[j-nsp] port-mirror with source inside routing-instance type vrf
Michael Hare
michael.hare at wisc.edu
Tue Oct 11 10:37:47 EDT 2022
Hello,
Cluebats appreciated, I can contact JTAC on this but am trying to avoid the timesink of opening a case.
Topic is filter based port mirroring for family inet with the wrinkle being that I'm trying to mirror traffic from inside "instance-type vrf". I've done this countless times before successfully [including today as a sanity check] with source being in global table.
So far I've tried putting the output interface both inside the same VRF and in global; no traffic seems to mirror. What is the correct stance? Yes, I've tried to prime the macaddr pump with ICMP from the mx10003 doing the mirroring.
I am aware of mirroring "family any" but am unsure if that applies here, as the source interface I am trying to mirror is edge of VRF and doesn't have family mpls on the logical interface of interest.
I'm confident the traffic I want to mirror is hitting my filter term based on incrementing counters.
Lightly sanitized config below.
# I confirmed this is attached to the interface of question and counters are incrementing.
term mirror-2 {
then {
count :mirror:all;
port-mirror-instance uw;
next term;
}
}
show forwarding-options
port-mirroring {
instance {
uw {
input {
rate 1;
}
family inet {
output {
interface xe-0/0/4:2.3124 {
next-hop 10.235.43.1;
}
}
}
}
}
}
show chassis
fpc 0 {
...
port-mirror-instance uw;
sampling-instance ins1;
}
show interfaces xe-0/0/4:2 | no-more
enable;
vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
...
...
unit 3124 {
description "mirror test";
vlan-id 3124;
family inet {
address 10.235.43.0/31;
}
}
and then I've put xe-0/0/4:2.3124 inside and outside the relevant routing-instance as tests.
-Michael
More information about the juniper-nsp
mailing list