Packet Flow Monitoring - Juniper E320 Configuration Manual

Junose internet software for e-series routing platforms

Hide thumbs Also See for E320:

Hardware manual (144 pages)

Manual (83 pages)

Datasheet (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

page of 212

/ 212
Contents
Table of Contents
Bookmarks

Table of Contents

JUNOSe 7.2.x Policy Management Configuration Guide

Packet Flow Monitoring

Example 1: Logging

Ingress Packets on an

Interface

Example 2: Logging a

Ping Attack

144

Packet Flow Monitoring

The policy log rule provides a way to monitor a packet flow by capturing a sample

of the packets that satisfy the classification of the rule in the system log. See the

JUNOSe System Event Logging Reference Guide for information about logging.

To capture the interface, protocol, source address, destination address, source port,

and destination port, set the policyMgrPacketLog event category to log at severity

info and at low verbosity. To capture the version, ToS, len ID, flags, time to live

(TTL), protocol, and checksum in addition to the information captured at low

verbosity, set the verbosity to medium or high.

When the policy is configured, all packets are examined and the matching packets

are placed in the log. No more than 512 packets are logged every 3 seconds. The

router maintains a count of the total number of matching packets. This count is

incremental even if the packet cannot be stored in the log (for example, because the

count exceeds the 512-packet threshold).

This example shows how you might use classification to specify the ingress packets

that are logged on an interface.

host1(config)#ip policy-list testPolicy

host1(config-policy-list)#classifier-group logA

host1(config-policy-list-classifier-group)#log

host1(config-policy-list-classifier-group)#exit

host1(config-policy-list)#exit

host1(config)#interface atm 0/0.0

host1(config-subif)#ip policy input testPolicy statistics enabled

host1(config-subif)#exit

host1(config)#log destination console severity info

host1(config)#log severity info policyMgrPacketLog

host1(config)#log verbosity low policyMgrPacketLog

host1(config)#log here

This example provides a more detailed procedure that an ISP might use to log

information during a ping attack on the network. The procedure includes the

creation of the classifier and policy lists to specify the desired packet flow to

monitor, the logging of the output of the classification operation, and the output of

the show command.

In this example, a customer has reported to their ISP that an attack is occurring on

their internal servers. The attack is a simple ping flood.

1. The ISP creates a classifier list to define an ICMP echo request packet flow.

host1:vr2(config)#ip classifier-list icmpEchoReq icmp any any 8 0

host1:vr2(config)#ip policy-list pingAttack

host1:vr2(config-policy-list)#classifier-group icmpEchoReq

host1:vr2(config-policy-list-classifier-group)#log

host1:vr2(config-policy-list-classifier-group)#exit

host1:vr2(config-policy-list)#exit

host1:vr2(config)#interface gigabitEthernet 2/0

host1:vr2(config-if)#ip address 10.10.10.2 255.255.255.0

host1:vr2(config-if)#exit

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Erx-710 Erx-310 Erx-1440 Erx-1410 Erx-705

Packet Flow Monitoring - Juniper E320 Configuration Manual

Packet Flow Monitoring

Hide quick links:

Related Manuals for Juniper E320

Related Content for Juniper E320

This manual is also suitable for:

Table of Contents