 0
Memory allocation failures: 0, Memory free failures: 0
Memory free list failures: 0
Memory warning: No, Memory overload: No, PPS overload: No, BPS overload: No
Copyright © 2014, Juniper Networks, Inc. 429
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show passive-monitoring flow
Syntax show passive-monitoring flow (* | all | mo-fpc/pic/port)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display passive flow statistics.
Options * | all | mo-fpc/pic/port—Display passive flow statistics for monitoring interfaces. Use a
wildcard character, specify all interfaces, or provide a specific interface name.
Required Privilege view
Level
List of Sample Output show passive-monitoring flow all on page 431
Output Fields Table 19 on page 430 lists the output fields for the show passive-monitoring flow command.
Output fields are listed in the approximate order in which they appear.
Table 19: show passive-monitoring flow Output Fields
Field Name Field Description
Passive monitoring Name of the passive monitoring interface.
interface
Local interface index Index counter of the local interface.
Interface state State of the passive monitoring interface:
• Monitoring—Specified interface is actively monitoring.
• Disabled—Specified interface has been disabled from the CLI.
• Not monitoring—The interface is operational, but not monitoring. This condition occurs when an
interface first comes online, or when the interface is operational, but no logical unit has been
configured under the physical interface.
• Unknown—Unknown state.
• Error—An error occurred during the process of determining the state of the interface.
Flow information
Flow packets Number of packets received by an operational PIC.
Flow bytes Number of bytes received by an operational PIC.
Flow packets 10-second Number of packets per second handled by the PIC and displayed as a 10-second average.
rate
Flow bytes 10-second Number of bytes per second handled by the PIC and displayed as a 10-second average.
rate
Active flows Number of currently active flows tracked by the PIC.
Total flows Total number of flows received by an operational PIC.
430 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 19: show passive-monitoring flow Output Fields (continued)
Field Name Field Description
Flows exported Total number of flows exported by an operational PIC.
Flows packets exported Total number of cflowd packets exported by an operational PIC.
Flows inactive timed out Total number of flows that are exported because of inactivity.
Flows active timed out Total number of long-lived flows that are exported because of an active timeout.
Sample Output
show passive-monitoring flow all
user@host> show passive-monitoring flow all
Passive monitoring interface: mo-4/0/0, Local interface index: 44
Interface state: Monitoring
Flow information
Flow packets: 6533434, Flow bytes: 653343400
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 1599
Flows exported: 1599, Flows packets exported: 55
Flows inactive timed out: 1599, Flows active timed out: 0
Passive monitoring interface: mo-4/1/0, Local interface index: 45
Interface state: Monitoring
Flow information
Flow packets: 6537780, Flow bytes: 653778000
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 1601
Flows exported: 1601, Flows packets exported: 55
Flows inactive timed out: 1601, Flows active timed out: 0
Copyright © 2014, Juniper Networks, Inc. 431
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show passive-monitoring memory
Syntax show passive-monitoring memory (* | all | mo-fpc/pic/port)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display passive monitoring
memory and flow record statistics
Options * | all | mo-fpc/pic/port—Display memory and flow record statistics for monitoring
interfaces. Use a wildcard character, specify all interfaces, or provide a specific
interface name.
Required Privilege view
Level
List of Sample Output show passive-monitoring memory all on page 432
Output Fields Table 20 on page 432 lists the output fields for the show passive-monitoring memory
command. Output fields are listed in the approximate order in which they appear.
Table 20: show passive-monitoring memory Output Fields
Field Name Field Description
Passive monitoring Name of the passive monitoring interface.
interface
Local interface index Index counter of the local interface.
Memory utilization
Allocation count Number of flow records allocated.
Free count Number of flow records freed.
Maximum allocated Maximum number of flow records allocated since the monitoring station booted. This number
represents the peak number of flow records allocated at a time.
Allocations per second Flow records allocated per second during the last statistics interval on the PIC.
Frees per second Flow records freed per second during the last statistics interval on the PIC.
Total memory used, Total memory currently used and total amount of memory currently free (in bytes).
Total memory free
Sample Output
show passive-monitoring memory all
user@host> show passive-monitoring memory all
432 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Passive monitoring interface: mo-4/0/0, Local interface index: 44
Memory utilization
Allocation count: 1600, Free count: 1599, Maximum allocated: 1600
Allocations per second: 3200, Frees per second: 1438
Total memory used (in bytes): 103579176, Total memory free (in bytes):
163914184
Copyright © 2014, Juniper Networks, Inc. 433
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show passive-monitoring status
Syntax show passive-monitoring status (*| all | mo-fpc/pic/port)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display passive monitoring
status.
Options * | all | mo-fpc/pic/port—Display status for monitoring interfaces. Use a wildcard character,
specify all interfaces, or provide a specific interface name.
Required Privilege view
Level
List of Sample Output show passive-monitoring status all on page 435
Output Fields Table 21 on page 434 lists the output fields for the show passive-monitoring status
command. Output fields are listed in the approximate order in which they appear.
Table 21: show passive-monitoring status Output Fields
Output Field Output Field Description
Passive monitoring Name of the passive monitoring interface.
interface
Local interface index Index counter of the local interface.
Interface state Monitoring state of the passive monitoring interface.
• Monitoring—PIC is actively monitoring.
• Disabled—PIC has been disabled using the CLI.
• Not monitoring—PIC is operational, but not monitoring. This condition can happen while the PIC is
coming online, or when the PIC is operational but has no logical unit configured under the physical
interface.
• Unknown
Group index Integer that represents the monitoring group of which the PIC is a member. Group index is a mapping
from the group name to an index. It is not related to the number of monitoring groups.
Export interval Configured export interval for cflowd records, in seconds.
Export format Configured export format (only cflowd version 5 is supported).
Protocol Protocol the PIC is configured to monitor (only IPv4 is supported).
Engine type Configured engine type that is inserted in output cflowd packets.
Engine ID Configured engine ID that is inserted in output cflowd packets.
434 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Sample Output
show passive-monitoring status all
user@host> show passive-monitoring status all
Passive monitoring interface: mo-4/0/0, Local interface index: 44
Interface state: Monitoring
Group index: 0
Export interval: 15 secs, Export format: cflowd v5
Protocol: IPv4, Engine type: 1, Engine ID: 1
Passive monitoring interface: mo-4/1/0, Local interface index: 45
Interface state: Disabled
Passive monitoring interface: mo-4/2/0, Local interface index: 46
Interface state: Not monitoring
Copyright © 2014, Juniper Networks, Inc. 435
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show passive-monitoring usage
Syntax show passive-monitoring usage (* | all | mo-fpc/pic/port)
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display passive monitoring
usage statistics.
Options * | all | mo-fpc/pic/port—Display usage statistics for monitoring interfaces. Use a wildcard
character, specify all interfaces, or provide a specific interface name.
Required Privilege view
Level
List of Sample Output show passive-monitoring usage all on page 436
Output Fields Table 22 on page 436 lists the output fields for the show passive-monitoring usage
command. Output fields are listed in the approximate order in which they appear.
Table 22: show passive-monitoring usage Output Fields
Output Field Output Field Description
Passive monitoring Name of the passive monitoring interface.
interface
Local interface index Index counter of the local interface.
CPU utilization
Uptime Time, in milliseconds, that the PIC has been operational.
Interrupt time Total time that the PIC has spent processing packets since the last PIC reset.
Load (5 second) CPU load on the PIC, averaged more than 5 seconds. The number is a percentage obtained by dividing
the time spent on active tasks by the total elapsed time.
Load (1 minute) CPU load on the PIC, averaged more than 1 minute. The number is a percentage obtained by dividing
the time spent on active tasks by the total elapsed time.
Sample Output
show passive-monitoring usage all
user@host> show passive-monitoring usage
Passive monitoring interface: mo-4/0/0, Local interface index: 44
CPU utilization
Uptime: 653155 milliseconds, Interrupt time: 40213754 microseconds
Load (5 second): 20%, Load (1 minute): 17%
Passive monitoring interface: mo-4/1/0, Local interface index: 45
CPU utilization
436 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Uptime: 652292 milliseconds, Interrupt time: 40223178 microseconds
Load (5 second): 22%, Load (1 minute): 15%
Passive monitoring interface: mo-4/2/0, Local interface index: 46
CPU utilization
Uptime: 649491 milliseconds, Interrupt time: 40173645 microseconds
Load (5 second): 22%, Load (1 minute): 10098862%
Copyright © 2014, Juniper Networks, Inc. 437
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services accounting aggregation
Syntax show services accounting aggregation aggregation-type <aggregation-value>
<detail | extensive | terse>
<limit limit-value>
< name service-name>
<order (bytes | packets)>
Release Information Command introduced before Junos OS Release 7.4.
Description Display information about the aggregated active flows being processed by the accounting
service.
Options aggregation-type <aggregation-value>—Display information for a particular aggregation
type and optional value:
• as <source-as-value | destination-as-value | input-snmp-interface-index-value |
output-snmp-interface-index-value>—Aggregate by autonomous system (AS).
• destination-prefix <destination-prefix-value | destination-as-value |
output-snmp-interface-index-value>—Aggregate by destination prefix.
• protocol-port <protocol-value | source-port-value |
destination-port-value>—Aggregate by protocol and port.
• source-destination-prefix <source-prefix-value | destination-prefix-value |
destination-as-value | source-as-value | input-snmp-interface-index-value |
output-snmp-interface-index-value>—Aggregate by source and destination prefix.
• source-prefix <source-prefix-value | source-as-value |
input-snmp-interface-index-value>—Aggregate by source prefix.
detail | extensive | terse—(Optional) Display the specified level of output.
limit limit-value—(Optional) Limit the display output to this number of flows. The default
is no limit.
name service-name—(Optional) Display information about the aggregated flows for a
particular service name.
order (bytes | packets)—(Optional) Display the flow with the ordering of the highest
number, either by byte count or by packet count.
Additional Information For information about aggregation configuration options, see the Junos OS Services
Interfaces Library for Routing Devices.
Required Privilege view
Level
List of Sample Output show services accounting aggregation protocol-port detail on page 440
show services accounting aggregation source-destination-prefix on page 440
438 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting aggregation source-destination- prefix order packet
detail on page 440
show services accounting aggregation source-destination- prefix extensive
limit on page 441
show services accounting aggregation source-destination-prefix name terse on page 441
Output Fields Table 23 on page 439 lists the output fields for the show services accounting aggregation
command. Output fields are listed in the approximate order in which they appear.
Table 23: show services accounting aggregation Output Fields
Field Name Field Description
Service Accounting Name of the service accounting interface.
interface
Local interface Index corresponding to the service accounting interface.
index
Service name Name of a service that was configured at the [edit forwarding-options
accounting] hierarchy level. The default display, (default sampling), indicates
the service was configured at the [edit forwarding-options sampling-level]
hierarchy level.
Protocol Protocol identifier and number.
Source Port Source port identifier and number.
Destination Port Destination port identifier and number.
Source-AS Source autonomous system (AS) number.
Destination-AS Destination AS number.
Source Prefix Source prefix.
Destination Prefix Destination prefix.
Source address Source address.
Source prefix length Source prefix length.
Destination address Destination address.
Destination prefix Destination prefix length.
length
Input SNMP SNMP index of the interface the packet came in on.
interface index
Output SNMP SNMP index of the interface the packet went out on.
interface index
Copyright © 2014, Juniper Networks, Inc. 439
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 23: show services accounting aggregation Output Fields (continued)
Field Name Field Description
Start time Actual time when the packet in this aggregation was first seen.
End time Actual time when the packet in this aggregation was last seen.
Flow count Number of flows in the aggregation.
Packet count Number of packets in the aggregation.
Byte count Number of bytes in the aggregation.
Sample Output
show services accounting aggregation protocol-port detail
user@host> show service accounting aggregation protocol-port detail
Service Accounting interface: mo-2/0/0, Local interface index: 468
Service name: (default sampling)
Protocol: 6, Source port: 20, Destination port: 20
Start time: 442349, End time: 6425714
Flow count: 194, Packet count: 4294964388, Byte count: 4294781184
Protocol: 0, Source port: 0, Destination port: 0
Start time: 442349, End time: 6425749
Flow count: 204, Packet count: 4294964324, Byte count: 4294777088
Protocol: 17, Source port: 123, Destination port: 123
Start time: 442364, End time: 6425784
Flow count: 186, Packet count: 4294964152, Byte count: 4294766080
show services accounting aggregation source-destination-prefix
user@host> show service accounting aggregation source-destination-prefix
Service Accounting interface: rsp0, Local interface index: 171
Service name: (default sampling)
Interface state: Accounting
Source Destination Input Output Flow Packet
Byte
prefix prefix interface interface count count
count
11.1.0.0/20 40.0.0.0/24 ge-5/0/1.0 ge-5/0/0.0 256 491761
31472704
11.1.0.0/20 40.0.1.36/32 ge-5/0/1.0 ge-5/0/0.0 1
1926 123264
11.1.0.0/20 40.0.1.59/32 ge-5/0/1.0 ge-5/0/0.0 1
1926 123264
11.1.0.0/20 40.0.3.63/32 ge-5/0/1.0 ge-5/0/0.0 1
1925 123200
11.1.0.0/20 40.0.3.32/32 ge-5/0/1.0 ge-5/0/0.0 1
1925
show services accounting aggregation source-destination- prefix order packet detail
user@host> show service accounting aggregation source-destination-prefix order packet detail
name t2 input-snmp-interface-index 538
440 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Service Accounting interface: mo-2/0/0, Local interface index: 468
Service name: t2
Source Destination Input SNMP Output SNMP Flow Packet Byte
Prefix Prefix Index Index Count Count Count
11.1.1.2/20 30.0.167.1/0 538 432 1 60 46483
11.1.1.2/20 30.0.168.1/0 538 432 1 60 5191
11.1.1.2/20 30.0.154.1/0 538 432 2 60 45504
11.1.1.2/20 30.0.76.1/0 538 432 1 60 42177
11.1.1.2/20 30.0.149.1/0 538 432 1 60 49184
11.1.1.2/20 30.0.113.1/0 538 432 2 60 48757
show services accounting aggregation source-destination- prefix extensive limit
user@host> show service accounting aggregation source-destination-prefix name t2 extensive
limit 3
Service Accounting interface: mo-2/0/0, Local interface index: 542
Service name: t2
Source address: 11.1.1.2, Source prefix length: 20
Destination address: 44.200.176.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 5340
Source address: 11.1.1.2, Source prefix length: 20
Destination address: 45.243.160.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 5490
Source address: 11.1.1.2, Source prefix length: 20
Destination address: 45.162.160.1, Destination prefix length: 0
Input SNMP interface index: 24, Output SNMP interface index: 26
Source-AS: 69, Destination-AS: 69
Start time: Fri Feb 21 14:16:57 2003, End time: Fri Feb 21 14:22:50 2003
Flow count: 0, Packet count: 6, Byte count: 4079
show services accounting aggregation source-destination-prefix name terse
user@host> show service accounting aggregation source-destination-prefix name T3 terse
Service Accounting interface: rsp0, Local interface index: 171
Service name: T3
Interface state: Accounting
Source Destination Input Output Flow Packet
Byte
prefix prefix interface interface count count
count
11.1.0.0/20 50.0.0.0/24 ge-5/0/1.0 ge-5/0/0.0 256 639822
40948608
11.1.0.0/20 50.0.2.67/32 ge-5/0/1.0 ge-5/0/0.0 1
2485 159040
11.1.0.0/20 50.0.2.92/32 ge-5/0/1.0 ge-5/0/0.0 1
2485
Copyright © 2014, Juniper Networks, Inc. 441
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services accounting aggregation template
Syntax show services accounting aggregation template
<template-name template-name>
Release Information Command introduced in Junos OS Release 8.3.
Description Display information for flow aggregation version 9 templates.
Options <template-name template-name>—(Optional) Display information for the specified
template only.
Required Privilege view
Level
List of Sample Output show services accounting aggregation template on page 442
Output Fields Table 24 on page 442 lists the output fields for the show services accounting aggregation
template command. Output fields are listed in the approximate order in which they
appear.
Table 24: show services accounting aggregation template Output Fields
Field Name Field Description
MPLS Label 1 Position of first MPLS label.
MPLS Label 2 Position of second MPLS label.
MPLS Label 3 Position of third MPLS label.
MPLS Top Level Outer top label FEC IP address.
Address
Packet Count Number of packets sent.
Sample Output
show services accounting aggregation template
user@host> show services accounting aggregation template template-name mpls
MPLS label 1: 299808, MPLS label 2: 0, MPLS label 3: 0
Source address: 11.1.1.2, Destination address: 10.255.15.22, Top Label Address:
22.15.255.10
Source port: 0, Destination port: 0
Protocol: 61, TOS: 0, TCP flags: 0
Source mask: 24, Destination mask: 32
Input SNMP interface index: 503, Output SNMP interface index: 505
Start time: 40780, End time: 157330
Packet count: 3949198, Byte count: 181663062
442 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting errors
Syntax show services accounting errors
<inline-jflow | name (* | all | service-name)>
Release Information Command introduced before Junos OS Release 7.4.
Description Display active flow error statistics.
Options none—Display error statistics for all services accounting instances.
inline-jflow fpc-slot slot-number—(Optional) Display error statistics for inline jflow.
name (* | all | service-name)—(Optional) Display active flow error statistics. Use a wildcard
character, specify all services, or provide a specific service name.
Required Privilege view
Level
Related • show services accounting flow on page 447
Documentation
List of Sample Output show services accounting errors (Monitoring PIC interface) on page 444
show services accounting errors (Service PIC interface) on page 445
show services accounting errors inline-jflow fpc-slot slot-number (when only IPv6 is
configured) on page 445
show services accounting errors inline-jflow fpc-slot slot-number (when both IPv4
and IPv6 are configured) on page 445
show services accounting errors inline-jflow (MX80 Router when both IPv4 and IPv6
are configured) on page 445
Output Fields Table 25 on page 443 lists the output fields for the show services accounting errors
command. Output fields are listed in the approximate order in which they appear.
Table 25: show services accounting errors Output Fields
Field Field Description
Service Accounting Name of the service accounting interface.
interface
Local interface index Index counter of the local interface.
FPC slot Slot number of the FPC for which the flow information is displayed. (Available only when the inline-jflow
fpc-slot slot-number option is used.)
Service name Name of a service that was configured at the [edit forwarding-options accounting] hierarchy level.
The default display, (default sampling), indicates the service was configured at the
[edit forwarding-options sampling-level] hierarchy level.
Error Information
Copyright © 2014, Juniper Networks, Inc. 443
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 25: show services accounting errors Output Fields (continued)
Field Field Description
Packets dropped (no Number of packets dropped because of memory shortage.
memory)
Packets dropped (not Number of non-IP packets dropped.
IP)
Packets dropped (not Number of packets dropped because they failed the IPv4 version check.
IPv4)
Packets dropped Number of packets dropped because the packet length or IP header length was too small.
(header too small)
Memory allocation Number of flow record memory allocation failures. A small number reflects failures to replenish the
failures free list. A large number indicates the monitoring station is almost out of memory space.
Memory free failures Number of flow record memory free failures.
Memory free list failures Number of flow records received from the free list that failed. Memory is nearly exhausted, or too
many new flows greater than 128 KB are being created per second.
Memory overload Whether the memory has been overloaded. The response can be Yes or No.
PPS overload Whether the PIC is receiving more packets per second than the configured threshold. The response
can be Yes or No.
BPS overload Whether the PIC is receiving more bits per second than the configured threshold. The response can
be Yes or No.
Flow Creation Failures Number of times flow creation failed.
Route Record Lookup Number of times the route record lookup failed.
Failures
AS Lookup Failures Number of times autonomous system lookup failed.
Export Packet Failures Number of times packet export failed.
Sample Output
show services accounting errors (Monitoring PIC interface)
user@host> show services accounting errors
Service Accounting interface: mo-1/1/0, Local interface index: 15
Service name: (default sampling)
Error information
Packets dropped (no memory): 0, Packets dropped (not IP): 0
Packets dropped (not IPv4): 0, Packets dropped (header too small): 0
Memory allocation failures: 0, Memory free failures: 0
Memory free list failures: 0
Memory overload: No, PPS overload: No, BPS overload: No
444 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Sample Output
show services accounting errors (Service PIC interface)
user@host> show services accounting errors
Service Accounting interface: sp-0/1/0
Service name: (default sampling)
Error information
Service sets dropped: 0, Active timeout failures: 0
Export packet failures: 0, Flow creation failures: 0
Memory overload: No
Service Accounting interface: sp-1/0/0
Service name: (default sampling)
Error information
Service sets dropped: 0, Active timeout failures: 0
Export packet failures: 0, Flow creation failures: 0
Memory overload: No
show services accounting errors inline-jflow fpc-slot slot-number (when only IPv6 is configured)
user@host> show services accounting errors inline-jflow fpc-slot 5
Error information
FPC Slot: 5
Flow Creation Failures: 0
Route Record Lookup Failures: 0, AS Lookup Failures: 0
Export Packet Failures: 0
Memory Overload: No, Memory Alloc Fail Count: 0
show services accounting errors inline-jflow fpc-slot slot-number (when both IPv4 and IPv6 are configured)
user@host> show services accounting errors inline-jflow fpc-slot 5
Error information
FPC Slot: 5
Flow Creation Failures: 0
Route Record Lookup Failures: 0, AS Lookup Failures: 0
Export Packet Failures: 0
Memory Overload: No, Memory Alloc Fail Count: 0
IPv4:
IPv4 Flow Creation Failures: 0
IPv4 Route Record Lookup Failures: 0, IPv4 AS Lookup Failures: 0
IPv4 Export Packet Failures: 0
IPv6:
IPv6 Flow Creation Failures: 0
IPv6 Route Record Lookup Failures: 0, IPv6 AS Lookup Failures: 0
IPv6 Export Packet Failures: 0
show services accounting errors inline-jflow (MX80 Router when both IPv4 and IPv6 are configured)
user@host> show services accounting errors inline-jflow
Error information
TFEB Slot: 0
Flow Creation Failures: 0
Route Record Lookup Failures: 0, AS Lookup Failures: 0
Export Packet Failures: 0
Memory Overload: No
IPv4:
IPv4 Flow Creation Failures: 0
Copyright © 2014, Juniper Networks, Inc. 445
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
IPv4 Route Record Lookup Failures: 0, IPv4 AS Lookup Failures: 0
IPv4 Export Packet Failures: 0
IPv6:
IPv6 Flow Creation Failures: 0
IPv6 Route Record Lookup Failures: 0, IPv6 AS Lookup Failures: 0
IPv6 Export Packet Failures: 0
446 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting flow
Syntax show services accounting flow
<inline-jflow | logical-system | name (* | all | service-name)>
Release Information Command introduced before Junos OS Release 7.4.
Junos OS Release 10.0 added the capability to display output from multiple sampling
instances.
Description Display active flow statistics.
Options none—Display active flow statistics for all service instances.
logical-system (all | logical-system)—(Optional) Display active flow statistics for the
specified logical system or all logical systems on the device.
inline-jflow (fpc-slot slot-number)—(Optional) Display inline flow statistics for the specified
FPC.
name (* | all | service-name)—(Optional) Display services accounting active flow statistics.
Use a wildcard character, specify all services, or provide a specific service name.
Required Privilege view
Level
Related • show services accounting status on page 461
Documentation
List of Sample Output show services accounting flow (flow aggregation v5/v8 configuration) on page 448
show services accounting flow (flow aggregation v9 configuration) on page 448
show services accounting flow name on page 449
show services accounting flow name all on page 449
show services accounting flow (multiple sampling instances) on page 450
show services accounting flow inline-jflow fpc-slot slot-number (for IPv4
flow) on page 450
show services accounting flow inline-jflow fpc-slot slot-number (with IPv4 and IPv6
Configuration) on page 450
show services accounting flow inline-jflow (MX80 Router with IPv4 and IPv6
Configuration) on page 450
Output Fields Table 26 on page 447 lists the output fields for the show services accounting flow command.
Output fields are listed in the approximate order in which they appear.
Table 26: show services accounting flow Output Fields
Output Field Output Field Description
Service Accounting Name of the service accounting interface.
interface
Local interface index Index counter of the local interface.
Copyright © 2014, Juniper Networks, Inc. 447
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 26: show services accounting flow Output Fields (continued)
Output Field Output Field Description
Service name Name of a service that was configured at the [edit forwarding-options accounting] hierarchy level. The
default display, (default sampling), indicates the service was configured at the [edit forwarding-options
sampling-level] hierarchy level.
Flow Information
FPC Slot Slot number of the FPC for which the flow information is displayed. (Available only when the inline-jflow
fpc-slot slot-number option is used.)
Flow packets Number of packets received by an operational PIC.
Flow bytes Number of bytes received by an operational PIC.
Flow packets 10-second Number of packets per second handled by the PIC and displayed as a 10-second average.
rate
Flow bytes 10-second Number of bytes per second handled by the PIC and displayed as a 10-second average.
rate
Active flows Number of currently active flows tracked by the PIC.
Total flows Total number of flows received by an operational PIC.
Flows exported Total number of flows exported by an operational PIC.
Flows packets exported Total number of cflowd packets exported by an operational PIC.
Flows inactive timed out Total number of flows that are exported because of inactivity.
Flows active timed out Total number of long-lived flows that are exported because of an active timeout.
Sample Output
show services accounting flow (flow aggregation v5/v8 configuration)
user@host> show services accounting flow
Service Accounting interface: rsp0, Local interface index: 171
Service name: (default sampling)
Interface state: Accounting
Flow information
Flow packets: 87168293, Flow bytes: 5578770752
Flow packets 10-second rate: 45762, Flow bytes 10-second rate: 2928962
Active flows: 1000, Total flows: 2000
Flows exported: 19960, Flows packets exported: 582
Flows inactive timed out: 1000, Flows active timed out: 29000
show services accounting flow (flow aggregation v9 configuration)
user@host> show services accounting flow
Flow information
Service Accounting interface: sp-7/1/0, Local interface index: 149
448 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Flow packets: 0, Flow bytes: 0
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 0
Flows exported: 0, Flows packets exported: 1
Flows inactive timed out: 0, Flows active timed out: 0
show services accounting flow name
user@host> show services accounting flow count2
Service Accounting interface: mo-1/1/0, Local interface index: 15
Service name: count2
Flow information
Flow packets: 0, Flow bytes: 0
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 0
Flows exported: 0, Flows packets exported: 0
Flows inactive timed out: 0, Flows active timed out: 0
show services accounting flow name all
user@host> show services accounting flow name all
Service Accounting interface: rsp0, Local interface index: 171
Service name: T2
Interface state: Accounting
Flow information
Flow packets: 37609891, Flow bytes: 2407033024
Flow packets 10-second rate: 45762, Flow bytes 10-second rate: 2928953
Active flows: 1000, Total flows: 1000
Flows exported: 6705, Flows packets exported: 198
Flows inactive timed out: 0, Flows active timed out: 13000
Service Accounting interface: rsp0, Local interface index: 171
Service name: T3
Interface state: Accounting
Flow information
Flow packets: 37750807, Flow bytes: 2416051712
Flow packets 10-second rate: 45762, Flow bytes 10-second rate: 2928940
Active flows: 1000, Total flows: 1000
Flows exported: 13437, Flows packets exported: 378
Flows inactive timed out: 0, Flows active timed out: 13000
Service Accounting interface: rsp0, Local interface index: 171
Service name: T4
Interface state: Accounting
Flow information
Flow packets: 0, Flow bytes: 0
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 0
Flows exported: 0, Flows packets exported: 0
Flows inactive timed out: 0, Flows active timed out: 0
Service Accounting interface: rsp0, Local interface index: 171
Service name: count1
Interface state: Accounting
Flow information
Flow packets: 0, Flow bytes: 0
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 0
Flows exported: 0, Flows packets exported: 0
Flows inactive timed out: 0, Flows active timed out: 0
Copyright © 2014, Juniper Networks, Inc. 449
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services accounting flow (multiple sampling instances)
user@host> show services accounting flow
Flow information
Service Accounting interface: sp-2/0/0, Local interface index: 215
Flow packets: 9867, Flow bytes: 631488
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 628
Active flows: 2, Total flows: 10
Flows exported: 4028, Flows packets exported: 6150
Flows inactive timed out: 8, Flows active timed out: 4026
Service Accounting interface: sp-2/1/0, Local interface index: 223
Flow packets: 0, Flow bytes: 0
Flow packets 10-second rate: 0, Flow bytes 10-second rate: 0
Active flows: 0, Total flows: 0
Flows exported: 0, Flows packets exported: 1
Flows inactive timed out: 0, Flows active timed out: 0
show services accounting flow inline-jflow fpc-slot slot-number (for IPv4 flow)
user@host> show services accounting flow inline-jflow fpc-slot 5
Flow information
FPC Slot: 5
Flow Packets: 0, Flow Bytes: 0
Active Flows: 0, Total Flows: 0
Flows Exported: 0, Flow Packets Exported: 0
Flows Inactive Timed Out: 0, Flows Active Timed Out: 0
show services accounting flow inline-jflow fpc-slot slot-number (with IPv4 and IPv6 Configuration)
user@host> show services accounting flow inline-jflow fpc-slot 5
Flow information
FPC Slot: 5
Flow Packets: 0, Flow Bytes: 0
Active Flows: 0, Total Flows: 0
Flows Exported: 0, Flow Packets Exported: 0
Flows Inactive Timed Out: 0, Flows Active Timed Out: 0
IPv4 Flows:
IPv4 Flow Packets: 0, IPv4 Flow Bytes: 0
IPv4 Active Flows: 0, IPv4 Total Flows: 0
IPv4 Flows Exported: 0, IPv4 Flow Packets exported: 0
IPv4 Flows Inactive Timed Out: 0, IPv4 Flows Active Timed Out: 0
IPv6 Flows:
IPv6 Flow Packets: 0, IPv6 Flow Bytes: 0
IPv6 Active Flows: 0, IPv6 Total Flows: 0
IPv6 Flows Exported: 0, IPv6 Flow Packets Exported: 0
IPv6 Flows Inactive Timed Out: 0, IPv6 Flows Active Timed Out: 0
show services accounting flow inline-jflow (MX80 Router with IPv4 and IPv6 Configuration)
user@host> show services accounting flow inline-jflow
Flow information
TFEB Slot: 0
Flow Packets: 0, Flow Bytes: 0
Active Flows: 0, Total Flows: 0
Flows Exported: 0, Flow Packets Exported: 0
Flows Inactive Timed Out: 0, Flows Active Timed Out: 0
IPv4 Flows:
450 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
IPv4 Flow Packets: 0, IPv4 Flow Bytes: 0
IPv4 Active Flows: 0, IPv4 Total Flows: 0
IPv4 Flows Exported: 0, IPv4 Flow Packets exported: 0
IPv4 Flows Inactive Timed Out: 0, IPv4 Flows Active Timed Out: 0
IPv6 Flows:
IPv6 Flow Packets: 0, IPv6 Flow Bytes: 0
IPv6 Active Flows: 0, IPv6 Total Flows: 0
IPv6 Flows Exported: 0, IPv6 Flow Packets Exported: 0
IPv6 Flows Inactive Timed Out: 0, IPv6 Flows Active Timed Out: 0
Copyright © 2014, Juniper Networks, Inc. 451
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services accounting flow-detail
Syntax show services accounting flow-detail
<detail | extensive | terse>
<filters>
<limit limit-value>
<name (* | all | service-name)>
<order (bytes | packets)>
Release Information Command introduced before Junos OS Release 7.4.
Description Display information about the flows being processed by the accounting service.
Options detail | extensive | terse—(Optional) Display the specified level of output.
filters—(Optional) Filter the display output of the currently active flow records. The
following filters query actively changing data structures and result in different results
for multiple invocations:
• destination-as—Display flow records filtered by destination autonomous system
information.
• destination-port—Display flow records filtered by destination port information.
• destination-prefix—Display flow records filtered by destination prefix information.
• input-snmp-interface-index—Display flow records filtered by SNMP input interface
index information.
• output-snmp-interface-index—Display flow records filtered by SNMP output
interface index information.
• proto—Display flow records filtered by protocol type.
• source-as—Display flow records filtered by source autonomous system information.
• source-port—Display flow records filtered by source port information.
• source-prefix—Display flow records filtered by source prefix information.
• tos—Display flow records filtered by type of service classification.
limit limit-value—(Optional) Limit the display output to the specified number of flows.
The default is no limit.
name (* | all | service-name)—(Optional) Display information about the flows being
processed. Use a wildcard character, specify all services, or provide a specific services
name.
order (bytes | packets)—(Optional) Display the flow with the ordering of the highest
number, either by byte count or by packet count.
Additional Information When no PIC is active, or when no route record has been downloaded from the PIC, this
command reports no flows, even though packets are being sampled. This command
452 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
displays information about two concurrent sessions only. If a third session is attempted,
the command pauses with no output until one of the previous sessions is completed.
Required Privilege view
Level
List of Sample Output show services accounting flow-detail on page 454
show services accounting flow-detail limit on page 455
show services accounting flow-detail name extensive on page 455
show services accounting flow-detail limit order bytes on page 455
show services accounting flow-detail source-port on page 456
Output Fields Table 27 on page 453 lists the output fields for the show services accounting flow-detail
command. Output fields are listed in the approximate order in which they appear.
Table 27: show services accounting flow-detail Output Fields
Field Name Field Description Output Level
Service Accounting Name of the service accounting interface. All levels
interface
Service name Name of a service that was configured at the [edit forwarding-options accounting] All levels
hierarchy level. The default display, (default sampling), indicates the service
was configured at the [edit forwarding-options sampling] hierarchy level.
Local interface Index counter of the local interface. All levels
index
TOS Type-of-service value from the IP header. extensive
Input SNMP SNMP index of the interface on which the packet came in. extensive
interface index
Output SNMP SNMP index of the interface on which the packet went out. extensive
interface index
Source-AS Source AS number. extensive
Destination-AS Destination AS number. extensive
Protocol Name of the protocol used for the packet flow from the corresponding source All levels
address.
Input interface Interface on which the packets were received. All levels
Output interface Interface on which the packets were transmitted. All levels
TCP flags Number of TCP header flags detected in the flow. extensive
Source address Address where the flow originated. All levels
Source port Name of the source port. All levels
Copyright © 2014, Juniper Networks, Inc. 453
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 27: show services accounting flow-detail Output Fields (continued)
Field Name Field Description Output Level
Source prefix length Source prefix length. extensive
Destination address Address where the flow is sent. All levels
Destination prefix Destination prefix length. extensive
length
Destination port Name of the destination port. All levels
Start time Actual time when the packet in this aggregation was first seen. detail extensive
End time Actual time when the packet in this aggregation was last seen. detail extensive
Packet count Number of packets in the aggregation. All levels
Byte count Number of bytes in the aggregation. All levels
Time since last Amount of time elapsed since the last active timeout, in the format hh:mm:ss. None specified
active timeout
Packet count for Number of packets in the aggregation since the last active timeout. None specified
last active timeout
Byte count for last Number of bytes in the aggregation since the last active timeout. None specified
active timeout
Sample Output
show services accounting flow-detail
In this sample, the output is split into three sections, with ellipses (...) indicating where
the sections are continued.
user@host> show services accounting flow-detail
Service Accounting interface: rsp0, Local interface index: 171
Service name: (default sampling)
Interface state: Accounting
Protocol Input Source Source Output
interface address port interface...
tcp(6) ge-5/0/1.0 11.1.1.2 0 ge-5/0/0.0
tcp(6) ge-5/0/1.0 11.1.1.2 0 ge-5/0/0.0
Destination Destination Packet Byte Time since last
address port count count active timeout...
40.0.3.149 0 2660 170240 00:00:58
40.0.3.138 0 2660 170240 00:00:58
Packet count for Byte count for
last active timeout last active timeout
2805 179520
2805 179520
454 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting flow-detail limit
In this sample, the output is split into three sections, with ellipses (...) indicating where
the sections are continued.
user@host> show services accounting flow-detail limit 1
Service Accounting interface: rsp0, Local interface index: 171
Service name: (default sampling)
Interface state: Accounting
Protocol Input Source Source Output
interface address port interface...
tcp(6) ge-5/0/1.0 11.1.1.2 0 ge-5/0/0.0
Destination Destination Packet Byte Time since last
address port count count active timeout...
40.0.3.149 0 2158 138112 00:00:47
Packet count for Byte count for
last active timeout last active timeout
2827 180928
show services accounting flow-detail name extensive
user@host> show services accounting flow-detail name cf-2 extensive
Service Accounting interface: mo-0/2/0, Local interface index: 145
Service name: cf-2
TOS: 0, Protocol: udp(17), TCP flags: 0
Source address: 10.10.10.1, Source prefix length: 0, Destination address:
20.20.20.20,
Destination prefix length: 0, Source port: 1173, Destination port: 69
Input SNMP interface index: 65, Output SNMP interface index: 0, Source-AS: 0,
Destination-AS: 0
Start time: 62425, End time: 635265, Packet count: 165845, Byte count: 9453165
show services accounting flow-detail limit order bytes
The output of the following command is displayed over 141 columns, not the standard
80 columns. In this sample, the output is split into three sections, with ellipses (...)
indicating where the sections are continued.
user@host> show services accounting flow-detail limit 5 order bytes
Service Accounting interface: mo-2/0/0, Local interface index: 356
Service name: (default sampling)
Input Source Source Output
Protocol interface address port interface...
icmp(1) ge-2/3/0.0 11.1.1.2 0 .local.
icmp(1) ge-2/3/0.0 11.1.1.2 0 .local.
icmp(1) ge-2/3/0.0 11.1.1.2 0 .local.
icmp(1) ge-2/3/0.0 11.1.1.2 0 .local.
icmp(1) ge-2/3/0.0 11.1.1.2 0 .local.
Destination Destination Packet Byte Time since last
address port count count active timeout...
51.88.128.2 0 16 12148 Not applicable
52.78.144.2 0 16 15229 Not applicable
51.147.192.2 0 16 13296 Not applicable
51.136.16.2 0 16 13924 Not applicable
50.214.48.2 0 16 13428 Not applicable
Packet count for Byte count for
Copyright © 2014, Juniper Networks, Inc. 455
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
last active timeout last active timeout
Not applicable Not applicable
Not applicable Not applicable
Not applicable Not applicable
Not applicable Not applicable
Not applicable Not applicable
show services accounting flow-detail source-port
user@host> show services accounting flow-detail name cf-2 detail source-port 1173
Service Accounting interface: mo-0/2/0, Local interface index: 145
Service name: cf-2
Protocol: udp(17), Source address: 10.10.10.1, Source port: 1173, Destination
address:
20.20.20.20, Destination port: 69
Start time: 62425, End time: 811115, Packet count: 142438, Byte count: 8118966
456 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting memory
Syntax show services accounting memory
Release Information Command introduced before Junos OS Release 7.4.
Description Display memory and flow record statistics.
Options This command has no options.
Required Privilege view
Level
List of Sample Output show services accounting memory (Monitoring PIC interface) on page 457
show services accounting memory (Service PIC interface) on page 458
Output Fields Table 28 on page 457 lists the output fields for the show services accounting memory
command. Output fields are listed in the approximate order in which they appear.
Table 28: show services accounting memory Output Fields
Output Field Output Field Description
Service Accounting Name of the service accounting interface.
interface
Memory Utilization
Local interface index Index counter of the local interface.
Allocation count Number of flow records allocated.
Free count Number of flow records freed.
Maximum allocated Maximum number of flow records allocated since the monitoring station booted. This number
represents the peak number of flow records allocated at a time.
Allocations per second Flow records allocated per second during the last statistics interval on the PIC.
Frees per second Flow records freed per second during the last statistics interval on the PIC.
Total memory used Total amount of memory currently used (in bytes).
Total memory free Total amount of memory currently free (in bytes).
Sample Output
show services accounting memory (Monitoring PIC interface)
user@host> show services accounting memory
Service Accounting interface: mo-2/0/0, Local interface index: 468
Memory utilization
Copyright © 2014, Juniper Networks, Inc. 457
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Allocation count: 437340, Free count: 433699, Maximum allocated: 6782
Allocations per second: 3366, Frees per second: 6412
Total memory used (in bytes): 133460320,
Total memory free (in bytes): 133918352
Sample Output
show services accounting memory (Service PIC interface)
user@host> show services accounting memory
Service Accounting interface: sp-0/1/0
Memory utilization
Allocation count: 1000, Free count: 0
Allocations per second: 0, Frees per second: 0
Total memory used (in bytes): 218158272
Total memory free (in bytes): 587147696
Service Accounting interface: sp-1/0/0
Memory utilization
Allocation count: 1000, Free count: 0
Allocations per second: 0, Frees per second: 0
Total memory used (in bytes): 218157592
Total memory free (in bytes): 587148376
458 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting packet-size-distribution
Syntax show services accounting packet-size-distribution
<name (* | all | service-name)>
Release Information Command introduced before Junos OS Release 7.4.
Description Display a packet size distribution histogram.
Options none—Display a packet size distribution histogram of all accounting services.
name (* | all | service-name)—(Optional) Display a packet size distribution histogram.
Use a wildcard character, specify all services, or provide a specific services name.
Required Privilege view
Level
List of Sample Output show services accounting packet-size-distribution name on page 459
Output Fields Table 29 on page 459 lists the output fields for the show services accounting
packet-size-distribution command. Output fields are listed in the approximate order in
which they appear.
Table 29: show services accounting packet-size-distribution Output Fields
Field Name Field Description
Service Accounting Name of the service accounting interface.
interface
Service name Name of a service that was configured at the [edit-forwarding-options accounting] hierarchy level.
The default display, (default sampling), indicates the service was configured at the
[edit-forwarding-options sampling-level] hierarchy level.
Local interface index Index counter of the local interface.
Range start Smallest packet length (in bytes) to count.
Range end Largest packet length (in bytes) to count.
Number of packets Count of packets detected in the size between Range start and Range end.
Percentage packets Percentage of the total number of packets that are in this size range.
Sample Output
show services accounting packet-size-distribution name
user@host> show services accounting packet-size-distribution name test3
Service Accounting interface: mo-0/2/0, Local interface index: 163
Service name: test3
Copyright © 2014, Juniper Networks, Inc. 459
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Range start Range end Number of packets Percentage packets
32 64 2924 100
460 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services accounting status
Syntax show services accounting status
<inline-jflow fpc-slot slot-number | name (* | all | service-name)>
Release Information Command introduced before Junos OS Release 7.4.
Description Display available Physical Interface Cards (PICs) for accounting services.
Options none—Display available PICs for all accounting services.
inline-jflow fpc-slot slot-number—(Optional) Display inline flow accounting status for the
specified FPC. For a two-member MX Series Virtual Chassis, the master router uses
FPC slot numbers 0 through 11 with no offset; the backup router uses FPC slot
numbers 12 through 23, with an offset of 12.
name (* | all | service-name)—(Optional) Display available PICs. Use a wildcard character,
specify all services, or provide a specific services name.
Required Privilege view
Level
Related • show services accounting flow on page 447
Documentation
• Inline Flow Monitoring for Virtual Chassis Overview
List of Sample Output show services accounting status name (Monitoring PIC interface) on page 462
show services accounting status name (Service PIC interface) on page 462
show services accounting status inline-jflow fpc-slot slot-number (when both IPv4
and IPv6 are configured) on page 463
show services accounting status inline-jflow (MX80 Router when both IPv4 and IPv6
are configured) on page 463
Output Fields Table 30 on page 461 lists the output fields for the show services accounting status
command. Output fields are listed in the approximate order in which they appear.
Table 30: show services accounting status Output Fields
Field Field Description
Service Accounting Name of the service accounting interface.
interface
Service name Name of a service that was configured at the [edit-forwarding-options accounting] hierarchy level.
The default display,(default sampling), indicates the service was configured at the
[edit-forwarding-options sampling-level] hierarchy level.
FPC Slot Slot number of the FPC for which the flow information is displayed.
Local interface index Index counter of the local interface.
Copyright © 2014, Juniper Networks, Inc. 461
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 30: show services accounting status Output Fields (continued)
Field Field Description
Interface state Accounting state of the passive monitoring interface.
• Accounting—PIC is actively accounting.
• Disabled—PIC has been disabled from the CLI.
• Not accounting—PIC is up but not accounting. This can happen while the PIC is coming online, or
when the PIC is up but has no logical unit configured under the physical interface.
• Unknown
Group index Integer that represents the monitoring group of which the PIC is a member. Group index is a mapping
from the group name to an index. It is not related to the number of monitoring groups.
Export interval (in Configured export interval for cflowd records, in seconds.
seconds)
Export format Configured export format.
Protocol Protocol the PIC is configured to monitor.
Engine type Configured engine type that is inserted in output cflowd packets.
Engine ID Configured engine ID that is inserted in output cflowd packets.
Route Record Count Number of routes recorded.
AS Record Count Number of autonomous systems recorded.
Route Records Set Status of route recording; whether routes are recorded or not.
Configuration Set Status of monitoring configuration; whether monitoring configuration is set or not.
Sample Output
show services accounting status name (Monitoring PIC interface)
user@host> show services accounting status name count1
Service Accounting interface: mo-2/0/0, Local interface index: 468
Service name: count1
Interface state: Accounting
Group index: 0
Export interval (in seconds): 60, Export format: cflowd v8
Protocol: IPv4, Engine type: 55, Engine ID: 5
Sample Output
show services accounting status name (Service PIC interface)
user@host> show services accounting status name
Service Accounting interface: sp-0/1/0
Interface state: Accounting
Export format: 9, Route record count: 0
462 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
IFL to SNMP index count: 7, AS count: 0
Configuration set: Yes, Route record set: No, IFL SNMP map set: Yes
Service Accounting interface: sp-1/0/0
Interface state: Accounting
Export format: 9, Route record count: 33
IFL to SNMP index count: 7, AS count: 1
Configuration set: Yes, Route record set: Yes, IFL SNMP map set: Yes
show services accounting status inline-jflow fpc-slot slot-number (when both IPv4 and IPv6 are configured)
user@host> show services accounting status inline-jflow fpc-slot 5
FPC Slot: 5
IPV4 export format: Version-IPFIX, IPV6 export format: Version-IPFIX
VPLS export format: Not set
IPv4 Route Record Count: 5, IPv6 Route Record Count: 7
Route Record Count: 12, AS Record Count: 1
Route-Records Set: Yes, Config Set: Yes
show services accounting status inline-jflow (MX80 Router when both IPv4 and IPv6 are configured)
user@host> show services accounting status inline-jflow
Status information
TFEB Slot: 0
Export format: IP-FIX
IPv4 Route Record Count: 6, IPv6 Route Record Count: 8
Route Record Count: 14, AS Record Count: 1
Route-Records Set: Yes, Config Set: Yes
Copyright © 2014, Juniper Networks, Inc. 463
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services accounting usage
Syntax show services accounting usage
<name service-name>
Release Information Command introduced before Junos OS Release 7.4.
Description Display the CPU usage of PIC used for active flow monitoring.
Options none—Display CPU usage for all service names.
name service-name—(Optional) Display CPU usage for the specified service name.
Additional Information When no route record has been downloaded from the PIC, this command reports no
flows, even though packets are being sampled.
Required Privilege view
Level
List of Sample Output show services accounting usage (Monitoring PIC interface) on page 465
show services accounting usage (Service PIC interface) on page 465
Output Fields Table 31 on page 464 lists the output fields for the show services accounting usage
command. Output fields are listed in the approximate order in which they appear.
Table 31: show services accounting usage Output Fields
Output Field Output Field Description
Service Accounting Name of the service accounting interface.
interface
Service name Name of a service that was configured at the [edit-forwarding-options accounting] hierarchy level.
The default display, (default sampling), indicates the service was configured at the
[edit-forwarding-options sampling-level] hierarchy level.
Local interface index Index counter of the local interface.
Uptime Time that the PIC has been operational (in milliseconds).
Interrupt time Total time that the PIC has spent processing packets since the last PIC reset (in microseconds).
Load (5 second) CPU load on the PIC, averaged more than 5 seconds. The number is a percentage obtained by dividing
the time spent on active tasks by the total elapsed time.
Load (1 minute) CPU load on the PIC, averaged more than 1 minute. The number is a percentage obtained by dividing
the time spent on active tasks by the total elapsed time.
464 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Sample Output
show services accounting usage (Monitoring PIC interface)
user@host> show services accounting usage
Service Accounting interface: mo-1/1/0, Local interface index: 15
Service name: (default sampling)
CPU utilization
Uptime: 600413856 milliseconds, Interrupt time: 2403 microseconds
Load (5 second): 43%, Load (1 minute): 24%
Sample Output
show services accounting usage (Service PIC interface)
user@host> show services accounting usage
Service Accounting interface: sp-0/1/0
Service name: (default sampling)
CPU utilization
Uptime: 7853940 milliseconds, Interrupt time: 0 microseconds
Load (5 second): 2%, Load (1 minute): 0%
Service Accounting interface: sp-0/1/0
Service name: (default sampling)
CPU utilization
Uptime: 331160 milliseconds, Interrupt time: 0 microseconds
Load (5 second): 2%, Load (1 minute): 0%
Copyright © 2014, Juniper Networks, Inc. 465
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services dynamic-flow-capture content-destination
Syntax show services dynamic-flow-capture content-destination capture-group group-name
destination-identifier identifier
<terse>
Release Information Command introduced in Junos OS Release 7.4.
Description (M320 routers and T Series routers only) Display information about the content
destination that receives packets from the dynamic flow capture (DFC) interface.
Options capture-group group-name—Capture-group identifier.
destination-identifier identifier—Content destination identifier.
terse—(Optional) Display summary information.
Required Privilege view
Level
List of Sample Output show services dynamic-flow-capture content-destination on page 467
Output Fields Table 32 on page 466 lists the output fields for the show services dynamic-flow-capture
content-destination command. Output fields are listed in the approximate order in which
they appear.
Table 32: show services dynamic-flow-capture content-destination Output Fields
Output Field Output Field Description Level of Output
Capture group Name of the capture group. to be provided
Content destination Name of the content destination. to be provided
Criteria Number of criteria specified. to be provided
Bandwidth Bandwidth used by the matched traffic. to be provided
Matched packets Number of matched packets sent to the content destination. to be provided
Matched bytes Number of matched bytes sent to the content destination. to be provided
Congestion Number of notification messages sent. to be provided
notifications
466 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Sample Output
show services dynamic-flow-capture content-destination
user@host> show services dynamic-flow-capture content-destination capture-group g1
destination-identifier cd1 terse
Capture group: g1, Content destination: cd1, Criteria: 0, Bandwidth: 0, Matched
packets: 0, Matched bytes: 0, Congestion notifications: 0
Copyright © 2014, Juniper Networks, Inc. 467
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services dynamic-flow-capture control-source
Syntax show services dynamic-flow-capture control-source capture-group group-name
control-source identifier
<detail | terse>
Release Information Command introduced in Junos OS Release 7.4.
Description (M320 routers and T Series routers only) Display information about the control source
that makes dynamic flow capture requests to the dynamic flow capture interface.
Options capture-group group-name—Capture group identifier.
control-source identifier—Control source identifier.
detail | terse—(Optional) Display the specified level of output.
Required Privilege view
Level
List of Sample Output show services dynamic-flow-capture control-source on page 469
show services dynamic-flow-capture control-source detail on page 469
Output Fields Table 33 on page 468 lists the output fields for the show services dynamic-flow-capture
control-source scommand. Output fields are listed in the approximate order in which they
appear.
Table 33: show services dynamic-flow-capture control-source Output
Fields
Output Field Output Field Description
Capture group Name of the capture group.
Control source Name of the control source.
Criteria added, Criteria add Number of criteria added or added and failed.
failed
Active criteria Number of active criteria.
Static criteria, Dynamic criteria Number of static or dynamic criteria.
Control protocol requests Total number of control protocol requests.
Requests Number of Add, Delete, List, Refresh, and No-op control protocol
requests.
Failed Number of Add, Delete, List, Refresh, and No-op failed control
protocol requests.
Add request rate Rate of add requests.
468 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 33: show services dynamic-flow-capture control-source Output
Fields (continued)
Output Field Output Field Description
Add request peak rate Peak rate of add requests.
Bandwidth across all criteria Bandwidth used by all the requests.
Total notifications Total number of notifications sent and the number of notifications
by category: Restart, Rollover, Timeout, Congestion, Congestion
delete, and Dups (duplicates) dropped.
Criteria deleted Total number of criteria deleted and the number of deleted criteria
by category: Timeout idle, Timeout total, Packets, and Bytes.
Sequence number Sequence number.
Sample Output
show services dynamic-flow-capture control-source
user@host> show services dynamic-flow-capture control-source source-identifier cs0_cg0
capture-group cg_0
Capture group: cg_0, Control source: cs0_cg0
Criteria added: 28, Criteria add failed: 0, Active criteria: 0, Control protocol
requests: 28, Add request rate: 0,
Add request peak rate: 1, Bandwidth across all criteria: 0, Total notifications:
1, Criteria deleted: 28, Sequence number: 0
show services dynamic-flow-capture control-source detail
user@host> show services dynamic-flow-capture control-source source-identifier cs0_cg0
capture-group cg_0 detail
Capture group: cg_0, Control source: cs0_cg0
Criteria added: 28, Criteria add failed: 0
Active criteria: 0
Static criteria: 0, Dynamic criteria: 0
Control protocol requests: 28
Add Delete List Refresh No-op
Requests 28 0 0 0 0
Failed 0 0 0 0 0
Add request rate: 0
Add request peak rate: 1
Bandwidth across all criteria: 0
Total notifications: 1
Restart: 1, Rollover: 0, No-op: 0, Timeout: 0, Congestion: 0, Congestion
delete: 0, Dups dropped: 0
Criteria deleted: 28
Timeout idle: 0, Timeout total: 0, Packets: 0, Bytes: 0
Sequence number: 0
Copyright © 2014, Juniper Networks, Inc. 469
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services dynamic-flow-capture statistics
Syntax show services dynamic-flow-capture statistics capture-group group-name
Release Information Command introduced in Junos OS Release 7.4.
Description (M320 routers and T Series routers only) Display statistics information about the capture
group specified for dynamic flow capture.
Options capture-group group-name—Capture group identifier.
Required Privilege view
Level
List of Sample Output show services dynamic-flow-capture statistics on page 471
Output Fields Table 34 on page 470 lists the output fields for the show services dynamic-flow-capture
statistics command. Output fields are listed in the approximate order in which they
appear.
Table 34: show services dynamic-flow-capture statistics Output Fields
Output Field Output Field Description
Input Incoming dynamic flow capture packet statistics:
• Control protocol packets—Number of control protocol packets received.
• Captured data packets—Number of data packets captured.
• Control IRI packets—Number of control IRI packets received.
Control protocol drops Control protocol packets dropped for the following reasons:
• Not IP packets—Dropped packets were not IP packets.
• Not UDP packets—Dropped packets were not User Datagram Protocol (UDP) packets.
• Invalid destination address—Dropped packets had invalid destination addresses.
• No memory—Packets dropped because of insufficient memory.
• Unauthorized control source—Packets dropped because the control source was not authenticated.
• Bad request—Packets dropped because the request was invalid.
• Unknown control source—Packets dropped because the control source was not known.
• Not DTCP—Dropped packets did not adhere to the control protocol format.
• Bad command line—Packets dropped because of a version mismatch.
• Bandwidth exceeded—Packets dropped because the bandwidth was exceeded.
• Drop rate due to exceeded bandwidth—Rate of traffic dropped because the bandwidth was exceeded.
• Other—Packets dropped for other reasons or undetermined causes.
470 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 34: show services dynamic-flow-capture statistics Output Fields (continued)
Output Field Output Field Description
Input drops Incoming dynamic flow capture packets dropped for the following reasons:
• Unknown packets—Packets dropped because the packet type was not recognized.
• Captured data not IPv4—Packets dropped because they were not IPv4 packets.
• Captured data too small—Packets dropped because they were smaller than the size reported in
their headers.
• Captured data drops—Data packets dropped because of undetermined causes.
• Captured data not matched—Packets dropped because they did not match filter criteria.
• Bandwidth exceeded—Packets dropped because the bandwidth was exceeded.
• Drop rate due to exceeded bandwidth—Rate of traffic dropped because the bandwidth was exceeded.
Output Outgoing dynamic flow capture packet statistics:
• Control protocol packets—Number of control protocol packets sent.
• Captured data packets—Number of captured data packets sent.
Output drops Outgoing packets dropped:
• Control protocol drops—Number of control protocol packets dropped.
• Captured data drops—Number of captured data packets dropped.
Flow Statistics DFC flow statistics:
• Active flow cache entries
• Active flow cache usage percentage
• Flow cache entries allocated
• Number of control sources
• Number of content destinations
• Number of criteria
• Maximum criteria matching one flow
• Cached flows purged for memory
• Maximum filters matching one packet
Sample Output
show services dynamic-flow-capture statistics
user@host> show services dynamic-flow-capture statistics capture-group g1
Input:
Control protocol packets: 643, Captured data packets: 69977, Control IRI packets:
337
Control protocol drops:
Not IP packets: 0, Not UDP packets: 3, Invalid destination address: 0, No memory:
0, Unauthorized control source: 0,
Bad request: 0, Unknown control source: 0, Not DTCP: 0, Bad command line: 0,
Bandwidth exceeded: 0,
Copyright © 2014, Juniper Networks, Inc. 471
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Drop rate due to exceeded bandwidth: 0, Other: 0
Input drops:
Unknown packets: 0, Captured data not IPv4: 0, Captured data too small: 0,
Captured data drops: 0, Captured data not matched: 0,
Bandwidth exceeded: 0, Drop rate due to exceeded bandwidth: 0
Output:
Control protocol packets: 644, Captured data packets: 1119624
Output drops:
Control protocol drops: 0, Captured data drops: 0
Flow Statistics:
Active flow cache entries: 40, Active flow cache usage percentage: 0, Flow cache
entries allocated: 40,
Number of control sources: 4, Number of content destinations: 64, Number of
criteria: 640,
Maximum criteria matching one flow: 16, Cached flows purged for memory: 0,
Maximum filters matching one packet: 16
472 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services flow-collector file interface
Syntax show services flow-collector file interface (all | cp-fpc/pic/port)
<detail | extensive | terse>
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display information about
flow collector files.
Options all | cp-fpc/pic/port—Display file information for all configured flow collector interfaces
or for the specified interface.
detail | extensive | terse—(Optional) Display the specified level of output.
Additional Information No entries are displayed for files that have been successfully transferred.
Required Privilege view
Level
List of Sample Output show services flow-collector file interface extensive on page 474
Output Fields Table 35 on page 473 lists the output fields for the show services flow-collector file interface
command. Output fields are listed in the approximate order in which they appear.
Table 35: show services flow-collector file interface Output Fields
Output Field Output Field Description Level of Output
Filename Name of the file created on the flow collector interface. All levels
Flows Total number of collector flows for which records are present in the file. none specified
Throughput Throughput statistics: extensive
• Flow records—Number of flow records in the file.
• per second—Average number of flow records per second.
• peak per second—Peak number of flow records per second.
• Uncompressed bytes—Total file size before compression.
• per second—Average number of uncompressed bytes per second.
• peak per second—Peak number of uncompressed bytes per second.
• Compressed bytes—Total file size after compression.
• per second—Average number of compressed bytes per second.
• peak per second—Peak number of compressed bytes per second.
Copyright © 2014, Juniper Networks, Inc. 473
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 35: show services flow-collector file interface Output Fields (continued)
Output Field Output Field Description Level of Output
Status File statistics: All levels
• Compressed blocks—(extensive output only) Data blocks in the file that have
been compressed. The file is exported only when the compressed block count
and block count become the same.
• Block count—(extensive output only) Total number of data blocks in the file.
• State—Processing state of the file.
• Active—The flow collector interface is writing to the file.
• Export 1—File export is in progress to the primary server.
• Export 2—File export is in progress to the secondary server.
• Wait—File is pending export.
• Transfer attempts 0.—Number of attempts made to transfer the file. If the
file is successfully transferred in the first attempt, this field is 0.
Sample Output
show services flow-collector file interface extensive
user@host> show services flow-collector file interface cp-3/2/0 extensive
Filename: cFlowd-py69Ni69-0-20031112_014301-so_3_0_0_0.bcp.bi.gz
Throughput:
Flow records: 188365, per second: 238, peak per second: 287
Uncompressed bytes: 21267756, per second: 27007, peak per second: 32526
Compressed bytes: 2965643, per second: 0, peak per second: 22999
Status:
Compressed blocks: 156, Block count: 156
State: Active, Transfer attempts: 0
474 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services flow-collector input interface
Syntax show services flow-collector input interface (all | cp-fpc/pic/port)
<detail | extensive | terse>
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display the number of packets
received by collector interfaces from monitoring interfaces.
Options all | cp-fpc/pic/port—Display packets received by all configured flow collector interfaces
or by the specified interface.
detail | extensive | terse—(Optional) Display the specified level of output.
Required Privilege view
Level
List of Sample Output show services flow-collector input interface on page 475
show services flow-collector input interface all on page 475
Output Fields Table 36 on page 475 lists the output fields for the show services flow-collector input
interface command. Output fields are listed in the approximate order in which they appear.
Table 36: show services flow-collector input interface Output Fields
Output
Field Output Field Description
Interface Name of the monitoring interface.
Packets Number of packets traveling from the monitoring interface to the flow collector
interface.
Bytes Number of bytes traveling from the monitoring interface to the flow collector
interface.
Sample Output
show services flow-collector input interface
user@host> show services flow-collector input interface cp-3/2/0
Interface Packets Bytes
mo-3/0/0.0 21706 32328568
mo-3/1/0.0 21706 32329096
show services flow-collector input interface all
user@host> show services flow-collector input interface all
Flow collector interface: cp-6/1/0
Interface state: Collecting flows
Interface Packets Bytes
mo-3/0/0.0 274 416232
mo-3/3/0.0 274 416184
Copyright © 2014, Juniper Networks, Inc. 475
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
mo-1/0/0.0 274 416232
mo-1/1/0.0 274 416232
mo-1/2/0.0 274 416232
mo-1/3/0.0 274 416232
mo-3/1/0.0 274 416232
mo-4/0/0.0 274 416232
mo-4/1/0.0 274 416232
mo-4/2/0.0 274 416184
mo-4/3/0.0 274 416232
mo-5/0/0.0 274 416232
mo-5/1/0.0 274 416232
mo-5/2/0.0 274 416232
mo-5/3/0.0 274 416232
mo-6/0/0.0 274 416232
Flow collector interface: cp-6/3/0
Interface state: Collecting flows
476 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services flow-collector interface
Syntax show services flow-collector interface (all | cp-fpc/pic/port)
<detail | extensive | terse>
Release Information Command introduced before Junos OS Release 7.4.
Description (M40e, M160, and M320 routers and T Series routers only) Display overall statistics for
the flow collector application.
Options all | cp-fpc/pic/port—Display statistics for flow collector applications on all interfaces or
for the specified interface.
detail | extensive | terse—(Optional) Display the specified level of output.
Required Privilege view
Level
List of Sample Output show services flow-collector interface all detail on page 479
show services flow-collector interface all extensive on page 480
show services flow-collector interface all terse on page 482
show services flow-collector interface extensive on page 482
Output Fields Table 37 on page 477 lists the output fields for the show services flow-collector interface
command. Output fields are listed in the approximate order in which they appear.
Table 37: show services flow-collector interface Output Fields
Output Field Output Field Description Level of Output
Flow collector Name of the flow collector interface. All levels
interface
Interface state Collecting flow state for the interface. All levels
Packets Total number of packets received. none specified
Flows Total uncompressed data size for all files created on this PIC. none specified
Uncompressed
Bytes
Compressed Bytes Total compressed data size for all files created on this PIC. none specified
FTP bytes Total number of bytes transferred to the FTP server, including those dropped none specified
during transfer.
FTP files Total number of FTP transfers attempted by the server. none specified
Memory Bytes used on the PIC and bytes free. detail extensive
Copyright © 2014, Juniper Networks, Inc. 477
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 37: show services flow-collector interface Output Fields (continued)
Output Field Output Field Description Level of Output
Input Incoming flow collector packet statistics: detail extensive
• Packets—Number of packets received on the unit.
• per second—Average number of packets per second.
• peak per second—Peak number of packets per second.
• Bytes—Number of bytes received on the unit.
• per second—Average number of bytes per second.
• peak per second—Peak number of bytes per second.
• Flow records processed—Number of records in the flow collector packets that
were processed by the flow-collector interface.
• per second—Average number of flow records processed per second.
• peak per second—Peak number of flow records per second.
Allocation Data block statistics: extensive
• Blocks allocated—Total number of data blocks (containing flow records)
allocated to the files created on this PIC.
• per second—Average number of blocks allocated per second.
• peak per second—Peak number of blocks allocated per second.
• Blocks freed—Total number of data blocks freed.
• per second—Average number of blocks freed per second.
• peak per second—Peak number of blocks freed per second.
• Blocks unavailable—Total number of data block requests denied, typically
because of a memory shortage.
• per second—Average number of blocks unavailable per second.
• peak per second—Peak number of blocks unavailable per second.
Files File statistics, incremented since the PIC last booted: detail extensive
• Files created—Total number of files created on this PIC.
• Files exported— Number of files successfully created and exported.
• Files destroyed—(extensive output only) Number of files successfully exported
and files dropped by the flow collection interface.
Throughput Throughput statistics: detail extensive
• Uncompressed bytes—Total uncompressed data size for all files created on
this PIC.
• per second—Average number of uncompressed bytes per second.
• peak per second—Peak number of uncompressed bytes per second.
• Compressed bytes—Total compressed data size for all files created on this
PIC.
• per second—Average number of compressed bytes per second.
• peak per second—Peak number of compressed bytes per second.
478 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 37: show services flow-collector interface Output Fields (continued)
Output Field Output Field Description Level of Output
Packet drops Number of packets dropped for the following causes: extensive
• No memory—Packets dropped because of insufficient memory.
• Not IP—Packets dropped because they are not IP packets.
• Not IPv4—Packets dropped because they are not IP version 4 packets.
• Too small—Packets dropped because each packet was smaller than the size
reported in its header.
• Fragments—Packets dropped because of fragmentation. Fragments are not
reassembled.
• ICMP—Packets dropped because they are not ICMP packets.
• TCP—Packets dropped because they are not TCP packets.
• Unknown—Packets dropped because of undetermined causes.
• Not Junos flow—Packets dropped because they are not interpreted by Junos
OS. Junos OS interprets only IPv4, UDP cflowd version 5 packets.
File transfer File transfer statistics: detail extensive
• FTP bytes—Total number of bytes transferred to the FTP server, including
those dropped during transfer.
• FTP files—Total number of FTP transfers attempted by the server.
• FTP failure—Total number of FTP failures encountered by the server.
Flow collector Physical interface acting as a flow collector. detail
interface
Export channel Export channel 0 is unit 0. Export channel 1 is unit 1. Flow receive channel is detail extensive
unit 2. Server status statistics are the following:
• Current server Primary or Secondary—Current FTP server being used. Value is
• Primary server state—State of the server:
• OK—Server is operating without problems.
• FTP error—Server encountered an FTP protocol error while sending files.
• Network error—Flow-collector interface has errors when contacting the
primary FTP server.
• Unknown—First file transfer has not been sent to the primary server.
• Secondary server state—State of the server:
• OK—Server is operating without errors.
• FTP error—Server encountered an FTP protocol error while sending files.
• Network error—Flow-collector interface has errors when contacting the
secondary FTP server.
• Unknown—First file transfer has not been sent to the secondary server.
• Not configured—Secondary server is not configured.
Sample Output
show services flow-collector interface all detail
user@host> show services flow-collector interface all detail
Copyright © 2014, Juniper Networks, Inc. 479
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Flow collector interface: cp-6/1/0
Interface state: Collecting flows
Memory:
Used: 51452732, Free: 440329088
Input:
Packets: 4384, per second: 0, peak per second: 156
Bytes: 6659616, per second: 0, peak per second: 249695
Flow records processed: 131070, per second: 0, peak per second: 4914
Files:
Files created: 1, per second: 0, peak per second: 0
Files exported: 1, per second: 0, peak per second: 0
Throughput:
Uncompressed bytes: 13742307, per second: 0, peak per second: 593564
Compressed bytes: 3786177, per second: 0, peak per second: 162826
File Transfer:
FTP bytes: 3786247, per second: 0, peak per second: 378620
FTP files: 1, per second: 0, peak per second: 0
FTP failure: 0
Export channel: 0
Current server: Primary
Primary server state: OK, Secondary server state: OK
Export channel: 1
Current server: Primary
Primary server state: Unknown, Secondary server state: OK
Flow collector interface: cp-6/3/0
Interface state: Collecting flows
Memory:
Used: 51452732, Free: 440329088
Input:
Packets: 0, per second: 0, peak per second: 0
Bytes: 0, per second: 0, peak per second: 0
Flow records processed: 0, per second: 0, peak per second: 0
Files:
Files created: 0, per second: 0, peak per second: 0
Files exported: 0, per second: 0, peak per second: 0
Throughput:
Uncompressed bytes: 0, per second: 0, peak per second: 0
Compressed bytes: 0, per second: 0, peak per second: 0
File Transfer:
FTP bytes: 70, per second: 0, peak per second: 6
FTP files: 0, per second: 0, peak per second: 0
FTP failure: 0
Export channel: 0
Current server: Primary
Primary server state: Unknown, Secondary server state: OK
Export channel: 1
Current server: Primary
Primary server state: Unknown, Secondary server state: OK
show services flow-collector interface all extensive
user@host> show services flow-collector interface all extensive
Flow collector interface: cp-6/1/0
Interface state: Collecting flows
Memory:
Used: 51452732, Free: 440329088
Input:
Packets: 4384, per second: 0, peak per second: 156
Bytes: 6659616, per second: 0, peak per second: 249695
Flow records processed: 131070, per second: 0, peak per second: 4914
480 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Allocation:
Blocks allocated: 108, per second: 0, peak per second: 0
Blocks freed: 108, per second: 0, peak per second: 10
Blocks unavailable: 0, per second: 0, peak per second: 0
Files:
Files created: 1, per second: 0, peak per second: 0
Files exported: 1, per second: 0, peak per second: 0
Files destroyed: 1, per second: 0, peak per second: 0
Throughput:
Uncompressed bytes: 13742307, per second: 0, peak per second: 593564
Compressed bytes: 3786177, per second: 0, peak per second: 162826
Packet drops:
No memory: 0, Not IP: 0
Not IPv4: 0, Too small: 0
Fragments: 0, ICMP: 0
TCP: 0, Unknown: 0
Not JUNOS flow: 0
File Transfer:
FTP bytes: 3786247, per second: 0, peak per second: 378620
FTP files: 1, per second: 0, peak per second: 0
FTP failure: 0
Export channel: 0
Current server: Primary
Primary server state: OK, Secondary server state: OK
Export channel: 1
Current server: Primary
Primary server state: Unknown, Secondary server state: OK
Flow collector interface: cp-6/3/0
Interface state: Collecting flows
Memory:
Used: 51452732, Free: 440329088
Input:
Packets: 0, per second: 0, peak per second: 0
Bytes: 0, per second: 0, peak per second: 0
Flow records processed: 0, per second: 0, peak per second: 0
Allocation:
Blocks allocated: 0, per second: 0, peak per second: 0
Blocks freed: 0, per second: 0, peak per second: 0
Blocks unavailable: 0, per second: 0, peak per second: 0
Files:
Files created: 0, per second: 0, peak per second: 0
Files exported: 0, per second: 0, peak per second: 0
Files destroyed: 0, per second: 0, peak per second: 0
Throughput:
Uncompressed bytes: 0, per second: 0, peak per second: 0
Compressed bytes: 0, per second: 0, peak per second: 0
Packet drops:
No memory: 0, Not IP: 0
Not IPv4: 0, Too small: 0
Fragments: 0, ICMP: 0
TCP: 0, Unknown: 0
Not JUNOS flow: 0
File Transfer:
FTP bytes: 70, per second: 0, peak per second: 6
FTP files: 0, per second: 0, peak per second: 0
FTP failure: 0
Export channel: 0
Current server: Primary
Primary server state: Unknown, Secondary server state: OK
Export channel: 1
Copyright © 2014, Juniper Networks, Inc. 481
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Current server: Primary
Primary server state: Unknown, Secondary server state: OK
show services flow-collector interface all terse
user@host> show services flow-collector interface all terse
Flow collector interface: cp-6/1/0
Interface state: Collecting flows
Packets Bytes Flows Uncompressed Compressed FTP bytes FTP files
Bytes Bytes
4384 6659616 131070 13742307 3786177 3786247 1
Flow collector interface: cp-6/3/0
Interface state: Collecting flows
Packets Bytes Flows Uncompressed Compressed FTP bytes FTP files
Bytes Bytes
0 0 0 0 0 70 0
show services flow-collector interface extensive
user@host> show services flow-collector interface cp-5/2/0 extensive
Flow collector interface: cp-5/2/0
Interface state: Collecting flows
Memory:
Used: 458311860, Free: 40810008
Input:
Packets: 922629, per second: 2069, peak per second: 3266
Bytes: 1376559252, per second: 3096940, peak per second: 4880051
Flow records processed: 25764957, per second: 42564, peak per second: 98124
Allocation:
Blocks allocated: 20862, per second: 31, peak per second: 72
Blocks freed: 17161, per second: 40, peak per second: 202
Blocks unavailable: 58786, per second: 652, peak per second: 1120
Files:
Files created: 52, per second: 0, peak per second: 0
Files exported: 42, per second: 0, peak per second: 0
Files destroyed: 42, per second: 0, peak per second: 0
Throughput:
Uncompressed bytes: 2592070401, per second: 7297307,
peak per second: 8630023
Compressed bytes: 659600068, per second: 1858458, peak per second: 2198471
Packet drops:
No memory: 58786, Not IP: 0
Not IPv4: 0, Too small: 0
Fragments: 0, ICMP: 0
TCP: 0, Unknown: 0
Not JUNOS flow: 0
File Transfer:
FTP bytes: 585981447, per second: 1313320, peak per second: 4857798
FTP files: 48, per second: 0, peak per second: 0
FTP failure: 8
Export channel: 0
Current server: Primary
Primary server state: FTP error, Secondary server state: Not configured
Export channel: 1
Current server: Primary
Primary server state: OK, Secondary server state: Not configured
482 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services rpm active-servers
Syntax show services rpm active-servers
Release Information Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Display the protocols and corresponding ports for which a router or switch is configured
as a real-time performance monitoring (RPM) server.
Options This command has no options.
Required Privilege view
Level
List of Sample Output show services rpm active-servers on page 483
Output Fields Table 38 on page 483 lists the output fields for the show services rpm active-servers
command. Output fields are listed in the approximate order in which they appear.
Table 38: show services rpm active-servers Output Fields
Field Name Field Description
Protocol Protocol configured on the receiving probe server. The protocol can
be the User Datagram Protocol (UDP) or the Transmission Control
Protocol (TCP).
Port Port configured on the receiving probe server.
Destination interface name Output interface name for the probes.
Sample Output
show services rpm active-servers
user@host> show services rpm active-servers
Protocol: TCP, Port: 50000, Destination interface name: lt-0/0/0.0
Protocol: UDP, Port: 50001, Destination interface name: lt-0/0/0.0
Copyright © 2014, Juniper Networks, Inc. 483
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services rpm history-results
Syntax show services rpm history-results
<brief | detail>
<owner owner>
<since time>
<test name>
Release Information Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 13.2 for PTX Series Packet Transport Routers.
Description Display standard information about the results of the last 50 probes for each real-time
performance monitoring (RPM) instance.
Options none—Display the results of the last 50 probes for all RPM instances.
brief | detail—(Optional) Display the specified level of output.
owner owner—(Optional) Display information for the specified probe owner.
since time—(Optional) Display information from the specified time. Specify time as
yyyy-mm-dd.hh:mm:ss.
test name—(Optional) Display information for the specified test.
Required Privilege view
Level
List of Sample Output show services rpm history-results on page 485
show services rpm history-results detail on page 485
Output Fields Table 39 on page 484 lists the output fields for the show services rpm history-results
command. Output fields are listed in the approximate order in which they appear.
Table 39: show services rpm history-results Output Fields
Field Name Field Description Level of Output
Owner Probe owner. All levels
Test Name of a test for a probe instance. All levels
Probe received Timestamp when the probe result was determined. All levels
Round trip time Average ping round-trip time (RTT), in microseconds. All levels
Probe results Result of a particular probe performed by a remote host. The following detail
information is contained in the results:
• Response received—Timestamp when the probe result was determined.
• Rtt—Average ping round-trip time (RTT), in microseconds.
484 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 39: show services rpm history-results Output Fields (continued)
Field Name Field Description Level of Output
Results over current Displays the results for the current test by probe at the time each probe was detail
test completed, as well as the status of the current test at the time the probe was
completed.
Probes sent Number of probes sent with the current test. detail
Probes received Number of probe responses received within the current test. detail
Loss percentage Percentage of lost probes for the current test. detail
Measurement Increment of measurement. Possible values are round-trip time delay and, for detail
the probe type icmp-pin-timestamp, the egress and ingress delay:
• Minimum—Minimum RTT, ingress delay, or egress delay measured over the
course of the current test.
• Maximum—Maximum RTT, ingress delay, or egress delay measured over the
course of the current test.
• Average—Average RTT, ingress delay, or egress delay measured over the
course of the current test.
• Jitter—Difference, in microseconds, between the maximum and minimum
RTT measured over the course of the current test.
• Stddev—Standard deviation of the round-trip time, in microseconds, measured
over the course of the current test.
Sample Output
show services rpm history-results
user@host> show services rpm history-results
Owner, Test Probe received Round trip time
p1, t1 Wed Aug 12 01:02:35 2009 315 usec
p1, t1 Wed Aug 12 01:02:36 2009 266 usec
p1, t1 Wed Aug 12 01:02:37 2009 314 usec
p1, t1 Wed Aug 12 01:02:38 2009 388 usec
p1, t1 Wed Aug 12 01:02:39 2009 316 usec
p1, t1 Wed Aug 12 01:02:40 2009 271 usec
p1, t1 Wed Aug 12 01:02:41 2009 314 usec
p1, t1 Wed Aug 12 01:02:42 2009 1180 usec
show services rpm history-results detail
user@host> show services rpm history-results detail
Owner: p1, Test: t1, Probe type: icmp-ping-timestamp
Probe results:
Response received, Wed Aug 12 01:02:35 2009,
Client and server hardware timestamps
Rtt: 315 usec
Results over current test:
Probes sent: 1, Probes received: 1, Loss percentage: 0
Measurement: Round trip time
Samples: 1, Minimum: 315 usec, Maximum: 315 usec, Average: 315 usec,
Peak to peak: 0 usec, Stddev: 0 usec, Sum: 315 usec
Copyright © 2014, Juniper Networks, Inc. 485
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Owner: p1, Test: t1, Probe type: icmp-ping-timestamp
Probe results:
Response received, Wed Aug 12 01:02:36 2009,
Client and server hardware timestamps
Rtt: 266 usec, Round trip jitter: -50 usec,
Round trip interarrival jitter: 3 usec
Results over current test:
Probes sent: 2, Probes received: 2, Loss percentage: 0
Measurement: Round trip time
Samples: 2, Minimum: 266 usec, Maximum: 315 usec, Average: 291 usec,
Peak to peak: 49 usec, Stddev: 24 usec, Sum: 581 usec
Measurement: Negative round trip jitter
Samples: 1, Minimum: 50 usec, Maximum: 50 usec, Average: 50 usec,
Peak to peak: 0 usec, Stddev: 0 usec, Sum: 50 usec
Owner: p1, Test: t1, Probe type: icmp-ping-timestamp
Probe results:
Response received, Wed Aug 12 01:02:37 2009,
Client and server hardware timestamps
Rtt: 314 usec, Round trip jitter: 49 usec,
Round trip interarrival jitter: 6 usec
Results over current test:
Probes sent: 3, Probes received: 3, Loss percentage: 0
Measurement: Round trip time
Samples: 3, Minimum: 266 usec, Maximum: 315 usec, Average: 298 usec,
Peak to peak: 49 usec, Stddev: 23 usec, Sum: 895 usec
Measurement: Positive round trip jitter
Samples: 1, Minimum: 49 usec, Maximum: 49 usec, Average: 49 usec,
Peak to peak: 0 usec, Stddev: 0 usec, Sum: 49 usec
Measurement: Negative round trip jitter
Samples: 1, Minimum: 50 usec, Maximum: 50 usec, Average: 50 usec,
Peak to peak: 0 usec, Stddev: 0 usec, Sum: 50 usec
Owner: p1, Test: t1, Probe type: icmp-ping-timestamp
Probe results:
Response received, Wed Aug 12 01:02:38 2009,
Client and server hardware timestamps
Rtt: 388 usec, Round trip jitter: 74 usec,
Round trip interarrival jitter: 10 usec
Results over current test:
Probes sent: 4, Probes received: 4, Loss percentage: 0
Measurement: Round trip time
Samples: 4, Minimum: 266 usec, Maximum: 388 usec, Average: 321 usec,
Peak to peak: 122 usec, Stddev: 44 usec, Sum: 1283 usec
Measurement: Positive round trip jitter
Samples: 2, Minimum: 49 usec, Maximum: 74 usec, Average: 62 usec,
Peak to peak: 25 usec, Stddev: 12 usec, Sum: 123 usec
Measurement: Negative round trip jitter
Samples: 1, Minimum: 50 usec, Maximum: 50 usec, Average: 50 usec,
Peak to peak: 0 usec, Stddev: 0 usec, Sum: 50 usec
486 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services rpm probe-results
Syntax show services rpm probe-results
<owner owner>
<test name>
Release Information Command introduced before Junos OS Release 7.4.
Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 13.2 for PTX Series Packet Transport Series
Routers.
Description Display the results of the most recent real-time performance monitoring (RPM) probes.
Options none—Display all results of the most recent RPM probes.
owner owner—(Optional) Display information for the specified probe owner.
test name—(Optional) Display information for the specified test.
Required Privilege view
Level
List of Sample Output show services rpm probe-results on page 490
show services rpm probe-results (BGP Neighbor Discovery) on page 492
Output Fields Table 40 on page 487 lists the output fields for the show services rpm probe-results
command. Output fields are listed in the approximate order in which they appear.
Table 40: show services rpm probe-results Output Fields
Field Name Field Description
Owner Owner name. When you configure the probe owner statement at the [edit services rpm] hierarchy
level, this field displays the configured owner name. When you configure BGP neighbor discovery
through RPM, the output for this field is Rpm-Bgp-Owner.
Test Name of a test representing a collection of probes. When you configure the test test-name statement
at the [edit services rpm probe owner] hierarchy level, the field displays the configured test name.
When you configure BGP neighbor discovery through RPM, the output for this field is Rpm-BGP-Test-
n, where n is a cumulative number.
Target address Destination address used for the probes.
Source address Source address used for the probes.
Probe type Protocol configured on the receiving probe server: http-get, http-metadata-get, icmp-ping,
icmp-ping-timestamp, tcp-ping, udp-ping, or udp-ping-timestamp.
Test size Number of probes within a test.
Copyright © 2014, Juniper Networks, Inc. 487
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 40: show services rpm probe-results Output Fields (continued)
Field Name Field Description
Routing Instance Name (BGP neighbor discovery) Name of the configured (if any) routing instance, logical system name, or
both, in which the probe is configured:
• When a routing instance is defined within a logical system, the logical system name is followed by
the routing instance name. A slash ( / ) is used to separate the two entities. For example, if the
routing instance called R1 is configured within the logical system called LS, the name in the output
field is LS/R1.
• When a routing instance is configured but the default logical system is used, the name in the output
field is the name of the routing instance.
• When a logical system is configured but the default routing instance is used, the name in the output
field is the name of the logical system followed by default. A slash (/) is used to separate the two
entities. For example, LS/default.
Probe results Raw measurement of a particular probe sample done by a remote host. This data is provided separately
from the calculated results. The following information is contained in the raw measurement:
• Response received—Timestamp when the probe result was determined.
• Client and server hardware timestamps—If timestamps are configured, an entry appears at this point.
• Rtt—Average ping round-trip time (RTT), in microseconds.
• Egress jitter—Egress jitter, in microseconds.
• Ingress jitter—Ingress jitter, in microseconds.
• Round trip jitter—Round-trip jitter, in microseconds.
• Egress interarrival jitter—Egress interarrival jitter, in microseconds.
• Ingress interarrival jitter—Ingress interarrival jitter, in microseconds.
• Round trip interarrival jitter—Round-trip interarrival jitter, in microseconds.
Results over current test Probes are grouped into tests, and the statistics are calculated for each test. If a test contains 10
probes, the average, minimum, and maximum results are calculated from the results of those 10
probes. If the command is issued while the test is in progress, the statistics use information from the
completed probes.
• Probes sent—Number of probes sent within the current test.
• Probes received—Number of probe responses received within the current test.
• Loss percentage—Percentage of lost probes for the current test.
• Measurement—Measurement type. Possible values are round-trip time, positive round-trip jitter,
negative round-trip jitter, egress time, positive egress jitter, negative egress jitter, ingress time,
positive ingress jitter, negative ingress jitter, and, for the probe type icmp-ping-timestamp, the egress
delay and ingress delay.
For each measurement type, the following individual calculated results are provided:
• Samples—Number of probes.
• Minimum—Minimum RTT, ingress delay, or egress delay measured over the course of the current
test.
• Maximum—Maximum RTT, ingress delay, or egress delay measured over the course of the current
test.
• Average—Average RTT, ingress delay, or egress delay measured over the course of the current
test.
• Peak to peak—Peak-to-peak difference, in microseconds.
• Stddev—Standard deviation, in microseconds.
• Sum—Statistical sum.
488 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 40: show services rpm probe-results Output Fields (continued)
Field Name Field Description
Results over last test Results for the most recently completed test. If the command is issued while the first test is in progress,
this information is not displayed
• Probes sent—Number of probes sent for the most recently completed test.
• Probes received—Number of probe responses received for the most recently completed test.
• Loss percentage—Percentage of lost probes for the most recently completed test.
• Test completed—Time the most recent test was completed.
• Measurement—Measurement type. Possible values are round-trip time, positive round-trip jitter,
negative round-trip jitter, egress time, positive egress jitter, negative egress jitter, ingress time,
positive ingress jitter, negative ingress jitter, and, for the probe type icmp-ping-timestamp, the egress
delay and ingress delay.
For each measurement type, the following individual calculated results are provided:
• Samples—Number of probes.
• Minimum—Minimum RTT, ingress delay, or egress delay measured for the most recently completed
test.
• Maximum—Maximum RTT, ingress delay, or egress delay measured for the most recently
completed test.
• Average—Average RTT, ingress delay, or egress delay measured for the most recently completed
test.
• Peak to peak—Peak-to-peak difference, in microseconds.
• Stddev—Standard deviation, in microseconds.
• Sum—Statistical sum.
Results over all tests Displays statistics made for all the probes, independently of the grouping into tests, as well as statistics
for the current test.
• Probes sent—Number of probes sent in all tests.
• Probes received—Number of probe responses received in all tests.
• Loss percentage—Percentage of lost probes in all tests.
• Measurement—Measurement type. Possible values are round-trip time, positive round-trip jitter,
negative round-trip jitter, egress time, positive egress jitter, negative egress jitter, ingress time,
positive ingress jitter, negative ingress jitter, and, for the probe types icmp-ping-timestamp and
udp-ping-timestamp, the egress delay and ingress delay.
For each measurement type, the following individual calculated results are provided:
• Samples—Number of probes.
• Minimum—Minimum RTT, ingress delay, or egress delay measured over the course of the current
test.
• Maximum—Maximum RTT, ingress delay, or egress delay measured over the course of the current
test.
• Average—Average RTT, ingress delay, or egress delay measured over the course of the current
test.
• Peak to peak—Peak-to-peak difference, in microseconds.
• Stddev—Standard deviation, in microseconds.
• Sum—Statistical sum.
Copyright © 2014, Juniper Networks, Inc. 489
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 40: show services rpm probe-results Output Fields (continued)
Field Name Field Description
Error Stats Displays error statistics for each probe.
• Invalid client recv timestamp—Number of client receive timestamp less than client send timestamp.
• Invalid server send timestamp—Number of server send timestamp less than server receive timestamp.
• Invalid server processing time—Number of server side spent time greater than RTT.
NOTE: Error Stats is displayed in the output only if non-zero statistics exists.
Sample Output
show services rpm probe-results
user@host> show services rpm probe-results
Owner: ADSN-J4300.ADSN-J2300.D2, Test: 75300002
Target address: 172.16.54.172, Source address: 10.206.0.1,
Probe type: udp-ping-timestamp, Test size: 10 probes
Probe results:
Response received, Tue Feb 6 14:53:15 2007,
Client and server hardware timestamps
Rtt: 575 usec, Egress jitter: 5 usec, Ingress jitter: 8 usec,
Round trip jitter: 12 usec, Egress interarrival jitter: 8 usec,
Ingress interarrival jitter: 7 usec, Round trip interarrival jitter: 7 usec,
Round trip interarrival jitter: 669 usec
Results over current test:
Probes sent: 10, Probes received: 10, Loss percentage: 0
Measurement: Round trip time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive round trip jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative round trip jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Measurement: Egress time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive Egress jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative Egress jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Measurement: Ingress time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive Ingress jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative Ingress jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Results over last test:
Probes sent: 10, Probes received: 10, Loss percentage: 0
490 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Test completed on Tue Feb 6 14:53:16 2007
Measurement: Round trip time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive round trip jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative round trip jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Measurement: Egress time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive Egress jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative Egress jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Measurement: Ingress time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive Ingress jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative Ingress jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Results over all tests:
Probes sent: 560, Probes received: 560, Loss percentage: 0
Measurement: Round trip time
Samples: 560, Minimum: 805 usec, Maximum: 3114 usec, Average: 1756 usec,
Peak to peak: 2309 usec, Stddev: 519 usec, Sum: xxxx usec
Measurement: Positive round trip jitter
Samples: 257, Minimum: 0 usec, Maximum: 2054 usec, Average: 597 usec,
Peak to peak: 2054 usec, Stddev: 427 usec, Sum: xxxx usec
Measurement: Negative round trip jitter
Samples: 302, Minimum: 1 usec, Maximum: 1812 usec, Average: 511 usec,
Peak to peak: 1811 usec, Stddev: 408 usec, Sum: xxxx usec
Measurement: Egress time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive Egress jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative Egress jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Measurement: Ingress time
Samples: 10, Minimum: 805 usec, Maximum: 2859 usec, Average: 1644 usec,
Peak to peak: 2054 usec, Stddev: 738 usec, Sum: xxxx usec
Measurement: Positive Ingress jitter
Samples: 5, Minimum: 5 usec, Maximum: 2054 usec, Average: 876 usec,
Peak to peak: 2049 usec, Stddev: 679 usec, Sum: xxxx usec
Measurement: Negative Ingress jitter
Samples: 5, Minimum: 5 usec, Maximum: 1812 usec, Average: 926 usec,
Peak to peak: 1807 usec, Stddev: 665 usec, Sum: xxxx usec
Error Stats:
Invalid client recv timestamp: 3, Invalid server send timestamp: 0
Invalid server processing time: 0
Copyright © 2014, Juniper Networks, Inc. 491
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services rpm probe-results (BGP Neighbor Discovery)
user@host> show services rpm probe-results
Owner: Rpm-Bgp-Owner, Test: Rpm-Bgp-Test-1
Target address: 10.209.152.37, Probe type: icmp-ping, Test size: 5 probes
Routing Instance Name: LS1/RI1
Probe results:
Response received, Fri Oct 28 05:20:23 2005
Rtt: 662 usec
Results over current test:
Probes sent: 5, Probes received: 5, Loss percentage: 0
Measurement: Round trip time
Minimum: 529 usec, Maximum: 662 usec, Average: 585 usec,
Jitter: 133 usec, Stddev: 53 usec
Results over all tests:
Probes sent: 5, Probes received: 5, Loss percentage: 0
Measurement: Round trip time
Minimum: 529 usec, Maximum: 662 usec, Average: 585 usec,
Jitter: 133 usec, Stddev: 53 usec
492 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services rpm rfc2544-benchmarking
Syntax show services rpm rfc2544-benchmarking
<aborted-tests (test-id test-id | brief | detail)>
<active-tests (test-id test-id | brief | detail)>
<completed-tests (test-id test-id | brief | detail)>
<summary>
Release Information Command introduced in Junos OS Release 12.3X52 for ACX Series routers.
Command introduced in Junos OS Release 13.3R1 for MX104 3D Universal Edge Routers.
Description Display information about the results of each category or state of the RFC 2544-based
benchmarking test, such as aborted tests, active tests, and completed tests, for each
real-time performance monitoring (RPM) instance. You can view the results of each test
state for all of the configured test IDs or for a specific test ID. Also, you can display
statistics about the total number of tests of each state for a high-level, quick analysis.
The values in the output displayed vary, depending on the state in which the test is passing
through, when you issue the command.
You can view the test results of multiple test IDs at the same time by entering the IDs in
a single command. If you enter multiple test ID values, you must separate each number
with a space.
Options aborted-tests—Display the list of tests that were aborted or stopped. This list includes
tests that failed due to various error conditions and tests that you terminated by
entering the test service rpm rfc2544-benchmarking test test-name stop command.
The Status field in the output specifies the reason for the termination of the test.
test-id test-id—Unique identifier of the test for which the test results must be displayed.
brief | detail—(Optional) Display the specified level of output.
active-tests—Display the results of the set of tests that are currently running.
completed-tests—Display the results of the set of tests that were successfully completed.
A completed test is one that passes through all the test steps or states specified in
RFC 2544. A test that is marked as completed after it went through all the states
from the beginning to the end can still be reported as a failed test. For example, a
failed test can be a test that sends the desired number of packets, but does not
receive the frames back from the other end.
summary—(Optional) Display summary output.
Required Privilege view
Level
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
Copyright © 2014, Juniper Networks, Inc. 493
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
List of Sample Output show services rpm rfc2544-benchmarking summary on page 495
show services rpm rfc2544-benchmarking aborted-tests (ACX Series router) on page 495
show services rpm rfc2544-benchmarking completed-tests (ACX Series
router) on page 495
show services rpm rfc2544-benchmarking active-tests (ACX Series router) on page 496
show services rpm rfc2544-benchmarking aborted-tests (MX104 router) on page 496
show services rpm rfc2544-benchmarking completed-tests (MX104 router) on page 496
show services rpm rfc2544-benchmarking active-tests (MX104 router) on page 497
Output Fields Table 41 on page 494 lists the output fields for the show services rpm rfc2544-benchmarking
(aborted-tests | active-tests | completed-tests) command. Output fields are listed in the
approximate order in which they appear.
Table 41: show services rpm rfc2544-benchmarking Output Fields
Field Name Field Description
Test information Details of the performed RFC 2544 benchmarking test.
Test id Unique identifier configured for the test.
Test name Name configured for the test.
Test type The type of statistical detail that is collected for the test, based on the configured
test type. Throughput-related, latency, frame-loss, or back-to-back
frames-related information is displayed for ACX Series routers. Reflected
packets-related information is displayed for MX104 routers..
Test mode Mode configured for the test on the router. Test modes are:
• Initiate-and-Terminate: Test frames are initiated from one end and terminated
at the same end. This mode requires a reflector to be configured at the peer
end to enable the test frames to be returned to the source. This mode is
supported only on ACX Series routers
• Reflect: Test frames that originate from one end are reflected at the other
end on the selected service, such as IPv4 or Ethernet.
Test packet size Size of the test packets in bytes. This field is valid only when the test mode is
Initiate-and-Terminate.
Test state State of the test that is in progress or active when the output is displayed.
Status Indicates whether the test is currently in progress or has been terminated. This
field is displayed for tests that are in progress or were aborted by entering the
test services rpm rfc2544-benchmarking test <test-name | test-id> stop command.
Test start time Time at which the test started in Coordinated Universal Time (UTC) format
(YYYY-MM-DD-HH:MM:SS).
Test finish time Time at which the test completed.
494 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 41: show services rpm rfc2544-benchmarking Output
Fields (continued)
Field Name Field Description
Counters last Date, time, and how long ago the statistics for the test were cleared. The format
cleared is year-month-day hour:minute:second:timezone (hour:minute:second ago). For
example, 2010-05-17 07:51:28 PDT (00:04:33 ago). If you did not clear the
statistics previously at any point, Never is displayed.
Number of active Total number of tests that are currently running.
tests
Number of Total number of tests that were successfully completed
completed tests
Number of aborted Total number of tests that were aborted or halted.
tests
Sample Output
show services rpm rfc2544-benchmarking summary
user@host> show services rpm rfc2544-benchmarking summary
Rfc2544 tests summary :
Number of active tests: 0, Number of completed tests: 4, Number of aborted tests: 52
This output indicates that no test iteration is currently in progress (at the time of issue
of the command), 4 tests were completed successfully, and 52 tests were halted.
show services rpm rfc2544-benchmarking aborted-tests (ACX Series router)
user@host> show services rpm rfc2544-benchmarking aborted-tests
Test information :
Test id: 1, Test name: test1, Test type: Throughput
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_STOPPED
Status: User-aborted-via-cli
Test start time: 2005-08-05 03:19:58 UTC
Test finish time: 2005-08-05 03:20:00 UTC
Counters last cleared: Never
Test id: 2, Test name: test1, Test type: Throughput
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_STOPPED
Status: User-aborted-via-cli
Test start time: 2005-08-05 03:20:00 UTC
Test finish time: 2005-08-05 03:20:02 UTC
Counters last cleared: Never
show services rpm rfc2544-benchmarking completed-tests (ACX Series router)
user@host> show services rpm rfc2544-benchmarking completed-tests
Copyright © 2014, Juniper Networks, Inc. 495
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Test information :
Test id: 18, Test name: test1, Test type: Throughput
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_COMPLETED
Test start time: 2005-08-05 03:20:34 UTC
Test finish time: 2005-08-05 03:21:23 UTC
Counters last cleared: Never
show services rpm rfc2544-benchmarking active-tests (ACX Series router)
user@host> show services rpm rfc2544-benchmarking active-tests
Test information :
Test id: 57, Test name: test1, Test type: Back-Back-Frames
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_RUNNING
Status: Running
Test start time: 2005-08-05 20:15:41 UTC
Test finish time: TEST_RUNNING
Counters last cleared: Never
show services rpm rfc2544-benchmarking aborted-tests (MX104 router)
user@host> show services rpm rfc2544-benchmarking aborted-tests
Test information :
Test id: 1, Test name: prof_tput1, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_STOPPED
Status: Test-intf-ifl-change
Test start time: 2013-12-16 22:54:27 PST
Test finish time: 2013-12-16 23:30:28 PST
Counters last cleared: Never
Test id: 2, Test name: prof_tput1, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_STOPPED
Status: User-aborted-via-cli
Test start time: 2013-12-16 23:31:06 PST
Test finish time: 2013-12-16 23:36:22 PST
Counters last cleared: Never
Test id: 3, Test name: prof_tput1, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_STOPPED
Status: User-aborted-via-cli
Test start time: 2013-12-16 23:36:24 PST
Test finish time: 2013-12-17 01:49:24 PST
Counters last cleared: Never
show services rpm rfc2544-benchmarking completed-tests (MX104 router)
user@host> show services rpm rfc2544-benchmarking completed-tests
Test information :
Test id: 18, Test name: test1, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_COMPLETED
496 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Test start time: 2005-08-05 03:20:34 UTC
Test finish time: 2005-08-05 03:21:23 UTC
Counters last cleared: Never
show services rpm rfc2544-benchmarking active-tests (MX104 router)
user@host> show services rpm rfc2544-benchmarking active-tests
Test information :
Test id: 4, Test name: prof_tput1, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: TEST_STATE_RUNNING
Status: Running
Test start time: 2013-12-17 01:49:26 PST
Test finish time: TEST_RUNNING
Counters last cleared: Never
Copyright © 2014, Juniper Networks, Inc. 497
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
show services rpm rfc2544-benchmarking test-id
Syntax show services rpm rfc2544-benchmarking test-id test-id
<brief | detail>
Release Information Command introduced in Junos OS Release 12.3X52 for ACX Series routers.
Command introduced in Junos OS Release 13.3R1 for MX104 3D Universal Edge Routers.
Description Display information about the results of the RFC 2544-based benchmarking test for a
specific test ID for each real-time performance monitoring (RPM) instance. The values
in the output displayed vary, depending on the state in which the test is passing through,
when you issue the command.
Options none—Display brief information about a specific test ID of the benchmarking test.
test-id test-id—Unique identifier of the test for which the test results must be displayed.
brief | detail—(Optional) Display the specified level of output.
Required Privilege view
Level
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
List of Sample Output show services rpm rfc2544-benchmarking test-id detail (Throughput Test on ACX
Series routers ) on page 506
show services rpm rfc2544-benchmarking test-id detail (Latency Test on ACX Series
routers) on page 507
show services rpm rfc2544-benchmarking test-id detail (Frame Loss Test on ACX
Series routers) on page 510
show services rpm rfc2544-benchmarking test-id detail (Back-to-Back Frames Test
on ACX Series routers) on page 511
show services rpm rfc2544-benchmarking test-id detail (Reflection Test on MX104
routers) on page 512
show services rpm rfc2544-benchmarking test-id brief (Reflection Test on MX104
routers) on page 513
show services rpm rfc2544-benchmarking test-id detail (Reflection Test on MX104
routers) on page 513
show services rpm rfc2544-benchmarking test-id brief (Reflection Test on MX104
routers) on page 514
Output Fields Table 42 on page 499 lists the output fields for the show services rpm rfc2544-benchmarking
test-id command. Output fields are listed in the approximate order in which they appear.
498 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields
Field Name Field Description Level of Output
Test information Details of the performed RFC 2544 benchmarking test. None specified
Test id Unique identifier configured for the test. None specified
Test name Name configured for the test. None specified
Test type The type of statistical detail that is collected for the test, based on the configured None specified
test type. Throughput-related, latency, frame-loss, or back-to-back
frames-related information is displayed for ACX Series routers. Reflected
packets-related information is displayed for MX104 routers.
Test mode Mode configured for the test on the router. Test modes are: None specified
• Initiate-and-Terminate: Test frames are initiated from one end and terminated
at the same end. This mode requires a reflector to be configured at the peer
end to enable the test frames to be returned to the source. This mode is
supported only on ACX Series routers.
• Reflect: Test frames that originate from one end are reflected at the other
end on the selected service, such as IPv4 or Ethernet.
Test packet size Size of the test packets in bytes. This field is valid only when the test mode is None specified
Initiate-and-Terminate.
Test state State of the test that is in progress or active when the output is displayed. For None specified
details about the states, see RFC 2544-Based Benchmarking Test States.
Status Indicates whether the test is currently in progress or has been terminated. None specified
Test start time Time at which the test started in Coordinated Universal Time (UTC) format None specified
(YYYY-MM-DD-HH:MM:SS).
Test finish time Time at which the test completed. None specified
Counters last Date, time, and how long ago the statistics for the test were cleared. The format None specified
cleared is year-month-day hour:minute:second:timezone (hour:minute:second ago). For
example, 2010-05-17 07:51:28 PDT (00:04:33 ago). If you did not clear the
statistics previously at any point, Never is displayed.
Test-profile (ACX Series routers only) Details of the specified test profile detail
Configuration
Test-profile name (ACX Series routers only) Name of the configured test profile that contains the detail
parameters for the test
Test packet size (ACX Series routers only) Size of the test packets in bytes detail
Theoretical max (ACX Series routers only) Theoretical maximum bandwidth configured for the detail
bandwidth test. This value is typically set to the bandwidth of the server being tested. Valid
values are 1 Kbps through 1,000,000 Kbps (1 Gbps). The value defined is the
highest bandwidth value tested for this test.
Copyright © 2014, Juniper Networks, Inc. 499
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
Test Configuration Details of the configured test ID. detail
Test mode Mode configured for the test. Test modes are Initiate-and-Terminate and Reflect. detail
Duration in seconds Period in seconds for which the test has been performed. detail
Test family The underlying service on which the test is run. Test families are: detail
• INET: Indicates that the test is run on a IPV4 service.
• CCC: Indicates that the test is run on a circuit cross-connect (CCC) or
pseudowire service.
Routing Instance (ACX Series routers only) Name of the routing instance for the test detail
Name
Inet family Details of the configured inet family for an IPv4 service detail
Configuration
Egress Interface Name of the egress interface from which the test frames are sent detail
Source ipv4 Source IPv4 address used in the IP header of the generated test frame. detail
address
Destination ipv4 Destination IPv4 address used in the IP header of the generated test frame. detail
address
Source udp port Source UDP port number used in the UDP header of the generated test frame. detail
Destination udp Destination UDP port number used in the UDP header of the generated test detail
port frame.
Ccc family Details of the configured CCC family for an Ethernet service detail
Configuration
Source MAC (ACX Series routers only) Source MAC address used in generated test frames detail
address for a CCC or Ethernet pseudowire service.
Destination MAC (ACX Series routers only) Destination MAC address used in generated test detail
address frames for a CCC or Ethernet pseudowire service.
Ivlan-id (ACX Series routers only) Inner VLAN ID for test-frames. detail
Ovlan-id (ACX Series routers only) Outer VLAN ID for test-frames. detail
Direction egress Test is run in the egress direction of the interface (NNI) detail
Direction ingress Test is run in the ingress direction of the interface (UNI) detail
500 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
Rfc2544 (ACX Series routers only) Details of the throughput test detail
throughput test
information
Initial test load Percentage of the steady state load for the test. detail
percentage
Test iteration mode Mode of the test iteration: Binary or step-down. detail
Test iteration step The test step percentage for tests. If not specified, the default step-percent is detail
percent 10 percent. This parameter is ignored for all type of tests other than frame-loss
tests.
Theoretical max The theoretical limit of the media for the frame size configured for the test. This detail
bandwidth value is typically set to the bandwidth of the server being tested.
Test packet size: Packet size of the test frames in bytes. detail
Iteration Number of the test iteration. detail
Duration (sec) Period in seconds for which the test iteration is run detail
Elapsed time Amount of time that has passed, in seconds, since the start of the test. detail
pps Total count of packets-per-second (pps) transmitted during the test. detail
Tx Packets Number of transmitted test packets. detail
Rx Packets Number of received test packets. detail
Tx Bytes Number of transmitted bytes. detail
Rx Bytes Number of received bytes. detail
Percentage Percentage of throughput for the test iteration. detail
throughput
Result of the Results of the completed throughput test for a particular packet size. detail
iteration runs
(Throughput) :
Best iteration Number of the iteration with the highest throughout, among the listed iterations. detail
Best iteration (pps) Packets-per-second (pps) count of the iteration with the highest throughout, detail
among the listed iterations.
Best iteration Percentage of throughput of the iteration with the highest throughout, among detail
throughput the listed iterations.
Copyright © 2014, Juniper Networks, Inc. 501
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
RFC2544 Consolidated information of the throughput test. detail summary
Throughput test
results summary
Packet Size Size of the test packet in bytes. detail summary
Theoretical rate Theoretical frame rate in packets-per-second. detail summary
(pps)
Tx Packets Number of transmitted packets. detail summary
Rx Packets Number of received packets. detail summary
Offered throughput The offered throughput in percentage of the chosen service (such as Layer 3 or detail summary
(percentage) Ethernet pseudowire).
Measured Available bandwidth of the service based on the calculated throughput. detail summary
bandwidth (kbps)
Rfc2544 latency (ACX Series routers only) Details of the latency test detail
test information
:
Theoretical max Theoretical maximum bandwidth configured for the test. This value is typically detail
bandwidth set to the bandwidth of the server being tested. Valid values are 1 Kbps through
1,000,000 Kbps (1 Gbps). The value defined is the highest bandwidth value
used for this test.
Initial test load Percentage of the steady state load for the test. detail
percentage
Duration in seconds Period in seconds for which the test has been performed. detail
Test packet size Size of the test packet in bytes. detail
Iteration Number of the test iteration. detail
Duration (sec) Period in seconds for which the test iteration is run. detail
Elapsed time Amount of time that has passed, in seconds, since the start of the test. detail
pps Total count of packets-per-second (pps) transmitted during the test. detail
Tx Packets Number of transmitted test packets. detail
Rx Packets Number of received test packets. detail
Latency Displays the latency parameters. detail
502 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
Min(ns) Aggregated minimum latency in nanoseconds. detail
Avg(ns) Aggregated average latency in nanoseconds. detail
Max(ns) Aggregated maximum latency in nanoseconds. detail
Probe(ns) Aggregated probe latency in nanoseconds. detail
Result of the Results of the latency test completed for a particular packet size. detail
iteration runs
(Latency)
Avg (min) Latency Average of the minimum latency in nanoseconds. detail
Avg (avg) latency Average of the average latency in nanoseconds. detail
Avg (Max) latency Average of the maximum latency in nanoseconds. detail
Avg (probe) latency Average of the probe latency in nanoseconds. detail
RFC2544 Latency Consolidated statistics of the latency test. detail summary
test results
summary:
Packet Size Size of the test packet in bytes. detail summary
Theoretical rate Theoretical frame rate in packets-per-second. detail summary
(pps)
Tx Packets Number of transmitted packets. detail summary
Rx Packets Number of received packets. detail summary
Latency Displays the latency parameters. detail summary
Min(ns) Aggregated minimum latency in nanoseconds. detail summary
Avg(ns) Aggregated average latency in nanoseconds. detail summary
Max(ns) Aggregated maximum latency in nanoseconds. detail summary
Probe(ns) Aggregated probe latency in nanoseconds. detail summary
Rfc2544 (ACX Series routers only) Details of the back-to-back frames or bursty detail
Back-Back test frames test.
information :
Initial burst length: Length of the first burst when test frames are sent, as a measure of number of detail
seconds at the rate of Kbps.
Copyright © 2014, Juniper Networks, Inc. 503
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
Test iteration mode Mode of the test iteration: Binary or step-down. detail
:
Test iteration step The test step percentage for tests. If not specified, the default step-percent is detail
percent 10 percent. This parameter is ignored for all type of tests other than frame-loss
tests.
Theoretical max The theoretical limit of the media for the frame size configured for the test. This detail
bandwidth value is typically set to the bandwidth of the server being tested.
Test packet size: Packet size of the test frames in bytes. detail
Iteration Number of the test iteration. detail
Burst Length Number of packets in the burst. detail
(Packets)
Elapsed time Amount of time that has passed, in seconds, since the start of the test. detail
Tx Packets Number of transmitted test packets. detail
Rx Packets Number of received test packets. detail
Tx Bytes Number of transmitted bytes. detail
Rx Bytes Number of received bytes. detail
Result of the Results of the back-to-back frames test completed for a certain packet size. detail
iteration runs :
Best iteration : Number of the iteration with the longest burst. detail
Measured burst Time in seconds of the burst of the iteration with the longest burst. detail
(num sec)
Measured burst Number of packets during the burst of the iteration with the longest burst. detail
(num pkts)
RFC2544 Consolidated statistics of the back-to-back frames test. detail summary
Back-Back test
results summary:
Packet Size Size of the test packets in bytes. detail summary
Measure Burst Computed burst length in terms of number of packets. detail summary
length (Packets)
504 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
Rfc2544 (ACX Series routers only) Details of the frame-loss test. detail
frame-loss test
information :
Initial burst length: Length of the first burst when test frames are sent, as a measure of number of detail
seconds at the rate of Kbps.
Test iteration mode Mode of the test iteration: Binary or step-down. detail
:
Test iteration step The test step percentage for tests. If not specified, the default step-percent is detail
percent 10 percent. This parameter is ignored for all type of tests other than frame-loss
tests.
Theoretical max The theoretical limit of the media for the frame size configured for the test. This detail
bandwidth value is typically set to the bandwidth of the server being tested.
Test packet size Size of the test packets in bytes. detail
Iteration Number of the test iteration. detail
Duration (sec) Period, in seconds, for which the test iteration is run. detail
Offered throughput The offered throughput in percentage of the chosen service (such as Layer 3 or detail
(percentage) Ethernet pseudowire)
Elapsed time Amount of time that has passed, in seconds, since the start of the test. detail
pps Theoretical frame rate in packets-per-second. detail
Tx Packets Number of transmitted test packets. detail
Rx Packets Number of received test packets. detail
Tx Bytes Number of transmitted bytes. detail
Rx Bytes Number of received bytes. detail
Frame-loss rate % Percentage of frames that must been forwarded by the router under steady detail
state (constant) load, but were not forwarded due to lack of resources.
Result of the Results of the frame-loss test completed for a certain packet size. detail
iteration runs :
Frame-loss rate Percentage of dropped frames for the specified packet size detail
(percent) :
RFC2544 Consolidated statistics of the frame-loss test detail
Frame-loss test
results summary
Copyright © 2014, Juniper Networks, Inc. 505
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 42: show services rpm rfc2544-benchmarking test-id Output Fields (continued)
Field Name Field Description Level of Output
Packet Size Size of the test packet in bytes. detail summary
Theoretical rate Theoretical frame rate in packets-per-second. detail summary
(pps)
Percentage Percentage of throughput for the test iteration. detail summary
throughput
Tx Packets Number of transmitted packets. detail summary
Rx Packets Number of received packets. detail summary
Frame Loss rate Percentage of dropped frames for the specified packet size detail summary
percent
Sample Output
show services rpm rfc2544-benchmarking test-id detail (Throughput Test on ACX Series routers )
user@host> show services rpm rfc2544-benchmarking test-id 19 detail
Test information :
Test id: 19, Test name: test1, Test type: Throughput
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_COMPLETED
Test start time: 2005-07-29 10:25:00 UTC
Test finish time: 2005-07-29 10:26:02 UTC
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: prof_tput
Test packet size: 64 1280
Therotical max bandwidth : 993000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test family: INET
Routing Instance Name: default
Inet family Configuration:
Egress Interface : ge-0/1/1.0
Source ipv4 address: 20.6.0.1
Destination ipv4 address: 20.6.0.2
Source udp port: 2020
Destination udp port: 3030
Rfc2544 throughput test information :
Initial test load percentage : 100.00 %
Test iteration mode : Binary
Test iteration step percent : 50.00 %
Therotical max bandwidth : 993000 kbps
506 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Test packet size: 64
Iteration Duration Elapsed pps Tx Rx Tx Rx
Percentage
(sec) time Packets Packets Bytes Bytes
throughput
1 3 3 134918 404754 404754 27523272 27523272 10.00
%
2 20 20 1349184 26983501 26983501 1834878068 1834878068 100.00
%
Result of the iteration runs : Throughput Test complete for packet size 64
Best iteration : 2, Best iteration (pps) : 1349184
Best iteration throughput : 100.00 %
Test packet size: 1280
Iteration Duration Elapsed pps Tx Rx Tx Rx
Percentage
(sec) time Packets Packets Bytes Bytes
throughput
1 3 3 9489 28467 28467 36551628 36551628 10.00
%
2 20 20 94896 1897920 1897920 2436929280 2436929280 100.00
%
Result of the iteration runs : Throughput Test complete for packet size 1280
Best iteration : 2, Best iteration (pps) : 94896
Best iteration throughput : 100.00 %
RFC2544 Throughput test results summary:
----------------------------------------
Packet Theoretical Tx Rx Offered throughput Measured
Size rate (pps) Packets Packets (percentage) bandwidth (kbps)
64 1349184 26983501 26983501 100.00 % 993000
1280 94896 1897920 1897920 100.00 % 993000
show services rpm rfc2544-benchmarking test-id detail (Latency Test on ACX Series routers)
user@host> show services rpm rfc2544-benchmarking test-id 37 detail
Test information :
Test id: 37, Test name: test1, Test type: Latency
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_COMPLETED
Test start time: 2005-07-29 10:26:41 UTC
Test finish time: 2005-07-29 10:36:15 UTC
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: prof_latency
Test packet size: 64 1280
Therotical max bandwidth : 993000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 10
Test family: INET
Routing Instance Name: default
Copyright © 2014, Juniper Networks, Inc. 507
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Inet family Configuration:
Egress Interface : ge-0/1/1.0
Source ipv4 address: 20.6.0.1
Destination ipv4 address: 20.6.0.2
Source udp port: 2020
Destination udp port: 3030
Rfc2544 latency test information :
Therotical max bandwidth : 993000 kbps
Initial test load percentage : 100.00 %
Duration in seconds: 10
Test packet size: 64
Iteration Duration Elapsed pps Tx Rx
(sec) time Packets Packets
1 3 3 134918 404754 404754
2 10 10 1349184 13491751 13491751
3 10 10 1349184 13491751 13491751
4 10 10 1349184 13491751 13491751
5 10 10 1349184 13491751 13491751
6 10 10 1349184 13491751 13491751
7 10 10 1349184 13491751 13491751
8 10 10 1349184 13491751 13491751
9 10 10 1349184 13491751 13491751
10 10 10 1349184 13491751 13491751
11 10 10 1349184 13491751 13491751
12 10 10 1349184 13491751 13491751
13 10 10 1349184 13491751 13491751
14 10 10 1349184 13491751 13491751
15 10 10 1349184 13491751 13491751
16 10 10 1349184 13491751 13491751
17 10 10 1349184 13491751 13491751
18 10 10 1349184 13491751 13491751
19 10 10 1349184 13491751 13491751
20 10 10 1349184 13491751 13491751
21 10 10 1349184 13491751 13491751
-------------- Latency ---------------
Min(ns) Avg(ns) Max(ns) Probe(ns)
17464 18770 18880 18784
17472 18799 20488 18848
17472 18799 20416 18816
17472 18799 20440 18704
17464 18799 20376 18880
17464 18799 20232 18832
17464 18799 20400 18848
17472 18799 20240 18864
17472 18799 20264 18848
17464 18799 20264 18880
17472 18800 20320 18864
17464 18799 20176 18864
17464 18800 20248 18864
17464 18800 20272 18864
17464 18799 20472 18832
17464 18799 20256 18880
17464 18799 20336 18848
17464 18800 20688 18848
17472 18800 20504 18864
17464 18799 20448 18768
17472 18799 20240 18864
508 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Result of the iteration runs : Latency Test complete for packet size 64
Avg (min) Latency : 17466
Avg (avg) latency : 18799
Avg (Max) latency : 20360
Avg (probe) latency : 18844
Test packet size: 1280
Iteration Duration Elapsed pps Tx Rx
(sec) time Packets Packets
1 3 3 9489 28467 28467
2 10 10 94896 948960 948960
3 10 10 94896 948960 948960
4 10 10 94896 948960 948960
5 10 10 94896 948960 948960
6 10 10 94896 948960 948960
7 10 10 94896 948960 948960
8 10 10 94896 948960 948960
9 10 10 94896 948960 948960
10 10 10 94896 948960 948960
11 10 10 94896 948960 948960
12 10 10 94896 948960 948960
13 10 10 94896 948960 948960
14 10 10 94896 948960 948960
15 10 10 94896 948960 948960
16 10 10 94896 948960 948960
17 10 10 94896 948960 948960
18 10 10 94896 948960 948960
19 10 10 94896 948960 948960
20 10 10 94896 948960 948960
21 10 10 94896 948960 948960
-------------- Latency ---------------
Min(ns) Avg(ns) Max(ns) Probe(ns)
68712 70031 70576 69456
68728 70344 71808 70512
68720 70344 71744 70352
68720 70344 71680 70112
68720 70345 71856 70352
68720 70344 71808 70384
68720 70344 71752 70480
68720 70344 71880 70112
68720 70344 71792 70320
68728 70345 73344 70336
68720 70344 71688 70560
68728 70345 71896 70496
68720 70344 71760 70096
68720 70344 71776 70320
68720 70344 71760 70400
68712 70345 71920 70352
68720 70344 71792 70576
68720 70345 71840 70320
68720 70344 71792 70368
68720 70345 71824 70464
68712 70345 71904 70512
Result of the iteration runs : Latency Test complete for packet size 1280
Avg (min) Latency : 68720
Avg (avg) latency : 70344
Copyright © 2014, Juniper Networks, Inc. 509
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Avg (Max) latency : 71880
Avg (probe) latency : 70371
RFC2544 Latency test results summary:
----------------------------------------
Packet Theoretical Tx Rx ------------- Latency -------------
Size rate (pps) Packets Packets Min(ns) Avg(ns) Max(ns) Probe(ns)
64 1349184 269835020 269835020 17466 18799 20360 18844
1280 94896 18979200 18979200 68720 70344 71880 70371
show services rpm rfc2544-benchmarking test-id detail (Frame Loss Test on ACX Series routers)
user@host> show services rpm rfc2544-benchmarking test-id 73 detail
Test information :
Test id: 73, Test name: test1, Test type: Frame-Loss
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_COMPLETED
Test start time: 2005-07-29 10:38:41 UTC
Test finish time: 2005-07-29 10:41:19 UTC
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: prof_fl
Test packet size: 64 1280
Therotical max bandwidth : 993000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test family: INET
Routing Instance Name: default
Inet family Configuration:
Egress Interface : ge-0/1/1.0
Source ipv4 address: 20.6.0.1
Destination ipv4 address: 20.6.0.2
Source udp port: 2020
Destination udp port: 3030
Rfc2544 frame-loss test information :
Initial test load percentage : 100.00 %
Test iteration mode : step-down
Test iteration step percent : 10 %
Therotical max bandwidth : 993000 kbps
Test packet size: 64
Iteration Duration Elapsed Offered pps Tx Rx Tx Rx
Frame-loss
(sec) time throughput% Packets Packets Bytes Bytes
rate %
1 3 3 10.00 % 134918 404754 404754 27523272
27523272 0.00 %
2 20 20 100.00 % 1349184 26983501 26983501 1834878068
1834878068 0.00 %
3 20 20 100.00 % 1349184 26983501 26983501 1834878068
1834878068 0.00 %
4 20 20 100.00 % 1349184 26983501 26983501 1834878068
1834878068 0.00 %
510 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Result of the iteration runs : Frame-loss test complete for packet size 64
Frame-loss rate (percent) : 0.00 %
Test packet size: 1280
Iteration Duration Elapsed Offered pps Tx Rx Tx Rx
Frame-loss
(sec) time throughput% Packets Packets Bytes Bytes
rate %
1 3 3 10.00 % 9489 404754 28467 36551628
36551628 0.00 %
2 20 20 100.00 % 94896 1897920 1897920 2436929280
2436929280 0.00 %
3 20 20 100.00 % 94896 1897920 1897920 2436929280
2436929280 0.00 %
4 20 20 100.00 % 94896 1897920 1897920 2436929280
2436929280 0.00 %
Result of the iteration runs : Frame-loss test complete for packet size 1280
Frame-loss rate (percent) : 0.00 %
RFC2544 Frame-loss test results summary:
----------------------------------------
Packet Theoretical Percentage Tx Rx Frame
Loss
Size rate (pps) throughput Packets Packets rate
percent
64 1349184 100.00 % 26983501 26983501 0.00
%
1280 94896 100.00 % 1897920 1897920 0.00
%
show services rpm rfc2544-benchmarking test-id detail (Back-to-Back Frames Test on ACX Series routers)
user@host> show services rpm rfc2544-benchmarking test-id 55 detail
Test information :
Test id: 55, Test name: test1, Test type: Back-Back-Frames
Test mode: Initiate-and-Terminate
Test packet size: 64 1280
Test state: RFC2544_TEST_STATE_COMPLETED
Test start time: 2005-07-29 10:36:54 UTC
Test finish time: 2005-07-29 10:37:57 UTC
Counters last cleared: Never
Test-profile Configuration:
Test-profile name: prof_b2b
Test packet size: 64 1280
Therotical max bandwidth : 993000 kbps
Test Configuration:
Test mode: Initiate-and-Terminate
Duration in seconds: 20
Test family: INET
Routing Instance Name: default
Copyright © 2014, Juniper Networks, Inc. 511
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Inet family Configuration:
Egress Interface : ge-0/1/1.0
Source ipv4 address: 20.6.0.1
Destination ipv4 address: 20.6.0.2
Source udp port: 2020
Destination udp port: 3030
Rfc2544 Back-Back test information :
Initial burst length: 20 seconds at 993000 kbps
Test iteration mode : Binary
Test iteration step percent : 50.00 %
Test packet size: 64
Iteration Burst Length Elapsed Tx Rx Tx
Rx
(Packets) time Packets Packets Bytes
Bytes
1 404754 3 404754 404754 27523272
27523272
2 26983680 20 26983680 26983680 1834890240
1834890240
Result of the iteration runs : Back-Back-Frames Test complete for packet size
64
Best iteration : 2
Measured burst (num sec) : 20 sec,
Measured burst (num pkts) : 26983680 packets
Result of the iteration runs : Back-Back-Frames Test complete for packet size
64
Best iteration : 2
Measured burst (num sec) : 20 sec,
Measured burst (num pkts) : 26983680 packets
Test packet size: 1280
Iteration Burst Length Elapsed Tx Rx Tx
Rx
(Packets) time Packets Packets Bytes
Bytes
1 28467 3 28467 28467 36551628
36551628
2 1897920 20 1897920 1897920 2436929280
2436929280
Result of the iteration runs : Back-Back-Frames Test complete for packet size
12
Best iteration : 2
Measured burst (num sec) : 20 sec,
Measured burst (num pkts) : 1897920 packets
RFC2544 Back-Back test results summary:
----------------------------------------
Packet Measure Burst
Size length (Packets)
64 26983680 packets
1280 1897920 packets
show services rpm rfc2544-benchmarking test-id detail (Reflection Test on MX104 routers)
user@host> show services rpm rfc2544-benchmarking test-id detail 1
512 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Test information :
Test id: 1, Test name: fort_uni_inet_ref, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: RFC2544_TEST_STATE_RUNNING
Status: Running
Test start time: 2013-12-09 16:24:52 IST
Test finish time: TEST_RUNNING
Counters last cleared: Never
Test Configuration:
Test mode: Reflect
Duration in seconds: 864000
Test family: INET
Routing Instance Name: default
Inet family Configuration:
Egress Interface : ge-0/3/1.0
Destination ipv4 address: 21.1.1.2
Destination udp port: 200
Elapsed Reflected Reflected
time Packets Bytes
176 8977917 9031784502
show services rpm rfc2544-benchmarking test-id brief (Reflection Test on MX104 routers)
user@host> show services rpm rfc2544-benchmarking test-id brief 1
Test information :
Test id: 1, Test name: fort_uni_inet_ref, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: RFC2544_TEST_STATE_RUNNING
Status: Running
Test start time: 2013-12-09 16:24:52 IST
Test finish time: TEST_RUNNING
Counters last cleared: Never
show services rpm rfc2544-benchmarking test-id detail (Reflection Test on MX104 routers)
user@host> show services rpm rfc2544-benchmarking test-id detail 2
Test information :
Test id: 2, Test name: fort_uni_inet_ref, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: RFC2544_TEST_STATE_RUNNING
Status: Running
Test start time: 2013-12-09 16:39:18 IST
Test finish time: TEST_RUNNING
Counters last cleared: Never
Test Configuration:
Test mode: Reflect
Duration in seconds: 864000
Test family: CCC
Routing Instance Name: default
CCC family Configuration:
Interface : ge-0/3/2.0
Test direction: Egress
Copyright © 2014, Juniper Networks, Inc. 513
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Elapsed Reflected Reflected
time Packets Bytes
23 809137 825319740
show services rpm rfc2544-benchmarking test-id brief (Reflection Test on MX104 routers)
user@host> show services rpm rfc2544-benchmarking test-id 2 brief
Test information :
Test id: 2, Test name: fort_uni_inet_ref, Test type: Reflect
Test mode: Reflect
Test packet size: 0
Test state: RFC2544_TEST_STATE_RUNNING
Status: Running
Test start time: 2013-12-09 16:39:18 IST
Test finish time: TEST_RUNNING
Counters last cleared: Never
514 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services rpm twamp server connection
Syntax show services rpm twamp server connection
<connection-id>
Release Information Command introduced in Junos OS Release 9.3.
Description Display information about the connections established between the real-time
performance monitoring (RPM) Two-Way Active Measurement Protocol (TWAMP)
server and control-clients. By default, all established sessions are displayed, unless you
specify a session ID when you issue the command.
Options connection-id—(Optional) Display only information about the specified connection ID.
Required Privilege view
Level
List of Sample Output show services rpm twamp server connection on page 515
Output Fields Table 43 on page 515 lists the output fields for the show services rpm twamp server
connection command. Output fields are listed in the approximate order in which they
appear.
Table 43: show services rpm twamp server connection Output Fields
Field Name Field Description
Connection ID Connection ID that uniquely identifies the connection between the TWAMP
server and a particular client.
Client address Client IP address.
Client port Client port number.
Server address Server IP address.
Server port Server port number.
Session count Session count.
Auth mode Authentication mode.
Sample Output
show services rpm twamp server connection
user@host> show services rpm twamp server connection
Connection Client Client Server Server Session Auth
ID address port address port count mode
4 1.1.1.1 12345 192.168.219.203 890 16 none
Copyright © 2014, Juniper Networks, Inc. 515
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
78 3.22.1.55 345 22.2.2.2 89022 5 none
234 192.168.219.203 2345 2.2.22.2 3333 16 none
5 221.4.1.1 82345 2.2.2.2 45909 16
authenticated
1 192.168.1.1 645 32.2.2.23 2394 16
encrypted
516 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services rpm twamp server session
Syntax show services rpm twamp server session
<session-id>
Release Information Command introduced in Junos OS Release 9.3.
Description Display information about the sessions established between the real-time performance
monitoring (RPM) Two-Way Active Measurement Protocol (TWAMP) server and control
clients. By default, all established sessions are displayed, unless you specify a session
ID when you issue the command.
Options session-id—(Optional) Display only information about the specified session ID.
Required Privilege view
Level
List of Sample Output show services rpm twamp server session on page 517
Output Fields Table 44 on page 517 lists the output fields for the show services rpm twamp server session
command. Output fields are listed in the approximate order in which they appear.
Table 44: show services rpm twamp server session Output Fields
Field Name Field Description
Session ID Session ID that uniquely identifies the session between the TWAMP
server and a particular client.
Connection ID Connection ID that uniquely identifies the connection between the
TWAMP server and a particular client.
Sender address Sender IP address.
Sender port Sender port number.
Reflector address Reflector IP address.
Reflector port Reflector port number.
Sample Output
show services rpm twamp server session
user@host> show services rpm twamp server session
Session Connection Sender Sender Reflector Reflector
ID ID address port address port
4 44 1.1.1.1 12345 192.168.219.203 890
78 44 3.22.1.55 345 22.2.2.2 89022
234 423 192.168.219.203 2345 2.2.22.2 3333
5 423 221.4.1.1 82345 2.2.2.2 45909
1 423 192.168.1.1 645 32.2.2.23 2394
Copyright © 2014, Juniper Networks, Inc. 517
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
518 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services video-monitoring mdi errors fpc-slot
Syntax show services video-monitoring mdi errors fpc-slot fpc-slot
Release Information Command introduced in Junos OS Release 14.1.
Description Display video monitoring error statistics.
Options fpc-slot—Number of the fpc slot for which statistics are displayed.
Required Privilege view
Level
Related • Inline Video Monitoring Overview on page 225
Documentation
List of Sample Output show services video-monitoring mdi errors fpc-slot on page 519
Output Fields Table 45 on page 519 lists the output fields for the show services video-monitoring mdi
errors fpc-slot fpc-slot command. Output fields are listed in the approximate order in
which they appear.
Table 45: show services video-monitoring mdi errors fpc-slot Output Fields
Field Name Field Description
FPC slot Slot number of the monitored FPC.
Flow Insert Error Number of errors during new flow insert operations.
Flow Policer Drops Number of packets dropped by flow policer process.
NOTE: New flows usually arrive within a very short time interval (1.5
microseconds). These errors do not represent the loss of entire flows, because
subsequent packets in the flow can establish the flow. All packets are monitored
after a flow has been established. Packet forwarding occurs independently of
the video monitoring, and packets are not dropped due to video monitoring
errors.
Unsupported Media Number of packets dropped because they are not media packets or they are
Packets Count unsupported media packets.
PID Limit Exceeded Number of packets unmonitored because the process identifier (PID) limit
exceeded has been exceeded.
NOTE: The current PID limit is 6.
Sample Output
show services video-monitoring mdi errors fpc-slot
user@host> show services video-monitoring mdi errors fpc-slot 2
Copyright © 2014, Juniper Networks, Inc. 519
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
MDI Errors Information
FPC Slot: 2
Flow Insert Error: 0, Flow Policer Drops: 0
Unsupported Media Packets Count: 0, PID Limit Exceeded: 202995
520 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services video-monitoring mdi flows fpc-slot
Syntax show services video-monitoring mdi flows fpc-slot fpc-slot
<brief>
<count>
<destination-address>
<destination-port>
<detail>
<input>
<interface-name>
<output>
<rtp>
<source-address>
<source-port>
<template-name>
<udp>
Release Information Command introduced in Junos OS Release 14.1.
Description Display inline video monitoring flow statistics.
Options fpc-slot—Number of the slot for which flows are reported.
brief—(Optional) Display brief output(default).
count—(Optional) Display the number of flows.
destination-address—(Optional) Filter output by destination address.
destination-port—(Optional) Filter output by destination port.
detail—(Optional) Display output in detailed format including media delivery index
records.
input—(Optional) Filter output by flow direction input.
interface-name—(Optional) Filter output by logical interface name.
output—(Optional) Filter output by flow direction output.
rtp—(Optional) Filter output by flow type rtp.
source-address—(Optional) Filter output by source IP address.
source-port—(Optional) Filter output by source port.
template-name—(Optional) Filter output by media delivery index template name.
udp—(Optional) Filter output by flow type MPEG-TS.
Required Privilege view
Level
Copyright © 2014, Juniper Networks, Inc. 521
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Related • Inline Video Monitoring Overview on page 225
Documentation
List of Sample Output show servicesvideo-monitoring mdi flows fpc-slot brief on page 522
show services inline-video-monitoring mdi flows detail on page 523
Output Fields Table 46 on page 522 lists the output fields for the show services inline-video-monitoring
mdi flows fpc-slot fpc-slot command. Output fields are listed in the approximate order
in which they appear.
Table 46: show services mdi flows Output Fields
Field Name Field Description
SIP Source IP address
DIP Destination IP address
SP Source port
DP Destination port
Di Direction (I=Input, O=Output)
Ty Type of flow
Last DF:MLR Delay factor and media loss rate value of last media delivery index record
Avg DF:MLR Average value of delay factor and media loss rate
Last MRV Media rate variation value of last media delivery index record
Avg MRV Average value of media rate variation
IFL Interface name on which flow is receiving
Template Name Name of template associated with flow
Sample Output
show servicesvideo-monitoring mdi flows fpc-slot brief
user@host> show services inline-video-monitoring mdi flows fpc-slot 2 brief
--------------------------------------------------------------------------------------------------------------------------------------------
Sno |SIP |SP |DIP |DP |Di|Ty |Last DF:MLR |Avg
DF:MLR |Last MRV |Avg MRV |IFL |Template Name
--------------------------------------------------------------------------------------------------------------------------------------------
1 20.0.0.2 1024 30.0.0.2 2048 I UDP 70.90:1
92.15:8205 -7.09 -9.36 xe-2/2/1.0 t1
522 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
Sample Output
show services inline-video-monitoring mdi flows detail
user@host> show services inline-video-monitoring flows fpc-slot 2 detail count 19
Format for RTP flows:
Source Address: 20.0.0.2, Source Port: 1024
Destination Address: 30.0.0.2, Destination Port: 2048
Last DF:MLR: 3.58:0, Avg DF:MLR: 3.60:0
Last MRV: 0.00, Avg MRV: 0.00
Interface Name: xe-2/2/1.0, Template Name: t1
Flow Direction: Input, Flow Type: RTP, MDI Records Count: 10
---------------------------------------+
Rec No| DF| MLR| MRV|
---------------------------------------+
1 3.58 0 0.00
2 3.62 0 0.00
3 3.59 0 0.00
4 3.63 0 0.00
5 3.60 0 0.00
6 3.64 0 0.00
7 3.61 0 0.00
8 3.57 0 0.00
9 3.62 0 0.00
10 3.58 0 0.00
Format for MPEG2-TS over UDP flows:
Source Address: 20.0.0.2, Source Port: 1024
Destination Address: 30.0.0.2, Destination Port: 2048
Last DF:MLR: 3.63:0, Avg DF:MLR: 3.61:4097
Last MRV: 0.00, Avg MRV: 0.00
Interface Name: xe-2/2/1.0, Template Name: t1
Flow Direction: Input, Flow Type: UDP, MDI Records Count: 10
---------------------------------------+-----------------------------------------------------------------------------------------------+
Rec No| DF| MLR| MRV| PID-0 | PID-1 | PID-2
| PID-3 | PID-4 | PID-5 |
---------------------------------------+-----------------------------------------------------------------------------------------------+
| Val| MLR| Val| MLR| Val|
MLR| Val| MLR| Val| MLR| Val| MLR|
---------------------------------------------------------------------------------------------------------------------------------------+
1 3.63 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
2 3.59 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
3 3.64 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
4 3.60 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
5 3.64 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
6 3.61 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
7 3.57 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
8 3.62 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
Copyright © 2014, Juniper Networks, Inc. 523
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
9 3.58 40977 0.00 0x1f40 40977 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
10 3.63 0 0.00 0x1f40 0 0x1f41 0 0x12
0 0x1f54 0 0x11 0 0x1020 0
524 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
show services video-monitoring mdi stats fpc-slot
Syntax show services video-monitoring mdi stats fpc-slot fpc-slot
Release Information Command introduced in Junos OS Release 14.1.
Description Display inline video monitoring statistics.
Options fpc-slot—Number of the fpc slot for which statistics are displayed.
Required Privilege view
Level
Related • Inline Video Monitoring Overview on page 225
Documentation
List of Sample Output show services video-monitoring mdi stats fpc-slot on page 526
Output Fields Table 47 on page 525 lists the output fields for the show services video-monitoring mdi
stats fpc-slot fpc-slot command. Output fields are listed in the approximate order in
which they appear.
Table 47: show services video-monitoring mdi stats fpc-slot Output Fields
Field Name Field Description
FPC Slot Slot number of the monitored FPC
Active Flows Number of active flows currently monitored.
active flows = inserted flows - deleted flows.
Total Inserted Number of flows initiated under video monitoring.
Flows
Total Deleted Flows Number of flows deleted due to inactivity timeout.
Total Packets Number of total packets monitored.
Count
Total Bytes Count Number of total bytes monitored.
DF Alarm Count Number of delay factor alarms at each of the following levels:
• Info level
• Warning level
• Critical level
Copyright © 2014, Juniper Networks, Inc. 525
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Table 47: show services video-monitoring mdi stats fpc-slot Output
Fields (continued)
Field Name Field Description
MLR Alarm Count Number of media loss rate (MLR) alarms at each of the following levels:
• Info level
• Warning level
• Critical level
MRV alarm count Number of media rate variation (MRV) alarms at each of the following levels:
• Info level
• Warning level
• Critical level
Sample Output
show services video-monitoring mdi stats fpc-slot
user@host> show services video-monitoring mdi stats fpc-slot 2
MDI Stats Information
FPC Slot: 2
Active Flows: 1, Total Inserted Flows: 1, Total Deleted Flows: 0
Total Packets Count: 746284, Total Bytes Count: 1013453672
DF alarm count: 0, Info level: 0, Warning level: 0, Critical level: 0
MLR alarm count: 0, Info level: 0, Warning level: 0, Critical level: 0
MRV alarm count: 0, Info level: 0, Warning level: 0, Critical level: 0
526 Copyright © 2014, Juniper Networks, Inc.
Chapter 14: Operational Commands
test services rpm rfc2544-benchmarking test
Syntax test services rpm rfc2544-benchmarking test(ACX Series)
<clear-counters>
<routing-instance>
<test-name>
<test-id>
<start>>
<stop>
Syntax test services rpm rfc2544-benchmarking test(MX104 Router)
<test-name>
<test-id>
<start>>
<stop>
Release Information Command introduced in Junos OS Release 12.3X52 for ACX Series routers.
Command introduced in Junos OS Release 13.3R1 for MX104 3D Universal Edge Routers.
Description Start or stop an RFC 2544-based benchmarking test. You can start or stop all of the test
names that are defined on a router, or start or stop a specific test name. You can also
stop a test based on its test identifier. You can also clear the statistical counters
associated with the test. When you trigger an RFC 2544-based benchmarking test, it
passes through a series of states. These states are displayed in the Test state field in the
brief or displayed output information of the show services rpm rfc2544-benchmarking
command.
NOTE: The RFC 2544 test is stopped at the initiator automatically after the
test successfully completes all of the test steps. You need not explicitly enter
the test services rpm rfc2544-benchmarking test <test-name | test-id> stop
command. However, at the reflector, you must explicitly enter this command
to stop the test after the test is completed at the initiator.
Options start—Start the RFC 2544-based benchmarking test
stop—Terminate the RFC 2544-based benchmarking test
clear-counters—(ACX Series routers only) Clear the statistics associated with the
benchmarking test that was run.
routing-instance—(ACX Series routers only) Name of the routing instance for the test.
test-name—Name of the benchmarking test that must be started or stopped.
test-id—Unique identifier of the test that must be stopped. You can stop a test based on
the test identifier. You can use the test-id option with only the test services rpm
rfc2544-benchmarking stop command.
Copyright © 2014, Juniper Networks, Inc. 527
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
Additional Information The test session is supported in out-of-service mode for the underlying service. You must
not transmit any traffic to the UNI port, configured as a generator or a reflector, that is
being tested during the duration of the test.
Required Privilege view
Level
Related • Configuring an RFC 2544-Based Benchmarking Test on page 175
Documentation
• RFC2544-Based Benchmarking Tests Overview on page 169
• rfc2544-benchmarking on page 353
List of Sample Output test services rpm rfc2544-benchmarking on page 528
Output Fields To display the results of the benchmarking test, use the show services rpm
rfc2544-benchmarking command.
Sample Output
test services rpm rfc2544-benchmarking
user@host> test services rpm rfc2544-benchmarking test test-name test1 start
Test "test1" id 56 started
The response specifies that a test has been started with test id 56. The test ID can be
further used in show commands to view test output.
528 Copyright © 2014, Juniper Networks, Inc.
PART 6
Index
• Index on page 531
Copyright © 2014, Juniper Networks, Inc. 529
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
530 Copyright © 2014, Juniper Networks, Inc.
analyzer-id statement........................................................254
usage guidelines.............................................................29
archive-sites statement.....................................................254
usage guidelines.............................................................30
AS PIC
Index redundancy........................................................................13
authentication-mode statement
RPM..................................................................................255
Symbols autonomous-system-type statement.........................256
#, comments in configuration statements....................xx usage guidelines............................................................86
( ), in syntax descriptions.....................................................xx
< >, in syntax descriptions....................................................xx B
benchmarking test See RFC2544 benchmarking
[ ], in configuration statements.........................................xx
test, RPM service
{ }, in configuration statements.........................................xx
bgp statement
| (pipe), in syntax descriptions...........................................xx
RPM...................................................................................257
A braces, in configuration statements.................................xx
accept brackets
action..................................................................................59 angle, in syntax descriptions......................................xx
accounting statement square, in configuration statements........................xx
flow monitoring............................................................249
usage guidelines.............................................................70 C
capture-group statement.................................................258
active flow monitoring
usage guidelines.............................................................37
aggregated flows, displaying..................................438
cflowd statement
available PICs, displaying..........................................461
usage guidelines............................................................86
CPU usage, displaying...............................................464
clear passive-monitoring statistics command.........397
error statistics, displaying........................................443
clear services accounting statistics inline-jflow
flow statistics, displaying.........................................447
command.................................................................398, 399
flows, detailed information, displaying...............452
clear services dynamic-flow-capture
memory statistics, displaying.................................457
command..........................................................................400
packet size distribution, displaying......................459
clear services flow-collector statistics
adaptive-services-pics statement
command............................................................................401
usage guidelines.............................................................32
clear services rpm twamp server connection
address statement
command...........................................................................402
DFC...................................................................................250
clear services video-monitoring mdi errors
usage guidelines....................................................38
command...........................................................................403
flow monitoring............................................................250
clear services video-monitoring mdi statistics
usage guidelines....................................................59
command...........................................................................404
aggregate-export-interval statement...........................251
client-list statement...........................................................260
usage guidelines.............................................................70
collector statement............................................................260
aggregated flows, displaying...........................................438
usage guidelines.............................................................30
aggregation statement
collector-pic statement
flow monitoring............................................................252
usage guidelines..............................................................31
usage guidelines............................................................86
comments, in configuration statements........................xx
allowed-destinations statement....................................253
configuration
usage guidelines.............................................................39
dynamic flow capture interface...............................43
analyzer-address statement............................................253
flow-tap application.....................................................53
usage guidelines.............................................................29
Copyright © 2014, Juniper Networks, Inc. 531
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
content destination system logging.................................................................41
dynamic flow capture, displaying.........................466 threshold configuration...............................................42
content destinations direction (RFC2544 Benchmarking)..............................271
DFC......................................................................................35 disable statement
Junos Packet Vision......................................................48 flow monitoring.............................................................272
content-destination statement.......................................261 traffic sampling
usage guidelines.............................................................38 usage guidelines....................................................62
control source discard accounting
DFC......................................................................................35 usage guidelines.............................................................70
control source, documentation
dynamic flow capture, displaying.........................468 comments on..................................................................xxi
control-source statement.................................................262 dscp-code-point statement
usage guidelines.............................................................39 RPM...................................................................................273
conventions DTCP.....................................................................................35, 47
text and syntax...............................................................xix duplicates-dropped-periodicity statement................274
core-dump statement........................................................263 usage guidelines.............................................................43
usage guidelines...............................................................6 dynamic flow capture See DFC
curly braces, in configuration statements......................xx content destination, displaying.............................466
customer support...................................................................xxi control source, displaying........................................468
contacting JTAC..............................................................xxi statistics
clearing..................................................................400
D displaying...............................................................470
data-fill statement..............................................................264 dynamic flow capture interfaces
data-format statement.....................................................264 displaying.........................................................................413
usage guidelines.............................................................29 Dynamic Tasking Control Protocol See DTCP
data-size statement............................................................265 dynamic-flow-capture statement.................................275
destination statement.......................................................266
flow monitoring E
usage guidelines....................................................59 enable flow collection mode..............................................32
destination-interface statement engine-id statement
RPM...................................................................................267 flow monitoring............................................................276
destination-ipv4-address (RFC 2544 engine-type statement.......................................................277
Benchmarking).................................................................268 export-format statement..................................................278
destination-mac-address (RFC2544 usage guidelines...............................................................8
Benchmarking).................................................................268 extension-service statement...........................................279
destination-port statement
RPM..................................................................................269 F
destination-udp-port (RFC 2544 family (RFC2544 Benchmarking)...................................281
Benchmarking).................................................................270 family statement
destinations statement flow monitoring
flow collection..............................................................270 usage guidelines....................................................59
usage guidelines.............................................................28 file statement........................................................................284
DFC traffic sampling............................................................283
architecture......................................................................35 traffic sampling output
capture group...................................................................37 usage guidelines............................................63, 65
control source configuration......................................39 file-specification statement
destination configuration............................................38 usage guidelines.....................................................29, 30
example configuration.................................................43 filename statement............................................................285
interface configuration................................................40
532 Copyright © 2014, Juniper Networks, Inc.
Index
filename-prefix statement...............................................286 packet size distribution, displaying..............459
usage guidelines.............................................................30 PICs, displaying available.................................461
files example configuration
logging information output file.................................65 multiple port mirroring..............................129, 138
traffic sampling output files......................................63 next-hop groups.........................................129, 138
var/log/sampled file.....................................................65 inline
var/tmp/sampled.pkts file.........................................63 flow statistics, clearing..........................398, 399
files statement......................................................................286 passive
usage guidelines.............................................................63 flow statistics, displaying................................430
filter statement memory and flow statistics,
flow monitoring............................................................287 displaying..........................................................432
usage guidelines....................................................59 status, displaying................................................434
firewall filters usage statistics, displaying.............................436
actions...............................................................................59 redundancy........................................................................13
in traffic sampling..........................................................59 flow monitoring interfaces
flow aggregation.....................................................................86 status information, displaying................................423
multiple flow servers....................................................116 flow server
source ID, IPFIX flows.................................................106 replicating flows to multiple servers......................116
template and option template ID..........................109 flow-active-timeout statement.....................................288
templates.......................................................................442 usage guidelines...............................................................9
traffic sampling flow-collector statement..................................................289
observation domain ID, version 9 ................106 usage guidelines......................................................27, 32
flow collector flow-export-destination statement.............................290
analyzer configuration..................................................29 usage guidelines...............................................................8
destination configuration............................................28 flow-export-rate statement
file format configuration..............................................29 flow monitoring...........................................................290
interface mapping.........................................................30 flow-inactive-timeout statement...................................291
transfer log.......................................................................30 usage guidelines...............................................................9
flow collector interfaces flow-server statement
status information, displaying.................................417 flow monitoring............................................................292
flow collector services flow-tap
interface files, displaying...........................................473 interface............................................................................49
packets received, displaying....................................475 permissions statement...............................................50
primary server, switching to....................................405 RADIUS configuration..................................................50
secondary server, switching to..............................406 restrictions.........................................................................51
statistics security..............................................................................50
displaying...............................................................477 flow-tap application
interface, clearing................................................401 example configuration.................................................53
test file, transferring...................................................407 flow-tap statement.............................................................294
Flow monitoring flow-tap-dtcp statement....................................................50
overview..........................................................................3, 17 font conventions.....................................................................xix
flow monitoring forwarding-options statement
active usage guidelines..........................................................238
aggregated flows, displaying.........................438 ftp statement
CPU usage, displaying......................................464 usage guidelines.....................................................28, 30
detailed information, displaying...................452 FTP traffic, sampling.............................................................68
error statistics, displaying................................443
flow statistics, displaying.................................447
memory statistics, displaying.........................457
Copyright © 2014, Juniper Networks, Inc. 533
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
G J
g-duplicates-dropped-periodicity statement...........297 Junos Packet Vision
usage guidelines.............................................................43 application........................................................................47
g-max-duplicates statement..........................................298 architecture......................................................................48
usage guidelines.............................................................43
L
H label-position statement...................................................313
hard-limit statement..........................................................298 lawful intercept architecture..............................................48
usage guidelines.............................................................38 local-dump statement........................................................313
hard-limit-target statement............................................299 usage guidelines............................................................118
usage guidelines.............................................................38 log output
hardware-timestamp statement..................................299 traffic sampling..............................................................65
history-size statement.......................................................300 logical-system statement
usage guidelines...........................................................158 RPM...................................................................................314
host-outbound statement...............................................300 usage guidelines...........................................................158
I M
in-service (RFC2544 Benchmarking)...........................301 manuals
inactivity-timeout statement comments on..................................................................xxi
RPM..................................................................................302 match statement..................................................................314
inline flow monitoring max-connection-duration statement...........................315
flow statistics, clearing...................................398, 399 max-duplicates statement................................................315
inline-jflow statement usage guidelines.............................................................43
flow monitoring............................................................302 max-packets-per-second statement...........................316
usage guidelines......................................................78, 82 usage guidelines..............................................................61
input-interface-index statement...................................304 maximum-age statement.................................................316
input-packet-rate-threshold statement.....................304 usage guidelines.............................................................30
usage guidelines.............................................................42 maximum-connections statement.................................317
instance statement maximum-connections-per-client statement...........317
sampling.........................................................................305 maximum-packet-length statement............................318
usage guidelines............................................................69 maximum-sessions statement.......................................319
interface statement maximum-sessions-per-connection
flow monitoring statement............................................................................319
usage guidelines...................................................124 media delivery index
flow-tap..........................................................................307 delay factor....................................................................225
usage guidelines....................................................49 media loss rate.............................................................225
interface-map statement.................................................307 media rate variation....................................................225
usage guidelines.............................................................30 mediation devices
interfaces statement Junos Packet Vision......................................................48
DFC...................................................................................308 minimum-priority statement...........................................320
usage guidelines ..................................................40 usage guidelines.............................................................39
flow monitoring mode (RFC 2544 Benchmarking).................................320
usage guidelines....................................................59 monitoring statement..........................................................321
video-monitoring........................................................309 usage guidelines................................................................7
IP addresses moving-average-size statement....................................322
sampling traffic from single IP addresses............67 MPLS
ip-swap (RFC 2544 Benchmarking).............................310 packets
ipv4-template statement....................................................311 passive flow monitoring.....................................20
ipv6-template statement...................................................312 mpls-ipv4-template statement......................................322
534 Copyright © 2014, Juniper Networks, Inc.
Index
mpls-template statement................................................323 port mirroring................................................................335
multiservice-options statement.....................................323 sampling.........................................................................336
output-interface-index statement.................................337
N
name-format statement...................................................324 P
usage guidelines.............................................................29 packet size distribution, displaying...............................459
next-hop group for port mirroring...................................137 parentheses, in syntax descriptions.................................xx
next-hop groups.....................................................................121 passive flow monitoring....................................................3, 17
next-hop statement............................................................325 error statistics, displaying........................................428
next-hop groups flow statistics, displaying.........................................430
usage guidelines...................................................124 memory statistics, displaying.................................432
usage guidelines.............................................................121 MPLS packets.................................................................20
next-hop-group statement PICs, displaying available.........................................434
forwarding-options.....................................................326 statistics, clearing........................................................397
usage guidelines....................................................121, 124 usage statistics, displaying......................................436
no-core-dump statement.................................................263 passive-monitor-mode statement................................337
usage guidelines...............................................................6 usage guidelines..............................................................18
no-filter-check statement................................................326 password statement
usage guidelines.............................................................121 usage guidelines.....................................................28, 30
no-local-dump statement.................................................313 peer-as-billing-template statement............................339
usage guidelines............................................................118 pic-memory-threshold statement................................339
no-remote-trace statement usage guidelines.............................................................42
flow monitoring.............................................................327 PICs
no-stamp statement..........................................................368 active flow monitoring
usage guidelines.............................................................63 available PICs, displaying.................................461
no-syslog statement CPU usage, displaying......................................464
DFC....................................................................................327 pop-all-labels statement.................................................340
flow monitoring............................................................369 usage guidelines..............................................................21
usage guidelines..............................................................41 port mirroring...........................................................................121
no-world-readable statement disabling..........................................................................272
flow monitoring............................................................394 displaying..........................................................................411
usage guidelines.............................................................63 port statement
notification-targets statement.......................................328 cflowd
usage guidelines.............................................................39 usage guidelines....................................................86
flow monitoring.............................................................341
O RPM...................................................................................341
observation-domain-id statement...............................329 TWAMP...........................................................................342
offloading flows port-mirroring statement
configuring.........................................................................15 usage guidelines.............................................................121
one-way-hardware-timestamp statement...............330 pre-rewrite-tos statement................................................342
usage guidelines...........................................................154 usage guidelines.............................................................62
option-refresh-rate statement.........................................331 probe statement
options-template-id statement.....................................332 RPM..................................................................................343
output files probe-count statement.....................................................344
logging information output file.................................65 probe-interval statement.................................................344
traffic sampling output files......................................63 probe-limit statement........................................................345
output statement probe-server statement....................................................346
discard accounting......................................................333 probe-type statement........................................................347
flow monitoring............................................................334
Copyright © 2014, Juniper Networks, Inc. 535
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
R RPM services
rate statement......................................................................348 benchmark test, performing....................................527
usage guidelines......................................................61, 121 benchmarking test
receive-options-packets statement.............................348 configuring..............................................................175
usage guidelines..............................................................18 example, configuring for Layer 2 Reflection,
receive-ttl-exceeded statement....................................349 ELAN, Bridge....................................................200
usage guidelines..............................................................18 example, configuring for Layer 3 IPv4
redundancy services................................................................178
flow monitoring................................................................13 example, configuring for NNI of Ethernet
reflect-mode (RFC2544 Benchmarking)...................350 pseudowires......................................................193
request services flow-collector change-destination example, configuring for UNI of Ethernet
primary interface command.......................................405 pseudowires......................................................185
request services flow-collector change-destination layer 2 overview......................................................171
secondary interface command.................................406 overview..................................................................169
request services flow-collector test-file-transfer reflector commands...........................................174
command...........................................................................407 benchmarking test results
required-depth statement.................................................351 displaying by test state....................................493
usage guidelines..............................................................21 test ID, displaying...............................................498
retry statement......................................................................352 test type, displaying...........................................493
usage guidelines..............................................................31 displaying information of an RFC 2544
retry-delay statement.........................................................352 benchmarking test for a particular test
usage guidelines..............................................................31 type..............................................................................493
RFC 2544 benchmarking test, RPM service displaying information of an RFC 2544
configuring.......................................................................175 benchmarking test for a specific test
example, configuring for Layer 3 IPv4 ID...................................................................................498
services.........................................................................178 probe results
example, configuring for NNI of Ethernet history, displaying...............................................484
pseudowires...............................................................193 recent, displaying................................................487
example, configuring for UNI of Ethernet protocols and ports, displaying.............................483
pseudowires..............................................................185 rpm statement......................................................................355
layer 2 overview..............................................................171 RPM statements
statistical details of a specific test ID, traceoptions..................................................................380
displaying..................................................................498 RPM TWAMP server
statistical details of a test type, connections, clearing.................................................402
displaying...................................................................493 connections, displaying..............................................515
test name, configuring................................................175 sessions, displaying......................................................517
test profile, configuring...............................................175 run-length statement.........................................................356
RFC2544 benchmarking test, RPM service usage guidelines......................................................61, 121
overview...........................................................................169
route-record statement S
usage guidelines............................................................86 sample (firewall filter action)............................................59
routing-instance statement sample-once statement
RPM..................................................................................354 flow monitoring............................................................356
routing-instances statement usage guidelines.............................................................62
RPM..................................................................................354 sampled file..............................................................................65
usage guidelines...........................................................160 sampled.pkts file.....................................................................63
RPM............................................................................................145 sampling
example configuration...............................................163 logical interface...............................................................61
monitoring interface........................................................6
536 Copyright © 2014, Juniper Networks, Inc.
Index
next-hop-groups, displaying..................................408 show services accounting status command..............461
port-mirroring instances, displaying......................411 show services accounting usage command.............464
sampling rate............................................................................61 show services dynamic-flow-capture
sampling statement............................................................359 content-destination command.................................466
usage guidelines.............................................................59 show services dynamic-flow-capture control-source
send cflowd records to flow collector..............................31 command...........................................................................468
server statement..................................................................360 show services dynamic-flow-capture statistics
server-inactivity-timeout statement...........................360 command...........................................................................470
service-port statement.......................................................361 show services flow-collector file interface
usage guidelines.............................................................39 command............................................................................473
service-type (RFC2544 Benchmarking)......................361 show services flow-collector input interface
services statement command............................................................................475
DFC show services flow-collector interface
usage guidelines.....................................................37 command............................................................................477
dynamic-flow-control show services rpm active-servers command...........483
usage guidelines..................................................243 show services rpm history-results command..........484
flow control show services rpm probe-results command.............487
usage guidelines.................................................244 show services rpm rfc2544-benchmarking
flow-tap command...........................................................................493
usage guidelines..................................................245 show services rpm rfc2544-benchmarking test-id
rpm command...........................................................................498
usage guidelines.................................................246 show services rpm twamp server connection
RPM..................................................................................362 command............................................................................515
shared-key statement........................................................362 show services rpm twamp server session
usage guidelines.............................................................39 command.............................................................................517
show forwarding-options next-hop-group show services video-monitoring mdi errors
command...........................................................................408 command............................................................................519
show forwarding-options port-mirroring show services video-monitoring mdi flows
command.............................................................................411 command.............................................................................521
show interfaces (Dynamic Flow Capture) show services video-monitoring mdi stats
command............................................................................413 command...........................................................................525
show interfaces (Flow Collector) command..............417 size statement.......................................................................363
show interfaces (Flow Monitoring) command.........423 usage guidelines.............................................................65
show passive-monitoring error command.................428 soft-limit statement...........................................................364
show passive-monitoring flow command.................430 usage guidelines.............................................................38
show passive-monitoring memory command..........432 soft-limit-clear statement...............................................364
show passive-monitoring status command..............434 usage guidelines.............................................................38
show passive-monitoring usage command..............436 SONET interfaces
show services accounting aggregation sampling SONET interfaces......................................66
command...........................................................................438 source-address statement
show services accounting aggregation template flow monitoring............................................................365
command...........................................................................442 usage guidelines.......................................................7
show services accounting errors command..............443 RPM..................................................................................365
show services accounting flow command.................447 source-addresses statement
show services accounting flow-detail DFC...................................................................................366
command...........................................................................452 usage guidelines.............................................................39
show services accounting memory command.........457 source-id statement...........................................................366
show services accounting packet-size-distribution source-ipv4-address (RFC 2544
command...........................................................................459 Benchmarking).................................................................367
Copyright © 2014, Juniper Networks, Inc. 537
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
source-mac-address (RFC2544 thresholds statement
Benchmarking).................................................................367 RPM...................................................................................378
source-udp-port (RFC 2544 Benchmarking)...........368 timestamp option..................................................................65
stamp option............................................................................65 traceoptions statement
stamp statement.................................................................368 flow monitoring............................................................379
usage guidelines.............................................................63 RPM..................................................................................380
statement tracing operations
flow monitoring RPM....................................................................................161
usage guidelines....................................................65 traffic sampling
services configuring........................................................................59
usage guidelines....................................................32 disabling...................................................................62, 272
statistics example configurations..............................................66
active flow error...........................................................443 flow aggregation............................................................86
active flow instances..................................................447 default values, option template ID...............109
active flow memory utilization...............................457 default values, template ID.............................109
aggregated active flow..............................................438 observation domain ID, version 9 ................106
clearing inline flow instances.......................398, 399 option template ID, version 9 and
dynamic flow capture IPFIX.....................................................................109
clearing..................................................................400 source ID, IPFIX....................................................106
displaying...............................................................470 template ID, version 9 and IPFIX...................109
support, technical See technical support FTP traffic.........................................................................68
syntax conventions................................................................xix logging information output file.................................65
syslog statement output files.......................................................................63
flow monitoring............................................................369 SONET interfaces..........................................................66
traffic from single IP addresses................................67
T transfer statement................................................................381
target statement..................................................................369 usage guidelines.............................................................29
RPM..................................................................................369 transfer-log-archive statement......................................382
tcp statement usage guidelines.............................................................30
RPM..................................................................................370 traps statement....................................................................383
tcp-tickles statement.........................................................388 ttl statement
technical support DFC...................................................................................384
contacting JTAC..............................................................xxi usage guidelines....................................................38
template-id statement.......................................................387 TWAMP server
template-refresh-rate statement..................................388 connections, clearing.................................................402
templates connections, displaying..............................................515
flow aggregation..........................................................442 sessions, displaying......................................................517
templates statement twamp statement................................................................385
video-monitoring..........................................................371 twamp-server statement.................................................385
test services rpm rfc2544-benchmarking
command............................................................................527 U
test statement udp statement
RPM...................................................................................373 RPM..................................................................................389
test-interface (RFC 2544 Benchmarking) udp-tcp-port-swap (RFC 2544
RPM...................................................................................375 Benchmarking)..................................................................301
test-interval statement......................................................376 unit statement
test-name (RFC 2544 Benchmarking)........................377 flow monitoring...........................................................390
tests (RFC 2544 Benchmarking)....................................374 usage guidelines....................................................59
538 Copyright © 2014, Juniper Networks, Inc.
Index
username statement
flow collection...............................................................391
usage guidelines.............................................................30
V
var/log/sampled file..............................................................65
var/tmp/sampled.pkts file..................................................63
variant statement.................................................................391
usage guidelines.............................................................29
version statement
flow monitoring............................................................392
usage guidelines............................................................86
version-ipfix statement
usage guidelines......................................................78, 82
video monitoring
configuring......................................................................227
interface flow criteria........................................229
media delivery indexing....................................227
errors
clearing...................................................................403
displaying...............................................................519
flows
displaying................................................................521
media delivery index See media delivery index
media delivery indexing
syslog messages.................................................229
overview..........................................................................225
platform support..........................................................225
statistics
clearing..................................................................404
displaying...............................................................525
video-monitoring statement
video-monitoring.........................................................393
W
world-readable statement
flow monitoring............................................................394
usage guidelines.............................................................63
Copyright © 2014, Juniper Networks, Inc. 539
Monitoring, Sampling, and Collection Services Interfaces Feature Guide for Routing Devices
540 Copyright © 2014, Juniper Networks, Inc.
You might also like
- Converged Networks (LAN and SAN) For EXNo ratings yetConverged Networks (LAN and SAN) For EX148 pages
- Configuring Active Flow Monitoring Version 9No ratings yetConfiguring Active Flow Monitoring Version 984 pages
- Troubleshooting and Monitoring On The QFX Series: ReleaseNo ratings yetTroubleshooting and Monitoring On The QFX Series: Release90 pages
- Silo - Tips Junos Os Firewall Filters Configuration Guide Release Published Copyright 2012 Juniper Networks IncNo ratings yetSilo - Tips Junos Os Firewall Filters Configuration Guide Release Published Copyright 2012 Juniper Networks Inc384 pages
- Junos OS: Distributed Denial-of-Service Protection Feature GuideNo ratings yetJunos OS: Distributed Denial-of-Service Protection Feature Guide164 pages
- Branch High Availability in The Distributed Enterprise: Implementation GuideNo ratings yetBranch High Availability in The Distributed Enterprise: Implementation Guide23 pages
- Layer 2 Wholesale For Subscriber Services Feature Guide - 13.3No ratings yetLayer 2 Wholesale For Subscriber Services Feature Guide - 13.3228 pages
- 700 - 7000 Managed Industrial Ethernet Switches Software ManualNo ratings yet700 - 7000 Managed Industrial Ethernet Switches Software Manual153 pages
- Monitoring Network Traffic Using Sflow Technology On Ex Series Ethernet SwitchesNo ratings yetMonitoring Network Traffic Using Sflow Technology On Ex Series Ethernet Switches17 pages
- PPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3No ratings yetPPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3196 pages
- System Monitoring On EX2300, EX3400, and EX4300 Switches: ReleaseNo ratings yetSystem Monitoring On EX2300, EX3400, and EX4300 Switches: Release612 pages
- Using Filter-Based Forwarding To Control Next-Hop SelectionNo ratings yetUsing Filter-Based Forwarding To Control Next-Hop Selection9 pages
- Junos Service Provider Switching (JSPX) 1of2100% (1)Junos Service Provider Switching (JSPX) 1of2208 pages
- Cloud-Ready Data Center Reference ArchitectureNo ratings yetCloud-Ready Data Center Reference Architecture37 pages
- Juniper Networks - Introduction To The Junos Operating System (IJOS)No ratings yetJuniper Networks - Introduction To The Junos Operating System (IJOS)2 pages
- Juniper QFX5120, QFX5200, QFX5210, EX4650 Junos 20.2R1 ST v1.2No ratings yetJuniper QFX5120, QFX5200, QFX5210, EX4650 Junos 20.2R1 ST v1.246 pages
- Security Director Release 15.2r2 Release NotesNo ratings yetSecurity Director Release 15.2r2 Release Notes17 pages
- Junos, Associate (JNCIA Junos) Voucher Assessment Test PDF100% (1)Junos, Associate (JNCIA Junos) Voucher Assessment Test PDF6 pages
- Hide Solution Discussion: Correct Answer: BNo ratings yetHide Solution Discussion: Correct Answer: B22 pages
- Juniper SRX Vs Palo Alto Next Gen Firewall PDFNo ratings yetJuniper SRX Vs Palo Alto Next Gen Firewall PDF3 pages
- Junos OS Application Security User Guide For Security DevicesNo ratings yetJunos OS Application Security User Guide For Security Devices1,204 pages
- Ex4300 Line of Ethernet Switches: Product OverviewNo ratings yetEx4300 Line of Ethernet Switches: Product Overview15 pages
- Node Slicing On The MX960: Configuration GuideNo ratings yetNode Slicing On The MX960: Configuration Guide52 pages
- User Access and Authentication User GuideNo ratings yetUser Access and Authentication User Guide1,618 pages
- Software Licenses For QFX Series SwitchesNo ratings yetSoftware Licenses For QFX Series Switches6 pages
