1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE...
  6. Configuration manual

Packet Flow Monitoring Overview - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Software for e series broadband services routers policy management configuration guide
Hide thumbs Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
Table of Contents

Advertisement

JunosE 11.3.x Policy Management Configuration Guide
Related
Documentation

Packet Flow Monitoring Overview

206
show vlan subinterface
The policy log rule provides a way to monitor a packet flow by capturing a sample of the
packets that satisfy the classification of the rule in the system log. See JunosE System
Event Logging Reference Guidefor information about logging.
To capture the interface, protocol, source address, destination address, source port, and
destination port, set the policyMgrPacketLog event category to log at severity info and
at low verbosity. To capture the version, ToS, len ID, flags, time to live (TTL), protocol,
and checksum in addition to the information captured at low verbosity, set the verbosity
to medium or high.
When the policy is configured, all packets are examined and the matching packets are
placed in the log. No more than 512 packets are logged every 3 seconds. The router
maintains a count of the total number of matching packets. This count is incremental
even if the packet cannot be stored in the log (for example, because the count exceeds
the 512-packet threshold).
This example shows how you might use classification to specify the ingress packets that
are logged in to an interface.
host1(config)#ip policy-list testPolicy
host1(config-policy-list)#classifier-group logA
host1(config-policy-list-classifier-group)#log
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#exit
host1(config)#interface atm 0/0.0
host1(config-subif)#ip policy input testPolicy statistics enabled
host1(config-subif)#exit
host1(config)#log destination console severity info
host1(config)#log severity info policyMgrPacketLog
host1(config)#log verbosity low policyMgrPacketLog
host1(config)#log here
This example provides a more detailed procedure that an ISP might use to log information
during a ping attack on the network. The procedure includes the creation of the classifier
and policy lists to specify the desired packet flow to monitor, the logging of the output
of the classification operation, and the output of the show command.
In this example, a customer has reported to their ISP that an attack is occurring on their
internal servers. The attack is a simple ping flood.
The ISP creates a classifier list to define an ICMP echo request packet flow.
1.
host1:vr2(config)#ip classifier-list icmpEchoReq icmp any any 8 0
host1:vr2(config)#ip policy-list pingAttack
host1:vr2(config-policy-list)#classifier-group icmpEchoReq
host1:vr2(config-policy-list-classifier-group)#log
host1:vr2(config-policy-list-classifier-group)#exit
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

This manual is also suitable for:

Junose 11.3

Table of Contents