[j-nsp] port mirror to multiple ports on MX80 in inet6
Chuck Anderson
cra at WPI.EDU
Fri Oct 19 17:07:42 EDT 2012
What I do is plug the monitor (output) port into a switch with a
separate monitoring VLAN and then set the destination MAC address to
an unknown one like 02:02:02:02:02:02--the switch will forward all the
unknown traffic to all ports in the monitoring VLAN. Works great with
an EX4200 (on which I'm also using other ports for "normal" traffic):
MX> show configuration forwarding-options port-mirroring
input {
rate 1;
run-length 0;
}
family inet {
output {
interface ge-0/1/2.0 {
next-hop 192.0.2.2;
}
}
}
family inet6 {
output {
interface ge-0/1/2.0 {
next-hop 2001:0db8::2;
}
}
}
MX> show configuration interfaces ge-0/1/2
unit 0 {
family inet {
no-redirects;
no-neighbor-learn;
address 192.0.2.1/30 {
arp 192.0.2.2 mac 02:02:02:02:02:02;
}
}
family inet6 {
no-neighbor-learn;
address 2001:0db8::1/126 {
ndp 2001:0db8::2 mac 02:02:02:02:02:02;
}
}
}
EX> show configuration vlans MIRROR
vlan-id 2;
EX> show configuration interfaces ge-0/0/0
description "mirror from mx ge-0/1/2";
unit 0 {
family ethernet-switching {
vlan {
members 2;
}
}
}
EX> show configuration interfaces ge-0/0/1
description "mirror to destination1";
unit 0 {
family ethernet-switching {
vlan {
members 2;
}
}
}
EX> show configuration interfaces ge-0/0/2
description "mirror to destination2";
unit 0 {
family ethernet-switching {
vlan {
members 2;
}
}
}
On Fri, Oct 19, 2012 at 12:45:40AM +0200, Paul Vlaar wrote:
> Hi, I've currently successfully gotten port mirroring setup to more than
> one port, using the following config:
>
> port-mirroring {
> family inet {
> output {
> next-hop-group default-collect;
> }
> }
>
> next-hop-group default-collect {
> group-type inet;
> interface ge-1/3/2.0 {
> next-hop 192.168.10.2;
> }
> interface ge-1/3/5.0 {
> next-hop 192.168.20.2;
> }
> }
>
> router> show configuration interfaces ge-1/3/2
> unit 0 {
> family inet {
> address 192.168.10.1/30 {
> arp 192.168.10.2 mac 00:1b:21:86:a2:92;
> }
> }
> family inet6 {
> address fdb5:1281:f3cf:c7c4::1/64 {
> ndp fdb5:1281:f3cf:c7c4::2 mac 00:1b:21:86:a2:92;
> }
> }
> }
>
> router> show configuration interfaces ge-1/3/5
> unit 0 {
> family inet {
> address 192.168.20.1/30 {
> arp 192.168.20.2 mac 00:1b:21:86:a3:9a;
> }
> }
> family inet6 {
> address fd3d:122a:8541:ecb5::1/64 {
> ndp fd3d:122a:8541:ecb5::2 mac 00:1b:21:86:a2:93;
> }
> }
> }
>
> This works very nicely, I see traffic at both measurement hosts. I would
> like to do the same for IPv6, but there's no next-hop-group setting
> available:
>
> [edit forwarding-options port-mirroring family inet6 output]
> router# set ?
> Possible completions:
> + apply-groups Groups from which to inherit configuration data
> + apply-groups-except Don't inherit configuration data from these groups
> > interface Interfaces through which to send sampled traffic
> no-filter-check Do not check for filters on port-mirroring interface
> [edit forwarding-options port-mirroring family inet6 output]
>
> This limitation is actually mentioned in the documentation, here:
>
> http://www.juniper.net/techpubs/en_US/junos12.2/topics/usage-guidelines/services-configuring-port-mirroring.html
>
> "Port mirroring supports up to 16 next hops, but there is no next-hop
> group support for inet6."
>
> However I was wondering perhaps someone knows if there's a trick to this
> using filter based forwarding? I can't really figure out how from the
> examples given.
>
> This is an MX80 on JunOS 11.2R3.3
>
> Thanks!
>
> ~paul
More information about the juniper-nsp
mailing list