[j-nsp] port-mirror with source inside routing-instance type vrf

Michael Hare michael.hare at wisc.edu
Tue Oct 18 11:43:40 EDT 2022 

Circling around on this, the solution was simple.  My ingress interface was on fpc1, my egress interface was on fpc0.  I attached the port-mirror-instance to fpc0.  The fix was to attach to fpc1.  The ingress and egress interfaces are both in the "instance-type vrf" RI.

Thanks to all who chimed in,
-Michael

> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of
> Michael Hare via juniper-nsp
> Sent: Tuesday, October 11, 2022 11:04 AM
> To: Chuck Anderson <cra at fea.st>; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf
> 
> Chuck,
> 
> Thanks for the suggestion.  I have tried it at least four ways; both with and
> without the static-arp entry and with egress interface in global and egress
> interface in VRF.  When I tried without static-arp, I forced mirror up with a
> ping from our mirroring device.  My fw counters imply > 100pps hitting the
> relevant firewall "then" clause.
> 
> @re0# run show forwarding-options port-mirroring
> Oct 11 11:00:33
> Instance Name: uwwhitewater
>   Instance Id: 3
>   Input parameters:
>     Rate                  : 1
>     Run-length            : 0
>     Maximum-packet-length : 0
>   Output parameters:
>     Family              State     Destination          Next-hop
>     inet                up        xe-0/0/4:2.3124      10.235.43.1
> 
> -Michael
> 
> > -----Original Message-----
> > From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of
> > Chuck Anderson via juniper-nsp
> > Sent: Tuesday, October 11, 2022 10:59 AM
> > To: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf
> >
> > Did you try creating a static ARP entry for the port mirroring destination?
> >
> > interfaces {
> >     xe-0/0/4:2 {
> >         vlan-tagging;
> > 	mtu 9192;
> >     	encapsulation flexible-ethernet-services;
> >         unit 3124 {
> > 	    description "mirror test";
> > 	    vlan-id 3124;
> >             family inet {
> >                 no-redirects;
> >                 no-neighbor-learn;
> >                 address 10.235.43.0/31 {
> >                     arp 10.235.43.1 mac 02:02:02:02:02:02;
> >                 }
> >             }
> >         }
> >     }
> > }
> >
> > On Tue, Oct 11, 2022 at 02:37:47PM +0000, Michael Hare via juniper-nsp
> > wrote:
> > > show interfaces xe-0/0/4:2 | no-more
> > > enable;
> > > vlan-tagging;
> > > mtu 9192;
> > > encapsulation flexible-ethernet-services;
> > > ...
> > > ...
> > > unit 3124 {
> > >     description "mirror test";
> > >     vlan-id 3124;
> > >     family inet {
> > >         address 10.235.43.0/31;
> > >     }
> > > }
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list