Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Port mirroring does not work in outbound direction when traffic is generated by the Routing Engine

0

0

Article ID: KB33762 KB Last Updated: 11 Apr 2019Version: 1.0
Summary:

This article explains why port mirroring does not work in outbound direction when the traffic is generated by the RE (Routing Engine).

Solution:
The port mirroring function is done by the lookup chip on the packet forwarding engine (PFE).  When you have a firewall filter configured for port mirroring and the filter is applied in outbound direction: 
  • For transit traffic, the packet is handled by lookup chip which is responsible for performing mirroring of packets to the destination port. Therefore, port-mirroring of packets for transit traffic works well. 

  • For host-originated traffic, where the traffic is initiated from the RE, the packets will bypass the lookup chip since the RE has the complete forwarding information to send the packet out. Hence, mirroring does not work for host-originated traffic. 

If the firewall filter configured for port mirroring is applied in inbound direction, then the mirroring will work for both transit and host destined traffic since both types of traffic are handled by the lookup chip before sending it out of another interface or punted to the RE.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search