Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Separate port mirroring instances required for each family when port mirror is applied to the same traffic flow

0

0

Article ID: KB30900 KB Last Updated: 06 Aug 2020Version: 2.0
Summary:

When port mirroring the same traffic flow twice (mirroring under family INET and under family VPLS), separate port-mirror instances are required. Inheriting instance parameters will result in "unexpected behavior" when they are applied to the same traffic flow.

This behavior is demonstrated in the article with the help of an example.

 

Symptoms:

Port mirroring the same traffic flow under family INET and under family VPLS with the same instance

chassis {
    fpc 4 {
        pic 0 {
            tunnel-services {
                bandwidth 1g;
            }
        }
        port-mirror-instance inst1;
    }
}
interfaces {
    ge-4/0/1 { <<<--- Mirrored interface for family VPLS
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 23 {
            encapsulation vlan-vpls;
            vlan-id 23;
        }
    }                                   
    ge-4/0/8 { <<<--- Mirrored interface for family inet
        unit 0 {
            family inet {
                address 1.1.1.2/30 {
                    arp 1.1.1.1 mac 60:eb:69:0b:6c:56;
                }
            }
        }
    }
    ge-4/1/1 { <<<--- Called under Routing-Instance abc
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 530 {
            encapsulation vlan-vpls;
            vlan-id 530;
            family vpls;
        }
    }
    irb {  <<<--- Called under Routing-Instance abc
        unit 530 {
            family inet {
                filter {
                    input mirror_inet;
                    output mirror_inet;
                }
                address 10.58.147.155/29;
            }
        }
    }
}
forwarding-options {
    port-mirroring {
        instance {
            inst1 {
                input {
                    rate 1;
                    run-length 1;
                }
                family inet {
                    output {
                        interface ge-4/0/8.0 {
                            next-hop 1.1.1.1;
                        }
                        no-filter-check;
                    }
                }
            }
            inst2 {
                input-parameters-instance PM; <<<--- Child instance inheriting parameters from Parent instance inst1. 
                family vpls {
                    output {
                        interface ge-4/0/1.23;
                        no-filter-check;
                    }
                }
            }
        }
    }
}
firewall {
    family inet {
        filter mirror_inet {
            term 1 {
                then {
                    count count;
                    port-mirror-instance inst1;
                    accept;
                }
            }
            term 2 {
                then accept;
            }
        }
    }
    family vpls {
        filter mirror_vpls {
            term 1 {
                then {
                    count mirror;
                    accept;
                    port-mirror-instance inst2;
                }
            }
        }
    }
}
routing-instances {
    abc {
        instance-type vpls;
        vlan-id 530;
        interface ge-4/1/1.530;
        routing-interface irb.530;
        route-distinguisher 10.200.15.33:1111;
        vrf-target target:2222:1111;
        forwarding-options {
            family vpls {
                filter {
                    input mirror_vpls;
                }
                flood {
                    input mirror_vpls;
                }
            }
        }
        protocols {
            vpls {
                no-tunnel-services;
                site OBR-MX-2 {
                    site-identifier 2;
                    interface ge-4/1/1.530;
                }
            }
        }
    }                                   
    xyz {
        instance-type vpls;
        vlan-id 23;
        interface ge-4/0/1.23;
        route-distinguisher 10.200.15.32:22;
        vrf-target target:2222:22;
    }
}   Interface: ge-4/0/1.23, Enabled, Link is Up
Flags: SNMP-Traps 0x4000
Encapsulation: VLAN-VPLS
VLAN-Tag [ 0x8100.23 ]
Local statistics:                                                Current delta
  Input bytes:                         0                                   [0]
  Output bytes:                        0                                   [0]
  Input packets:                       0                                   [0]
  Output packets:                      0                                   [0]
Remote statistics:
  Input bytes:                         0 (0 bps)                           [0]
  Output bytes:                 51466626 (0 bps)                           [0] <<<--- VPLS port mirror fails.
  Input packets:                       0 (0 pps)                           [0]
  Output packets:                 504576 (0 pps)                           [0]
Traffic statistics:
  Input bytes:                         0                                   [0]
  Output bytes:                 51466626                                   [0]
  Input packets:                       0                                   [0]
  Output packets:                 504576                                   [0]


Interface: ge-4/0/8.0, Enabled, Link is Up
Flags: SNMP-Traps 0x4004000
Encapsulation: ENET2
Local statistics:                                                Current delta
  Input bytes:                         0                                   [0]
  Output bytes:                        0                                   [0]
  Input packets:                       0                                   [0]
  Output packets:                      0                                   [0]
Remote statistics:
  Input bytes:                         0 (0 bps)                           [0]
  Output bytes:                 86044644 (344040 bps)                 [171024] <<<--- Inet has no issues.
  Input packets:                       0 (0 pps)                           [0]
  Output packets:                1024341 (511 pps)                      [2036]
Traffic statistics:
  Input bytes:                         0                                   [0]
  Output bytes:                 86044644                              [171024]
  Input packets:                       0                                   [0]
  Output packets:                1024341                                [2036]

 

Solution:

Port mirroring configured under family INET and under family VPLS with individual instances for each

chassis {
    fpc 4 {
        pic 0 {
            tunnel-services {
                bandwidth 1g;
            }
        }
        port-mirror-instance inst1;
        port-mirror-instance inst2; <<<---Another instance required for VPLS
    }
}
forwarding-options {
    port-mirroring {
        instance {
            inst1 {
                input {
                    rate 1;
                    run-length 1;
                }
                family inet {
                    output {
                        interface ge-4/0/8.0 {
                            next-hop 1.1.1.1;
                        }
                        no-filter-check;
                    }
                }
            }
            inst2 { <<<---Separate instance for family VPLS
                input {
                    rate 1;
                    run-length 1;
                }
                family vpls {
                    output {
                        interface ge-4/0/1.23;
                        no-filter-check;
                    }
                }
            }
        }
    }
}
  Interface: ge-4/0/8.0, Enabled, Link is Up
Flags: SNMP-Traps 0x4004000
Encapsulation: ENET2
Local statistics:                                                Current delta
  Input bytes:                         0                                   [0]
  Output bytes:                        0                                   [0]
  Input packets:                       0                                   [0]
  Output packets:                      0                                   [0]
Remote statistics:
  Input bytes:                         0 (0 bps)                           [0]
  Output bytes:                767844168 (344040 bps)                      [0] <<<--- Family inet port mirror works. 
  Input packets:                       0 (0 pps)                           [0]
  Output packets:                9141002 (511 pps)                         [0]
Traffic statistics:
  Input bytes:                         0                                   [0]
  Output bytes:                767844168                                   [0]
  Input packets:                       0                                   [0]
  Output packets:                9141002                                   [0]
Protocol: inet, MTU: 1500, Flags: None



Interface: ge-4/0/1.23, Enabled, Link is Up
Flags: SNMP-Traps 0x4000
Encapsulation: VLAN-VPLS
VLAN-Tag [ 0x8100.23 ]
Local statistics:                                                Current delta
  Input bytes:                         0                                   [0]
  Output bytes:                        0                                   [0]
  Input packets:                       0                                   [0]
  Output packets:                      0                                   [0]
Remote statistics:
  Input bytes:                         0 (0 bps)                           [0]
  Output bytes:                465980334 (208880 bps)                  [51918] <<<--- Family vpls port mirror works.
  Input packets:                       0 (0 pps)                           [0]
  Output packets:                4569126 (255 pps)                       [509]
Traffic statistics:
  Input bytes:                         0                                   [0]
  Output bytes:                465980334                               [51918]
  Input packets:                       0                                   [0]
  Output packets:                4569126                                 [509] 

 

Modification History:

2020-08-06: Article reviewed for accuracy; no changes made; article valid and relevant

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search