 |
Note: For IPv4 port mirroring to reach a next-hop destination, you must manually include a static Address Resolution Protocol (ARP) entry in the router configuration. |
On routers containing an Internet Processor II application-specific integrated circuit (ASIC) or T-series Internet Processor, you can send a copy of an IP version 4 (IPv4) or IP version 6 (IPv6) packet from the router to an external host address or a packet analyzer for analysis. This is known as port mirroring.
Port mirroring is different from traffic sampling. In traffic sampling, a sampling key based on the IPv4 header is sent to the Routing Engine. There, the key can be placed in a file, or cflowd packets based on the key can be sent to a cflowd server. In port mirroring, the entire packet is copied and sent out through a next-hop interface.
You can configure simultaneous use of sampling and port mirroring, and set an independent sampling rate and run-length for port-mirrored packets. However, if a packet is selected for both sampling and port mirroring, only one action can be performed and port mirroring takes precedence. For example, if you configure an interface to sample every packet input to the interface and a filter also selects the packet to be port mirrored to another interface, only the port mirroring would take effect. All other packets not matching the explicit filter port-mirroring criteria continue to be sampled when forwarded to their final destination.
To prepare traffic for port mirroring, include the filter statement at the [edit firewall family inet] hierarchy level:
- filter filter-name;
This filter at the [edit firewall family (inet | inet6)] hierarchy level selects traffic to be port-mirrored:
-
filter filter-name {
-
- term term-name {
-
- then {
- port-mirror;
- accept;
- }
- }
- }
To configure port mirroring on a logical interface, configure the following statements at the [edit forwarding-options port-mirroring] hierarchy level:
-
input {
-
-
family (inet | inet6) {
-
rate rate;
-
run-length number;
- }
- }
-
output {
-
-
interface interface-name {
-
next-hop address;
- }
-
no-filter-check;
- }
-
traceoptions {
-
-
file filename {
-
files number;
-
size bytes;
- (world-readable | no-world-readable);
- }
- }
Specify the port-mirroring destination by including the next-hop statement at the [edit forwarding-options port-mirroring output interface interface-name] hierarchy level:
-
next-hop address;
|
Note: For IPv4 port mirroring to reach a next-hop destination, you must manually include a static Address Resolution Protocol (ARP) entry in the router configuration. |
The no-filter-check statement is required when you send port-mirrored traffic to a Tunnel PIC that has a filter applied to it.
The interface used to send the packets to the analyzer is the output interface configured above at the [edit forwarding-options port-mirroring output] hierarchy level. You can use any physical interface type, including generic routing encapsulation (GRE) tunnel interfaces. The next-hop address specifies the destination address; this statement is mandatory for non point-to-point interfaces, such as Ethernet interfaces.
To configure the sampling rate or duration, include the rate or run-length statement at the [edit forwarding-options port-mirroring input family (inet | inet6)] hierarchy level.
You can trace port-mirroring operations the same way you trace sampling operations. For more information, see Tracing Traffic Sampling Operations.
For more information about port mirroring, see the following sections:
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |