[j-nsp] MX loopback filter and monitor traffic
Clarke Morledge
chmorl at wm.edu
Thu Jun 16 10:53:16 EDT 2011
I have a question about how the "monitor traffic" capability works on the
loopback interface, particularly with respect to a filter.
If write a filter, such as under a "firewall family inet filter
re-protect" stanza, and apply it to the loopback address, unit 0:
set interfaces lo0 unit 0 family inet filter input re-protect
I can see traffic hitting the filter, if I have any counters configured in
the filter. I can see that the traffic coming into the filter is getting
to the RE via any IRBs or other layer 3 interfaces that are terminated on
the MX. I can do a "monitor traffic" on any of these layer 3 interfaces
on the input side and see the relevant traffic (to and/or from the RE).
However, if I do a "monitor traffic" on the loopback interface itself, I
see nothing:
MX> monitor traffic interface lo0.0 no-resolve
no-domain-names
verbose output suppressed, use <detail> or <extensive> for full protocol
decode
Address resolution is OFF.
Listening on lo0.0, capture size 96 bytes
^C
0 packets received by filter
0 packets dropped by kernel
If all of the traffic that comes into the router to the RE via these
exposed Layer3 interfaces eventually makes it way to the RE via the
loopback address, at unit 0, why is that the "monitor traffic" command
does not show me anything? Why is the loopback interface so "special"?
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
More information about the juniper-nsp
mailing list