Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Multiple Analyzers can be configured on EX4500 from Junos 11.1

0

0

Article ID: KB21200 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:
Prior to Junos OS 11.1 Software Release only one port mirroring could be configured on the EX4500 platform. From Junos OS 11.1 software release, the flexibility of configuring seven analyzers on the EX4500. 

Symptoms:
The purpose of this KB is to provide information concerning port mirroring for the EX4500 for Junos OS 11.1, and higher, Software Releases.
  • How many Analyzers can be configured in EX4500?
  • Understanding configuring multiple Analyzers in EX4500.
  • How to configure multiple Analyzers in EX4500
  • Comparing EX4500 Non-Mixed Mode Virtual chassis with Mix Mode Virtual Chassis
  • FAQs about Analyzer in EX4500

Solution:

Understanding Port mapping on EX4500 devices in terms of PFE (Packet Forwarding Engine)

PFE 1 Mapped to the Interfaces 0 to 19
PFE 2 Mapped to the Interfaces 20 to 39


Configuring Multiple Analyzers in EX4500

  • Up to seven Analyzers can be configured, if Input Interface & Output interface are on same PFE (0 to 19 or 20 to 39).

Examples: Configuration will be same as configuring analyzer in EX4200

Analyzer 1 – Test-1 (PFE-1)
set ethernet-switching-options analyzer Test-1 input ingress interface ge-0/0/0.0
set ethernet-switching-options analyzer Test-1 input egress interface ge-0/0/0.0
set ethernet-switching-options analyzer Test-1 output interface ge-0/0/10.0
Analyzer 2 – Test-2 (PFE-1)
set ethernet-switching-options analyzer Test-1 input ingress interface ge-0/0/1.0
set ethernet-switching-options analyzer Test-1 input egress interface ge-0/0/1.0
set ethernet-switching-options analyzer Test-1 output interface ge-0/0/11.0
Analyzer 3 – Test-3 (PFE-2)
set ethernet-switching-options analyzer Test-1 input ingress interface ge-0/0/21.0
set ethernet-switching-options analyzer Test-1 input egress interface ge-0/0/21.0
set ethernet-switching-options analyzer Test-1 output interface ge-0/0/22.0
ethernet-switching-options {
    analyzer Test-1 {
        input {
            ingress {
                interface ge-0/0/0.0;
            }
            egress {
                interface ge-0/0/0.0;
            }
        }
        output {
            interface {
                ge-0/0/10.0;
            }
        }
    }
    analyzer Test-2 {
        input {
            ingress {
                interface ge-0/0/1.0;
            }
            egress {
                interface ge-0/0/1.0;
            }
        }
        output {
            interface {
                ge-0/0/11.0;
            }
        }
    }
    analyzer Test-3 {
        input {
            ingress {
                interface ge-0/0/21.0;
            }
            egress {
                interface ge-0/0/21.0;
            }
        }
        output {
            interface {
                ge-0/0/22.0;
            }
        }
    }

Only one Analyzer configurable across PFEs

  • Only one Analyzer will be configurable IF Input Interface & Output interface belongs to different PFE (0 to 19 or 20 to 39).

What happens when we try to configure Analyzer across PFEs
  • Will able to configure First analyzer considering Global analyzer
  • Second analyzer will report an error as follows:
Analyzer 4 – Test-4 (PFE-0 & PFE-1)
set ethernet-switching-options analyzer Test-1 input ingress interface ge-0/0/5.0
set ethernet-switching-options analyzer Test-1 input egress interface ge-0/0/5.0
set ethernet-switching-options analyzer Test-1 output interface ge-0/0/25.0

root@juniper# commit 
[edit ethernet-switching-options]
  'analyzer'
Cannot have more than one analyzer when one analyzer is configured as global analyzer
error: configuration check-out failed

FAQs

Q.  How many Analyzers can be configured on a standby EX4500 running Junos 11?
A.  One analyzer across PFE & 7 analyzers inside PFE as explained above

Q. How many Analyzers can be configured on EX4500 Virtual Chassis (NON-MIXED MODE VC – 4500s only) running Junos 11?

A. Same as EX4500: one analyzer across PFE & 7 analyzers inside PFE

Q. How many Analyzers can be configured on 4500 Virtual Chassis (MIXED MODE VC – Combination of EX4500s & Ex4200 only) running Junos 11?
A. Only one Analyzer allowed

Q. Does the new limit of 7 analyzers in Junos 11.1 apply to all kinds of analyzer sessions?
A. No, this limit is only for port based analyzer sessions on the same PFE. Please note that port based analyzer sessions on different PFEs, Firewall Filter Based Analyzer sessions and Remote Analyzer sessions are still limited to 1. The table below provides a summary of these limitations.



Q. What will happen if 8th Analyzer is configured?
A. An error will be reported saying maximum 7 Analyzer allowed
root# commit 
[edit ethernet-switching-options]
'analyzer'
The number of Analyzer session cannot exceed 7
error: configuration check-out failed

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search