Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Troubleshooting Port Mirroring

    Port Mirroring Constraints and Limitations

    Local and Remote Port Mirroring

    The following constraints and limitations apply to local and remote port mirroring with the QFX Series:

    • You can create a total of four port-mirroring configurations on QFX Series switches (including QFabric systems), subject to the following limits:
      • There can be no more than two configurations that mirror ingress traffic.
      • There can be no more than two configurations that mirror egress traffic.
    • You cannot configure local and remote port mirroring with the same port-mirroring configuration. That is, you cannot use the interface and vlan options in one set analyzer name output statement.
    • If you configure Junos OS to mirror egress packets, do not configure more than 2000 VLANs on a QFX3500 device or QFabric system. If you do so, some VLAN packets might contain incorrect VLAN IDs. This applies to any VLAN packets—not only the mirror copies.
    • The ratio and loss-priority options are not supported.
    • Packets with physical layer errors are filtered out and are not sent to the output port or VLAN.
    • If you use sFlow monitoring to sample traffic, it does not sample the mirror copies when they egress from the output interface.

    • You cannot mirror packets exiting or entering the following ports:

      • Dedicated Virtual Chassis interfaces
      • Management interfaces (me0 or vme0)
      • Fibre Channel interfaces
      • Routed VLAN interfaces
    • When packet copies are sent out the output interface, they are not modified for any changes that are normally applied on egress, such as CoS rewriting.
    • An interface can be the input interface for only one mirroring configuration. Do not use the same interface as the input interface for multiple mirroring configurations.
    • (QFabric systems only) If you configure a QFabric analyzer to mirror egress traffic and the input and output interfaces are on different Node devices, the mirror copies have incorrect VLAN IDs. This limitation does not apply if you configure a QFabric analyzer to mirror egress traffic and the input and output interfaces are on the same Node device. In this case the mirror copies will have the correct VLAN IDs (as long as you do not configure more than 2000 VLANs on the QFabric system).

    Remote Port Mirroring Only

    The following constraints and limitations apply to remote port mirroring with the QFX Series:

    • The output VLAN cannot be a private VLAN or VLAN range.
    • An output VLAN cannot be shared by multiple analyzer statements.
    • An output VLAN interface cannot be a member of any other VLAN.
    • An output VLAN interface cannot be an aggregated Ethernet interface (LAG).
    • On the source (monitored) switch, only one interface can be a member of the analyzer VLAN.

    Egress Port Mirroring with VLAN Translation

    Problem

    If you create a port-mirroring configuration that mirrors customer VLAN (CVLAN) traffic on egress and the traffic undergoes VLAN translation before being mirrored, the VLAN translation does not apply to the mirrored packets. That is, the mirrored packets retain the service VLAN (SVLAN) tag that should be replaced by the CVLAN tag on egress. The original packets are unaffected—on these packets VLAN translation works properly, and the SVLAN tag is replaced with the CVLAN tag on egress.

    Solution

    This is expected behavior.

     

    Related Documentation

     

    Published: 2012-10-31

    Previous Page Next Page