This article provides information about configuring port mirroring to mirror Multiprotocol Label Switching (MPLS) traffic without using an instance on MX Series routers.
Topology
CE1(xe-2/0/0)--ccc--(xe-4/0/0)PE1(xe-1/0/0)--Core--(xe-11/2/0)PE2(ge-1/2/0)--ccc--(ge-1/0/0)CE2
ae10 ae10 ae9 ae9 ae10 ae10
With reference to the above topology, on PE1, the egress traffic on interface ae9, which is MPLS encapsulated, is mirrored and forwarded to the analyzer. The analyzer is, in turn, connected to PE1 via the xe-7/2/0 interface.
To configure the port mirror forwarding options, perform the following steps:
- Configure the port mirror forwarding options (in this example, the global style without an instance is used):
[edit forwarding-options port-mirroring]
labroot@PE1#
input {
rate 1;
}
family any {
output {
interface xe-7/2/0.0;
}
}
-
Configure the port mirror output port as follows:
[edit interfaces]
xe-7/2/0 {
encapsulation ethernet-bridge;
unit 0 {
family bridge;
}
}
-
Associate the port mirror output interface to a dedicated bridge domain:
[edit bridge-domains]
labroot@PE1#
MPLS-MIRROR {
interface xe-7/2/0.0;
}
-
Configure filters for mirroring the MPLS packets:
[edit firewall]
labroot@PE1#
family any {
filter pm-mpls {
term mirror {
then {
count mpls-counter;
port-mirror;
accept;
}
}
}
}
-
Apply the filter on the core facing the MPLS interface:
[edit interfaces]
labroot@PE1#
ae9 {
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
filter {
output pm-mpls;
}
family inet {
address 12.1.1.1/30;
}
family iso;
family mpls;
}
}
-
The output of the port mirror port is as follows:
labroot@PE1> show interfaces xe-7/2/0 statistics
Physical interface: xe-7/2/0, Enabled, Physical link is Up
Interface index: 176, SNMP ifIndex: 871
Link-level type: Ethernet-Bridge, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: None,
Source filtering: Disabled, Flow control: Enabled
Pad to minimum frame size: Disabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x20004000
Link flags : None
CoS queues : 8 supported, 4 maximum usable queues
Schedulers : 0
Current address: 00:19:e2:b1:64:d5, Hardware address: 00:19:e2:b1:64:d5
Last flapped : 2018-12-05 17:54:14 PST (01:59:56 ago)
Statistics last cleared: 2018-12-05 18:56:10 PST (00:58:00 ago)
Input rate : 0 bps (0 pps)
Output rate : 6868840 bps (803 pps) < -- mirrored traffic sent to analyzer
Input errors: 0, Output errors: 0
Active alarms : None
Active defects : None
PCS statistics Seconds
Bit errors 0
Errored blocks 0
Interface transmit statistics: Disabled
Logical interface xe-7/2/0.0 (Index 330) (SNMP ifIndex 848)
Flags: Up SNMP-Traps 0x24004000 Encapsulation: Ethernet-Bridge
Input packets : 0
Output packets: 602954
Protocol bridge, MTU: 1514
Flags: Is-Primary
labroot@PE1> show firewall
Filter: __default_bpdu_filter__
Filter: pm-mpls
Counters:
Name Bytes Packets
mpls-counter 73740450 70229 < -- Filter matching packets and mirrored
labroot@PE1> show firewall
Filter: __default_bpdu_filter__
Filter: pm-mpls
Counters:
Name Bytes Packets
mpls-counter 75521250 71925 < -- Filter matching packets and mirrored