Example: Multiple Port Mirroring with Next-Hop Groups Configuration
To send port-mirrored traffic to multiple cflowd servers or packet analyzers, you can use the
next-hop-groupstatement available in JUNOS Release 5.7 and later. You can make up to 16 copies of traffic per group and send the traffic to next-hop group members. A maximum of 30 groups can be configured on an M-series router at any given time. The port-mirrored traffic can be sent to any interface, except aggregated SONET/SDH, aggregated Ethernet, loopback (lo0), or administrative (fxp0) interfaces. This example shows how to configure multiple port mirroring with next-hop groups:[edit]interfaces {ge-1/0/0 {# This is the input interface where packets enter the router.unit 0 {family inet {filter {input mirror_pkts;# Here is where you apply the first filter.}address 11.11.0.1/24;}}}ge-1/1/0 {# This is an exit interface for HTTP packets.unit 0 {family inet {address 11.12.0.1/24;}}}ge-1/2/0 {# This is an exit interface for HTTP packets.unit 0 {family inet {address 11.13.0.1/24;}}}so-0/3/0 {# This is an exit interface for FTP packets.unit 0 {family inet {address 1.1.1.1/30;}}}so-4/3/0 {# This is an exit interface for FTP packets.unit 0 {family inet {address 2.2.2.2/30;}}}so-7/0/0 {# This is an exit interface for all remaining packets.unit 0 {family inet {address 5.5.5.5/30;}}}so-7/0/1 {# This is an exit interface for all remaining packets.unit 0 {family inet {address 6.6.6.6/30;}}}vt-3/3/0 {# The Tunnel interface is where you send the port-mirrored traffic.unit 0 {family inet;}unit 1 {family inet {filter {input collect_pkts;# This is where you apply the second firewall filter.}}}}}forwarding-options {port-mirroring {# This is required when you configure next-hop groups.input {family inet {rate 1;# This rate port-mirrors all packets (one copy for every packet received).}}output {# This sends traffic to a Tunnel interface to prepare for multiport mirroring.interface vt-3/3/0.1;no-filter-check;}}next-hop-group ftp-traffic {# Point-to-point interfaces require you to specify the interface name.interface so-4/3/0.0;interface so-0/3/0.0;}next-hop-group http-traffic {# Configure a next hop for all multipoint interfaces (Ethernet).interface ge-1/1/0.0 {next-hop 11.12.0.2;}interface ge-1/2/0.0 {next-hop 11.13.0.2;}}next-hop-group default-collect {interface so-7/0/0.0;interface so-7/0/1.0;}}firewall {family inet {filter mirror_pkts {# Apply this filter to the input interface.term catch_all {then {count input_mirror_pkts;port-mirror; # This action sends traffic to be copied and port-mirrored.}}}filter collect_pkts {# Apply this filter to the Tunnel interface.term ftp-term {# This term sends FTP traffic to an FTP next-hop group.from {protocol ftp;}then next-hop-group ftp-traffic;}term http-term {# This term sends HTTP traffic to an HTTP next-hop group.from {protocol http;}then next-hop-group http-traffic;}term default {# This term sends all remaining traffic to a final next-hop group.then next-hop-group default-collectors;}}}}