Juniper EX9200 Features Manual page 19

Copyright © 2017, Juniper Networks, Inc.
Because the Monitoring Services, AS, and Multiservices PICs allow only one action to be
performed at any one time, the following configuration options are available:
Sampling and forwarding
Sampling and discard accounting
Port mirroring and forwarding
Port mirroring and discard accounting
Sampling and port mirroring on different sets of traffic
Figure 1 on page 5 shows a sample topology.
Figure 1: Active Monitoring Configuration Topology
In Figure 1 on page 5, traffic from Router 1 arrives on the monitoring router's Gigabit
Ethernet ge-2/3/0 interface. The exit interface on the monitoring router leading to
destination Router 2 is ge-3/0/0, but this can be any interface type (such as SONET,
Gigabit Ethernet, and so on). The export interface leading to the cflowd server is fe-1/0/0.
To enable active monitoring, configure a firewall filter on the interface ge-2/3/0 with the
following match conditions:
Traffic matching certain firewall conditions is sent to the Monitoring Services PIC using
filter-based forwarding. This traffic is quarantined and not forwarded to other routers.
All other traffic is port-mirrored to the Monitoring Services PIC. Port mirroring copies
each packet and sends the copies to the port-mirroring next hop (in this case, a
Monitoring Services PIC). The original packets are forwarded out of the router as usual.
Chapter 1: Understanding Flow Monitoring
5