[j-nsp] port-mirror with source inside routing-instance type vrf
Michael Hare
michael.hare at wisc.edu
Tue Oct 11 12:03:32 EDT 2022
Chuck,
Thanks for the suggestion. I have tried it at least four ways; both with and without the static-arp entry and with egress interface in global and egress interface in VRF. When I tried without static-arp, I forced mirror up with a ping from our mirroring device. My fw counters imply > 100pps hitting the relevant firewall "then" clause.
@re0# run show forwarding-options port-mirroring
Oct 11 11:00:33
Instance Name: uwwhitewater
Instance Id: 3
Input parameters:
Rate : 1
Run-length : 0
Maximum-packet-length : 0
Output parameters:
Family State Destination Next-hop
inet up xe-0/0/4:2.3124 10.235.43.1
-Michael
> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of
> Chuck Anderson via juniper-nsp
> Sent: Tuesday, October 11, 2022 10:59 AM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf
>
> Did you try creating a static ARP entry for the port mirroring destination?
>
> interfaces {
> xe-0/0/4:2 {
> vlan-tagging;
> mtu 9192;
> encapsulation flexible-ethernet-services;
> unit 3124 {
> description "mirror test";
> vlan-id 3124;
> family inet {
> no-redirects;
> no-neighbor-learn;
> address 10.235.43.0/31 {
> arp 10.235.43.1 mac 02:02:02:02:02:02;
> }
> }
> }
> }
> }
>
> On Tue, Oct 11, 2022 at 02:37:47PM +0000, Michael Hare via juniper-nsp
> wrote:
> > show interfaces xe-0/0/4:2 | no-more
> > enable;
> > vlan-tagging;
> > mtu 9192;
> > encapsulation flexible-ethernet-services;
> > ...
> > ...
> > unit 3124 {
> > description "mirror test";
> > vlan-id 3124;
> > family inet {
> > address 10.235.43.0/31;
> > }
> > }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list