[j-nsp] Monitor traffic

Guy Davies Guy.Davies at telindus.co.uk
Fri Jun 6 12:28:22 EDT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Friday, June 6, 2003, 8:52:33 AM, you wrote:
> > Hello all,
> 
> > I am new in Juniper router. I have a question.
> 
> > How do I monitor trafic which is on transit in interface cards ?
> 
> > I was told by someone that command "monitor traffic 
> interface" is only monitoring traffic on the particular 
> interface towards Routing Engine, not the transit traffic. Is 
> it true ?
> 
>   this is correct. Since this command is running on the RE 
> and we don't
>   pass  all  the  transit traffic to the RE you can only monitor those
>   who  are  destined  to  the  RE or sourced  This  command is the
>   equivalent of tcpdump

Note, in addition to this constraint, certain headers (L1, L2 and L3) are
stripped from ingress packets before they are passed to the RE, therefore,
it is not possible to match on L3 headers (e.g. IP source address) for
inbound packets :-(  monitor traffic interface <blah> running on a Juniper
has lots of constraints compared to tcpdump -i <blah> on a unix box.

>   > Is there a command or procedure to monitor transit 
> traffic on particular interface ?
> 
>   Firewall

This overcomes the problem of matching IP headers inbound, too.  One thing
to beware of, though.  If the stream of data you're logging is too large,
you will not be able to log everything because of the limitations of the
link from PFE to RE (100Mbps FE with a rate limit - 8000 packets per second
IIRC - for logged info).

Regards,

Guy

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPuBsg43dwu/Ss2PCEQIL+gCdFCqdAE9mDXRszZC6h+p06vdC64UAn3dR
j4egE/w5Bfd8J/QPfR2I51s6
=1Ol7
-----END PGP SIGNATURE-----


More information about the juniper-nsp mailing list