[j-nsp] sampled -> Monitoring PIC on 5.6?

Avram Dorfman avram at juniper.net
Wed Sep 24 15:40:32 EDT 2003


Carl,

Trying to dust of the cobwebs for you...

You need the feature guide manual. Here:

	http://www.juniper.net/techpubs/software/junos/junos56/feature-guide- 
56/html/fg-flow-monitoring.html

This subject was re-written in the 5.7 manual, and is easier to follow  
there (but not all 5.7 features were in 5.6)

	http://www.juniper.net/techpubs/software/junos/junos57/feature-guide- 
57/html/fg-flow-monitoring.html

Now, active monitoring (aka inline monitoring) only works via  
port-mirroring. Since it is a pic, it can only process packets it sees.  
There is nothing magical about it that causes it to see packets that  
any other pic in that slot would not see. You have to either route to  
it, or mirror to it. If you route to it, it's a dead-end, the packet  
will be processed and discarded.

-Avram

On Tuesday, September 23, 2003, at 07:39  PM, hayter wrote:

> i was pretty sure that the Monitoring PIC was supported in 5.6, has
> anybody configured this.  we've been collecting flows from the sampled
> process for a while now.
>
> Pretend
> -------
>
> [edit interfaces lo0]
> unit 0 {
>     family inet {
>         address 127.0.0.1/32;
>         address 192.168.1.1/32 {
>             preferred;
>         }
>     }
> }
>
> [edit forwarding options sampling]
> input {
>     family inet {
>         rate 8000;
>     }
> }
> output {
>     cflowd 192.168.42.42 {
>         port 9843;
>         version 5;
>     }
> }
>
> and we have appropriate sample/accept terms on firewall filters on
> interfaces and everything is working fine.  flows flow.  the exporter
> IP in the flows is 192.168.1.1, the collector is 192.168.42.42
>
>
> we're now ready to test a Monitoring PIC, what changes need to be made?
>
> noteworthy points:
>
>   * we're still running 5.6, i can't find clear documentation for
>     the PIC configuration.  i've found the PIC examples in the 6.0
>     documentation but the 6.0 syntax doesn't seem to be supported
>     in the older 5.6 release.  the PIC datasheet i found says it
>     does support 5.6
>
>   * the port-mirroring option won't work, we have filters and perform
>     routing over the interfaces we sample.  both listed as mirroring
>     contraindicators.  we also aren't setup for passive monitoring.
>
>   * we've been advised not to upgrade to 6.0 but to wait for the next
>     release to ensure our needs are met (we're actually running a
>     special 5.6 build to fix some issues we had with 5.6).
>
>
> so, will the Monitoring PIC work with 5.6?  is there documentation that
> i missed somewhere?  any example configs?
>
>
> under 6.0 the config seems to go something like this (rough outline):
>
> Configure PIC
> Configure Sampling Output
> Configure Monitoring
>
>
> Configure PIC
> -------------
>
> what address goes here?  can it be a private non-routed address?
> say 192.168.254.1?
> destination for what?  to the netflow collector?
>
> [edit interfaces]
> mo-0/1/0 {
>     unit 1 {
>         family inet {
>             address 192.168.x.x {
>                 destination 192.168.42.42
>             }
>
> are these the filters we currently have on the interfaces for
> sampling?  or are they filters to filter the flows before they
> reach the PIC? (the last one i think)
>
> !            filter {
> !                group filter-group-number;
> !                input filter-name;
> !                output filter-name;
> !            }
>
> i think i understand this part.  but it doesn't seem to really exist  
> in 5.6
>
>             sampling {
> !                [ input output ];
>                 both;
>             }
>
> # set interfaces mo-0/1/0 unit 1 family inet ?
> Possible completions:
>   <[Enter]>            Execute this command
>> accounting           Configure interface-based accounting options
>> address              Interface address/destination prefix
> + apply-groups         Groups from which to inherit configuration data
>> filter               Packet filtering
>   mtu                  Protocol family MTU
>   no-redirects         Do not redirect traffic
>   no-targeted-broadcast  Reject targeted broadcast packets
>> policer              Interface policing
>   primary              Candidate for primary interface in system
>> rpf-check            Enable reverse-path-forwarding checks on this  
>> interface
>   |                    Pipe through a command
>
>         }
>     }
>
> probably don't need any of these yet, save until later.
>
> !    multiservice-options {
> !        boot-command filename;
> !        (core-dump | no-core-dump);
> !        (syslog | no-syslog);
> !    }
>
> }
>
>
> Configure Sampling Output
> -------------------------
>
> is this the source-address in the flows?
>
> [edit forwarding-options sampling output]
> interface mo-0/1/0.1 {
>     engine-id number;
>     engine-type number;
>     source-address 192.168.1.1;
> }
>
> no interface section in 5.6
>
> # set ?
> Possible completions:
> + apply-groups         Groups from which to inherit configuration data
>> cflowd               Configure sending traffic aggregates in cflowd  
>> format
>> file                 Configure parameters for dumping sampled packets
>> port-mirroring       Configure sending sampled traffic out through an  
>> interface
>
>
> Configure Monitoring
> --------------------
>
> yet another possible collector address and exporter address.  what are
> all of these addresses?
>
> [edit forwarding-options monitoring group1 family inet output]
> cflowd hostname port port-number;
> export-format format;
> flow-active-timeout seconds;
> flow-inactive-timeout seconds;
> interface interface-name {
>     engine-id number;
>     engine-type number;
>     input-interface-index number;
>     output-interface-index number;
>     source-address address;
> }
>
> well, at least 5.6 has the interface section but so much else is
> different.  no cflowd statement... maybe the  
> destination-(address|port)?
>
> # set ?
> Possible completions:
> + apply-groups         Groups from which to inherit configuration data
>   destination-address  Address to which monitored packets will be sent
>   destination-port     Port to which monitored packets will be sent
>   export-format        Format for sending monitoring information
>   export-interval      Interval of distributing monitoring information  
> (seconds)
>> interface            Interfaces used to send monitored information
>   source-address       Address to use for generating monitored packets
>
>
> ----
> Carl Hayter
> ISD - Data Network Operations
> University of Southern California
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list