[j-nsp] Port Mirroring on M7i

Mario DEL RE mario.delre at gmail.com
Mon Mar 9 05:56:15 EDT 2009 

Hello Alain,

Yes, as you said, echo replies are not mirrored. When I generate a traffic
crossing the M7i, the IN and OUT packets are mirrored. This resolves my
problem.

Thank you very much!!

Regards,
Mario


On Mon, Mar 9, 2009 at 11:13 AM, <alain.briant at bt.com> wrote:

> Hi mario
>
> Should you try to generate some traffic crossing the M7i ?
>
> I should think that the answers to your ping request issued by the M7i are
> not mirrored ?
>
> Give a try
>
> Regards
> alain
>
> -----Message d'origine-----
> De : juniper-nsp-bounces at puck.nether.net [mailto:
> juniper-nsp-bounces at puck.nether.net] De la part de Mario DEL RE
> Envoyé : vendredi 6 mars 2009 22:25
> À : juniper-nsp at puck.nether.net
> Objet : [j-nsp] Port Mirroring on M7i
>
> Hello all,
>
> I would like to do Port Mirroring on an interface. I can mirror the IN
> traffic of my interface, but I can not mirror the OUT traffic.
>
>  The global topology is as follows:
> *J4300 *------------------ (mirrored port,1/3/0.100)
> *M7i*(1/3/1.0)----------------> Mirrored Traffic's destination.
>
> Here is the mirrored port:
>
> lab at m7# show interfaces fe-1/3/0
>
> vlan-tagging;
>
> unit 100 {
>
>    vlan-id 100;
>
>    family inet {
>
>        filter {
>
>            input mirror_in;
>
>            output mirror_out;
>
>        }
>
>        address 1.1.1.2/30;
>
>    }
>
> }
>
>
> And the filters are as follows:
>
> lab at m7# show firewall family inet filter mirror_in
>
> term 1 {
>
>    then {
>
>        port-mirror;
>
>        accept;
>
>    }
>
> }
>
> The mirror_out filter is exactly the same as mirror_in. My Forwarding
> options are as follows:
>
> lab at m7# show forwarding-options
>
> port-mirroring {
>
>    family inet {
>
>        input {
>
>            rate 1;
>
>            run-length 1;
>
>        }
>
>        output {
>
>            interface fe-1/3/1.0 {
>
>                next-hop 10.10.10.2;
>
>            }
>
>        }
>
>    }
>
> }
>
> When I generate a traffic between the J4300 and the M7i (a ping from J4300
> to M7i for example), the M7i only mirrors the INPUT packets to the interface
> fe-1/3/1.0. I am sure that it's the input traffic (and not the output
> traffic) by deactivating the filters one by one. The output traffic is not
> mirrored at any time.
>
> Should I add/change some config to also mirror the output traffic, or is it
> a default Junos behaviour? (Junos: 8.3R2.11)
>
>
> Thanks in advance,
>
> Mario DEL RE
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list