Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] Port mirroring may not take effect if analyzer_name is not given

0

0

Article ID: KB34705 KB Last Updated: 25 Sep 2019Version: 1.0
Summary:

This article demonstrates a scenario where Contrail port mirroring may not take effect if analyzer_name is not given in the configuration, and indicates that analyzer_name is a required parameter for successful port mirroring.

Symptoms:

In a customer setup, the port mirror is configured by the customer's automation tool. However, the port mirror does not take effect.

  • mirror --dump does not give any output.

  • vif --get VIFID does not print any mirror parameters.

 

Captures to demonstrate the above (non-working setup) are as follows:

# mirror --dump
Mirror Table
Flags:D=Dynamic Mirroring 

Index    NextHop    Flags    VNI
------------------------------------------------


# vif --get 4
Vrouter Interface Table

Flags: P=Policy, X=Cross Connect, S=Service Chain, Mr=Receive Mirror
       Mt=Transmit Mirror, Tc=Transmit Checksum Offload, L3=Layer 3, L2=Layer 2
       D=DHCP, Vp=Vhost Physical, Pr=Promiscuous, Vnt=Native Vlan Tagged
       Mnp=No MAC Proxy, Dpdk=DPDK PMD Interface, Rfl=Receive Filtering Offload, Mon=Interface is Monitored
       Uuf=Unknown Unicast Flood, Vof=VLAN insert/strip offload, Df=Drop New Flows, Proxy=MAC Requests Proxied Always
       Mn=Mirror without Vlan Tag

vif0/4      PMD: tapedc362bc-01
            Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:166.209.84.20
            IP6addr:2606:ae00:2e10:102::4
            Vrf:6 Flags:PL3L2 QOS:-1 Ref:23
            RX port   packets:3204664 errors:0
            RX queue  packets:3029409 errors:0
            RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
            RX packets:3204664  bytes:337826097 errors:0
            TX packets:12341210  bytes:1429873385 errors:0
            TX port   packets:12340267 errors:985
            Drops:1587
 

When compared with a working setup in the lab (as shown below), the following differences are observed:

root@bcomp79:~# mirror --dump
Mirror Table

Flags:D=Dynamic Mirroring

Index    NextHop    Flags    VNI
------------------------------------------------
    0         88       D          0
    1         94       D          0
    2         86       D          0
    3        181       D          0
    4        204       D          0
    5        205       D          0


# vif --get 23
vif0/23     OS: tap69b1cd8b-a1
            Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.0.3
            Vrf:15 Flags:PMrMtL3L2D QOS:-1 Ref:5 Mirror index 3
            RX packets:309506  bytes:15911910 errors:0
            TX packets:250768  bytes:13558978 errors:0
            Ingress Mirror Metadata: 3 24 64 65 66 61 75 6c 74 2d 64
            #<---
                                     6f 6d 61 69 6e 3a 62 66 61 72 6f
                                     6f 71 3a 41 6e 61 6c 79 7a 65 72
                                     2d 56 4e 2d 41 ff 0
            Egress Mirror Metadata: 4 24 64 65 66 61 75 6c 74 2d 64 6f
            #<---
                                    6d 61 69 6e 3a 62 66 61 72 6f 6f
                                    71 3a 41 6e 61 6c 79 7a 65 72 2d
                                    56 4e 2d 41 ff 0
            Drops:376489
 

When the GUI configuration, configuration database, control node, and compute node were checked, all data structures seemed to be correct.

This issue was originally reported in Contrail 3.2.10.

# contrail-version
Package                                Version                        Build-ID | Repo | Package Name
-------------------------------------- ------------------------------ ----------------------------------
contrail-lib                           3.2.10.0-75                          75                  
contrail-nodemgr                       3.2.10.0-75                          75                  
contrail-nova-vif                      3.2.10.0-75                          75                  
contrail-openstack-vrouter             3.2.10.0-75                          75                  
contrail-setup                         3.2.10.0-75                          75                  
contrail-utils                         3.2.10.0-75                          75                  
contrail-vrouter-agent                 3.2.10.0-75                          75                  
contrail-vrouter-common                3.2.10.0-75                          75                  
contrail-vrouter-dpdk                  3.2.10.0-75                          75                  
contrail-vrouter-dpdk-init             3.2.10.0-75                          75                  
contrail-vrouter-init                  75                                                       
contrail-vrouter-utils                 3.2.10.0-75                          75                  
nova-common                            1:2015.1.0-1~u14.04.1-main34471+r3.0.3.8775                  
nova-compute                           1:2015.1.0-1~u14.04.1-main34471+r3.0.3.8775                  
nova-compute-kvm                       1:2015.1.0-1~u14.04.1-main34471+r3.0.3.8775                  
python-contrail                        3.2.10.0-75                          75                  
python-contrail-vrouter-api            3.2.10.0-75                          75                  
python-neutronclient                   1:2.4.0-1~u14.04.1-main769+r3.0.3.7  75                  
python-nova                            1:2015.1.0-1~u14.04.1-main34471+r3.0.3.8775                  
python-opencontrail-vrouter-netns      3.2.10.0-75                          75                  
Cause:

It was observed that analyzer_name was not given in the configuration when port mirroring was configured. Although the Contrail API documentation says that it is an "optional" parameter, it is actually required (see http://www.opencontrail.org/documentation/api/r3.2/contrail_openapi.html#interfacemirrortype).

Solution:

To ensure that Contrail port mirroring takes effect, always give analyzer_name while configuring the port mirror.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search