[j-nsp] Port Mirroring on M7i

alain.briant at bt.com alain.briant at bt.com
Mon Mar 9 05:13:47 EDT 2009 

Hi mario

Should you try to generate some traffic crossing the M7i ?

I should think that the answers to your ping request issued by the M7i are not mirrored ?

Give a try

Regards
alain 

-----Message d'origine-----
De : juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] De la part de Mario DEL RE
Envoyé : vendredi 6 mars 2009 22:25
À : juniper-nsp at puck.nether.net
Objet : [j-nsp] Port Mirroring on M7i

Hello all,

I would like to do Port Mirroring on an interface. I can mirror the IN traffic of my interface, but I can not mirror the OUT traffic.

 The global topology is as follows:
*J4300 *------------------ (mirrored port,1/3/0.100) *M7i*(1/3/1.0)----------------> Mirrored Traffic's destination.

Here is the mirrored port:

lab at m7# show interfaces fe-1/3/0

vlan-tagging;

unit 100 {

    vlan-id 100;

    family inet {

        filter {

            input mirror_in;

            output mirror_out;

        }

        address 1.1.1.2/30;

    }

}


And the filters are as follows:

lab at m7# show firewall family inet filter mirror_in

term 1 {

    then {

        port-mirror;

        accept;

    }

}

The mirror_out filter is exactly the same as mirror_in. My Forwarding options are as follows:

lab at m7# show forwarding-options

port-mirroring {

    family inet {

        input {

            rate 1;

            run-length 1;

        }

        output {

            interface fe-1/3/1.0 {

                next-hop 10.10.10.2;

            }

        }

    }

}

When I generate a traffic between the J4300 and the M7i (a ping from J4300 to M7i for example), the M7i only mirrors the INPUT packets to the interface fe-1/3/1.0. I am sure that it's the input traffic (and not the output
traffic) by deactivating the filters one by one. The output traffic is not mirrored at any time.

Should I add/change some config to also mirror the output traffic, or is it a default Junos behaviour? (Junos: 8.3R2.11)


Thanks in advance,

Mario DEL RE
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list