Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Configuring port mirroring to mirror MPLS traffic without using an instance

0

0

Article ID: KB33518 KB Last Updated: 09 May 2019Version: 1.0
Summary:

This article provides information about configuring port mirroring to mirror Multiprotocol Label Switching (MPLS) traffic without using an instance on MX Series routers.

 

Solution:

Topology

 
CE1(xe-2/0/0)--ccc--(xe-4/0/0)PE1(xe-1/0/0)--Core--(xe-11/2/0)PE2(ge-1/2/0)--ccc--(ge-1/0/0)CE2
          ae10                   ae10              ae9                         ae9               ae10                   ae10    
 

With reference to the above topology, on PE1, the egress traffic on interface ae9, which is MPLS encapsulated, is mirrored and forwarded to the analyzer. The analyzer is, in turn, connected to PE1 via the xe-7/2/0 interface.

To configure the port mirror forwarding options, perform the following steps:

  1. Configure the port mirror forwarding options (in this example, the global style without an instance is used):
[edit forwarding-options port-mirroring]
labroot@PE1# 
input {
    rate 1;
}
family any {
    output {
        interface xe-7/2/0.0;
    }
}
  1. Configure the port mirror output port as follows:

[edit interfaces]
xe-7/2/0 {
    encapsulation ethernet-bridge;
    unit 0 {
        family bridge;
    }
}
  1. Associate the port mirror output interface to a dedicated bridge domain:

[edit bridge-domains]
labroot@PE1#
MPLS-MIRROR {
    interface xe-7/2/0.0;
}
  1. Configure filters for mirroring the MPLS packets:

[edit firewall]
labroot@PE1#
family any {
    filter pm-mpls {
        term mirror {
            then {
                count mpls-counter;
                port-mirror;
                accept;
            }
        }
    }
}
  1. Apply the filter on the core facing the MPLS interface:

[edit interfaces]
labroot@PE1# 
ae9 {
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 0 {                            
        filter {
            output pm-mpls;
        }
        family inet {
            address 12.1.1.1/30;
        }
        family iso;
        family mpls;
    }
}
  1. The output of the port mirror port is as follows:

labroot@PE1> show interfaces xe-7/2/0 statistics    
Physical interface: xe-7/2/0, Enabled, Physical link is Up
  Interface index: 176, SNMP ifIndex: 871
  Link-level type: Ethernet-Bridge, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: None,
  Source filtering: Disabled, Flow control: Enabled
  Pad to minimum frame size: Disabled
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x20004000
  Link flags     : None
  CoS queues     : 8 supported, 4 maximum usable queues
  Schedulers     : 0
  Current address: 00:19:e2:b1:64:d5, Hardware address: 00:19:e2:b1:64:d5
  Last flapped   : 2018-12-05 17:54:14 PST (01:59:56 ago)
  Statistics last cleared: 2018-12-05 18:56:10 PST (00:58:00 ago)
  Input rate     : 0 bps (0 pps)
  Output rate    : 6868840 bps (803 pps)  < -- mirrored traffic sent to analyzer
  Input errors: 0, Output errors: 0
  Active alarms  : None
  Active defects : None
  PCS statistics                      Seconds
    Bit errors                             0
    Errored blocks                         0
  Interface transmit statistics: Disabled

  Logical interface xe-7/2/0.0 (Index 330) (SNMP ifIndex 848)
    Flags: Up SNMP-Traps 0x24004000 Encapsulation: Ethernet-Bridge
    Input packets : 0
    Output packets: 602954
    Protocol bridge, MTU: 1514
      Flags: Is-Primary

labroot@PE1> show firewall 

Filter: __default_bpdu_filter__                                

Filter: pm-mpls                                                
Counters:
Name                                                Bytes              Packets
mpls-counter                                     73740450                70229 < -- Filter matching packets and mirrored


labroot@PE1> show firewall    

Filter: __default_bpdu_filter__                                

Filter: pm-mpls                                                
Counters:
Name                                                Bytes              Packets
mpls-counter                                     75521250                71925 < -- Filter matching packets and mirrored

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search