Option: Send Traffic to Multiple Export Interfaces with Next-Hop Groups

To send port-mirrored traffic to multiple cflowd servers or packet analyzers, you can use the next-hop-group statement. The router can make up to sixteen copies of traffic per group and send the traffic to the next-hop group members you configure. A maximum of 30 groups can be configured on an M-series router at any given time. The port-mirrored traffic can be sent to any interface, except aggregated SONET/SDH, aggregated Ethernet, loopback (lo0), or administrative (fxp0) interfaces. To configure multiple port mirroring with next-hop groups, include the next-hop-group statement at the [edit forwarding-options] hierarchy level.

You must port-mirror the initial traffic to a tunnel interface so that it can be filtered and duplicated. Also, you need configure only the interface names for point-to-point interfaces, but you must configure the interface names and a next hop for multipoint interfaces (such as Ethernet).

[edit]

forwarding-options {

    port-mirroring {

        input {

            family inet {

                rate 1;

            }

        }

        output {

            interface vt-3/3/0.1;

            no-filter-check;

        }

    }

    next-hop-group ftp-traffic {

        interface so-4/3/0.0;

        interface so-0/3/0.0;

    }

    next-hop-group http-traffic {

        interface ge-1/1/0.0 {

            next-hop 11.12.0.2;

        }

        interface ge-1/2/0.0 {

            next-hop 11.13.0.2;

        }

    }

    next-hop-group default-collect {

        interface so-7/0/0.0;

        interface so-7/0/1.0;

    }

}