Specifications

ManualsBrandsSentry ManualsMusical equipmentSPD 5.5.5

131

132

133

134

135

136

137

138

139

140

Page 138 /148

5.6 Statistical Analysis

The Internet Processor II supports sampling that is randomized around a

configurable sampling rate. Sampling of "packet trains" is supported, meaning

that users can configure the number of consecutive packets to sample at any one

time. Additionally, filters can be set to select which packets are candidates for

sampling. For example, a filter can be applied to sample a percentage of HTTP

traffic flowing through a particular interface.

5.6.1 Storage of Sampling Data

Sampled packet headers are sent to the system board (e.g. the SCB for the M40)

where they are collected and then sent in batches to the RE for storage on the

HDD. The user can specify the name of the file in which to store the sampling

data. The file is located in the /var/tmp directory. The size of the file is

configurable and the file will automatically rotate when it is full. The default name

for the file is "sample.pkts," and the default size is 100 KB. The format of the

data is :

§ Destination address

§ Source address

§ Destination port

§ Source port

§ Protocol Type

§ TOS

§ Packet length

§ Interface number

§ IP fragmentation offset and control fields

§ TCP flags

5.6.2 Transfer of Sampling File/Interfacing with Analysis Tools

The raw sampled data that is stored in the RE’ s hard disk drive and can be

transferred using FTP for off-line analysis and the generation of AS-to-AS and

prefix-to-prefix matrices.

5.6.3 Cflowd aggregation support in sampling

The sampling demon called SampleD has been modified to allow export to

native cflowd format as one of the outputs options. This provides the ability to

aggregate sampled traffic flows and sends flows in cflowd format to a remote

host (i.e. a cflowd collector).

The following types of byte and packet counts will be aggregated in sampled

and sent to cfdcollect.

§ 1. per ifl

§ 2. source-address to destination-address

§ 3. source-port to destination-port

§ 4. per protocol

§ 5. per type-of-service

§ 6. per AS (autonomous-system) number

Supported output formats are :

§ Cflowd Version 5

§ Cflowd Version 8

5.6.4 On-line Sampling Analysis Tools

JUNOS also supports on-line analysis, using show commands, of histograms of

packet sizes and protocols.

5.6.5 Sampling Application: Characterizing Traffic Flows

Sampling is used by providers to better understand traffic flows and packet size

distributions. This information is used for capacity planning and network design