Layer 2 Port Mirroring of PE Router Logical Interfaces
For an MX Series router configured as a provider edge (PE) router on the customer-facing edge of a service provider network, you can apply a Layer 2 port-mirroring firewall filter at the following ingress and egress points to mirror the traffic between the MX Series router and customer edge (CE) devices, such as routers and Ethernet switches.
Table 1 describes the ways in which you can apply Layer 2 port-mirroring firewall filters to an MX Series router configured as a PE router.
Table 1: Application of Layer 2 Port Mirroring Firewall Filters on PE Routers
Point of Application | Scope of Mirroring | Notes | Configuration Details |
|---|---|---|---|
Ingress Customer-Facing Logical Interface | Packets originating within a service provider customer’s network, sent first to a CE device, and sent next to the MX Series PE router. | You can also configure aggregated Ethernet interfaces between CE devices and PE routers for VPLS routing instances. Traffic is load-balanced across all of the links in the aggregated interface. Traffic received on an aggregated Ethernet interface is forwarded over a different interface based on a lookup of the destination MAC (DMAC) address:
| See Applying Layer 2 Port Mirroring to a Logical Interface. For more information about VPLS routing instances, see Configuring a VPLS Routing Instance and Configuring VLAN Identifiers for Bridge Domains and VPLS Routing Instances. |
Egress Customer-Facing Logical Interface | Unicast packets being forwarded by the MX Series router to another PE router. NOTE: If you apply a port-mirroring filter to the output for a logical interface, only unicast packets are mirrored. To mirror multicast, unknown unicast, and broadcast packets, apply a filter to the input to the flood table of a bridge domain or VPLS routing instance. | ||
Input to a Bridge Domain Forwarding Table or Flood Table | Forwarding traffic or flood traffic sent to the bridge domain from a CE device. | Forwarding and flood traffic typically consists of broadcast packets, multicast packets, unicast packets with an unknown destination MAC address, or packets with a MAC entry in the DMAC routing table. | See Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a Bridge Domain. For information about flooding behavior in VPLS, see the Junos OS VPNs Configuration Guide. |
Input to a VPLS Routing Instance Forwarding Table or Flood Table | Forwarding traffic or flood traffic sent to the VPLS routing instance from a CE device. | See Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a VPLS Routing Instance. For information about flooding behavior in VPLS, see the Junos OS VPNs Configuration Guide. |
