[j-nsp] port mirror to multiple ports on MX80 in inet6

Paul Vlaar paul at vlaar.net
Fri Oct 26 04:50:47 EDT 2012 

Chuck,

On 20/10/12 6:00 PM, juniper-nsp-request at puck.nether.net wrote:
> What I do is plug the monitor (output) port into a switch with a
> separate monitoring VLAN and then set the destination MAC address to
> an unknown one like 02:02:02:02:02:02--the switch will forward all the
> unknown traffic to all ports in the monitoring VLAN.  Works great with
> an EX4200 (on which I'm also using other ports for "normal" traffic):

I followed your example, but doing this on the MX80 itself:

First we setup a virtual switch:

mx80> show configuration routing-instances
analyzers-vs {
    instance-type virtual-switch;
    bridge-domains {
        analyzers-bd {
            interface ge-1/2/8.0;
            interface ge-1/2/9.0;
            interface ge-1/2/10.0;
        }
    }
}

ge-1/2/8 is cross-connected to ge-1/3/5, and ports ge-1/2/9 and
ge-1/2/10 are connected to the analyzer hosts.

The port-mirror config:

mx80> show configuration forwarding-options port-mirroring
input {
    rate 1;
    run-length 1;
}
family inet {
    output {
        interface ge-1/3/5.0 {
            next-hop 192.168.12.2;
        }
    }
}
family inet6 {
    output {
        interface ge-1/3/5.0 {
            next-hop fdcf:1adc:6b61:919e::2;
        }
        no-filter-check;
    }
}

This port is connected to the virtual switch:

mx80> show configuration interfaces ge-1/3/5
description "self:ge-1/2/8 (to virtual switch)";
unit 0 {
    family inet {
        no-redirects;
        no-neighbor-learn;
        address 192.168.12.1/30 {
            arp 192.168.12.2 mac 02:02:02:02:02:02;
        }
    }
    family inet6 {
        no-neighbor-learn;
        address fdcf:1adc:6b61:919e::1/126 {
            ndp fdcf:1adc:6b61:919e::2 mac 02:02:02:02:02:02;
        }
    }
}

mx80> show forwarding-options port-mirroring
Instance Name: &global_instance
  Instance Id: 1
  Input parameters:
    Rate                  : 1
    Run-length            : 1
    Maximum-packet-length : 0
  Output parameters:
    Family      State     Destination          Next-hop
    inet        up        ge-1/3/5.0           192.168.12.2
    inet6       up        ge-1/3/5.0           fdcf:1adc:6b61:919e::2


After a week of stumbling about with config, this hardware based
solution seems to be the most elegant, and at the cost of only one patch
cable ;-)

Thanks!

   ~paul

More information about the juniper-nsp mailing list