Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] Configuring Contrail Network Mirroring in Packet Capture Workspace

0

0

Article ID: KB34216 KB Last Updated: 13 May 2019Version: 1.0
Summary:

Contrail can be configured to mirror traffic between two virtual networks (VNs) to a specified analyzer VM instance.

This article demonstrates how to configure and verify network mirroring by using the Monitor > Debug > Packet Capture workspace on the Contrail WebUI.

Note: To configure network mirroring using a service instance, refer to KB34217 - [Contrail] Configure Network Mirroring using Service Instance.

 

Solution:

The Monitor > Debug > Packet Capture workspace on the Contrail WebUI can be used to create an analyzer and automatically spawn an analyzer VM instance by using the m1.medium flavor. But before configuring the traffic analyzer for mirroring, make sure that the analyzer image is available in the VM image list in Openstack. The image name must be "analyzer" when using this method. Also make sure that the m1.medium flavor does exist.

In this article, traffic between VN-A (10.1.0.0/24) and VN-B (10.2.0.0/24) will be mirrored. The steps to allow traffic between VN-A and VN-B is, however, out of the scope of this article. Refer to KB33730 - [Contrail] How to achieve inter-VN communication between Virtual-networks without using a network policy for more information.

VN-M (10.250.0.0/24) is created to host the analyzer VM instance, which is generated via the Monitor > Debug > Packet Capture workspace.

 

The configurations to enable network mirroring are as follows:

Configuration steps from the Contrail GUI

  1. Select Monitor > Debug > Packet Capture on the Contrail WebUI.
  2. Click the "+" button to create a new analyzer. Enter the following parameters and click Save:

    • Name of the Analyzer

    • Virtual Network to host the analyzer VM instance

    • Associate Networks

    • An Analyzer Rule to permit mirroring of any bidirectional traffic between VN-A and VN-B

  1. Wait for the analyzer status to be Active.

  2. After the analyzer status is Active, select the View Analyzer option from Settings.

 

Network Mirror Verification

Note that the analyzer VM instance has been spawned automatically by using the m1.medium flavor.