[j-nsp] Using an LSP to transport analysis traffic

Richard A Steenbergen ras at e-gerbil.net
Mon Jul 2 00:21:32 EDT 2007 

So, I'm trying to figure out how to set up some MPLS LSPs to transport 
some "interesting" packets from remote routers back to a central site 
which does traffic analysis, but I'm running into a few problems. I'm 
specifically interested in using LSPs for this because I don't have tunnel 
PICs available in every router. I also don't care to take the time to make 
my analysis box speak MPLS, so the goal is to backhaul the packets to an 
LSP which terminates on a Juniper connected to the analysis box, then do 
ccc to switch each LSP to a vlan-ccc and look at the VLAN tag to determine 
which router the packets came from.

It actually seems to be working, except for the fact that I am already 
running LSPs to the central collection site router in question, and the 
analysis LSPs are a second path to the same destination. The sampling 
router ends up sending legitimate traffic down the analysis LSP, and 
setting a lower preference or using a different "to" address with a higher 
metric cost on the LSP doesn't seem to help it. I see an option 
"no-install-to-address" which looks vaguely like it was created for what 
I'm trying to do, but with this configured I can't inject traffic to the 
LSP using a static "route x.x.x.x/x lsp-next-hop ANALYSISLSP" (which is 
how I'm collecting the "interesting" packets, with a dedicated 
routing-instance which I can punt traffic in to from a firewall, and yes 
I'm importing all my interface/igp routes into it).

It seems like the way this would be handled if it was a normal l2circuit 
would be a second stacked label to identify the transport traffic, but I 
don't see a way to configure this manually. Is there a better way to 
accomplish what I'm trying to do? The ccc remote-interface-switch for this 
is pretty obnoxious anyways, since I have to create a dummy LSP for the 
transmit data when all I want to do is receive data to this particular 
interface. There really must be a better way. :)

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

More information about the juniper-nsp mailing list