[j-nsp] port mirror to multiple ports on MX80 in inet6
Alex Arseniev
alex.arseniev at gmail.com
Fri Oct 19 01:33:02 EDT 2012
You could do cascaded PM. In a nutshell:
1/ port-mirror original packet, send the original packet on its way
2/ send the COPY into a loop (cable loop or looped tunnel)
3/ take the looped COPY and mirror it once again, creating 2nd copy.
4/ send 1st copy and 2nd copy on their respective ways.
HTH
Rgds
Alex
----- Original Message -----
From: "Paul Vlaar" <paul at vlaar.net>
To: <juniper-nsp at puck.nether.net>
Sent: Thursday, October 18, 2012 11:45 PM
Subject: [j-nsp] port mirror to multiple ports on MX80 in inet6
> Hi, I've currently successfully gotten port mirroring setup to more than
> one port, using the following config:
>
> port-mirroring {
> family inet {
> output {
> next-hop-group default-collect;
> }
> }
>
> next-hop-group default-collect {
> group-type inet;
> interface ge-1/3/2.0 {
> next-hop 192.168.10.2;
> }
> interface ge-1/3/5.0 {
> next-hop 192.168.20.2;
> }
> }
>
> router> show configuration interfaces ge-1/3/2
> unit 0 {
> family inet {
> address 192.168.10.1/30 {
> arp 192.168.10.2 mac 00:1b:21:86:a2:92;
> }
> }
> family inet6 {
> address fdb5:1281:f3cf:c7c4::1/64 {
> ndp fdb5:1281:f3cf:c7c4::2 mac 00:1b:21:86:a2:92;
> }
> }
> }
>
> router> show configuration interfaces ge-1/3/5
> unit 0 {
> family inet {
> address 192.168.20.1/30 {
> arp 192.168.20.2 mac 00:1b:21:86:a3:9a;
> }
> }
> family inet6 {
> address fd3d:122a:8541:ecb5::1/64 {
> ndp fd3d:122a:8541:ecb5::2 mac 00:1b:21:86:a2:93;
> }
> }
> }
>
> This works very nicely, I see traffic at both measurement hosts. I would
> like to do the same for IPv6, but there's no next-hop-group setting
> available:
>
> [edit forwarding-options port-mirroring family inet6 output]
> router# set ?
> Possible completions:
> + apply-groups Groups from which to inherit configuration data
> + apply-groups-except Don't inherit configuration data from these groups
>> interface Interfaces through which to send sampled traffic
> no-filter-check Do not check for filters on port-mirroring interface
> [edit forwarding-options port-mirroring family inet6 output]
>
> This limitation is actually mentioned in the documentation, here:
>
> http://www.juniper.net/techpubs/en_US/junos12.2/topics/usage-guidelines/services-configuring-port-mirroring.html
>
> "Port mirroring supports up to 16 next hops, but there is no next-hop
> group support for inet6."
>
> However I was wondering perhaps someone knows if there's a trick to this
> using filter based forwarding? I can't really figure out how from the
> examples given.
>
> This is an MX80 on JunOS 11.2R3.3
>
> Thanks!
>
> ~paul
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list