[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring Layer 2 Port Mirroring on an L2VPN with AE

The following example is not a complete configuration, but shows all the steps needed to configure port mirroring on an L2VPN using family ccc and aggregated Ethernet (AE) links.

  1. Configure the bridge domain port-mirror-bd, which contains the external packet analyzer:
    [edit]
    bridge-domains {
    port-mirror-bd { # Contains an external traffic analyzer
    interface ge-2/2/8.0; # External analyzer
    }
    }
  2. Configure the Layer 2 VPN CCC to connect interface ae0.0 and interface ae0.1:
    [edit]
    protocols {
    mpls {
    interface all;
    }
    connections {
    interface-switch if_switch {
    interface ae0.0;
    interface ae0.1;
    }
    }
    }
  3. Configure Layer 2 port mirroring for the global instance, with the port-mirroring destination being the bridge domain interface associated with the external analyzer (logical interface ge-2/2/9.0 on bridge domain example-bd-with-analyzer):
    [edit]
    forwarding-options {
    port-mirroring {
    input {
    rate 1;
    maximum-packet-length 200;
    }
    family ccc {
    output {
    interface ge-2/2/8.0; # Mirror packets to the external analyzer
    }
    }
    instance {
    inst1 {
    input {
    rate 1;
    maximum-packet-length 300;
    }
    family ccc {
    output {
    interface ge-2/2/8.0;
    }
    {
    }
    }
    }
    }
  4. Configure for firewall filter pm-ccc for family ccc:
    [edit]
    firewall {
    family ccc {
    filter pm_ccc {
    term pm {
    then port-mirror;
    }
    }
    }
    }
  5. Apply the aggregated Ethernet interfaces and port mirror instance to the chassis:
    [edit]
    chassis {
    aggregaated-devices {
    ethernet {
    device-count 10;
    }
    }
    fpc 2 {
    port-mirror-instance inst1;
    }
    }
  6. Configure interfaces ae0 and ge-2/0/2 (for aggregated Ethernet) and ge-2/2/8 (for port mirroring) with the pm_ccc filter:
    [edit]
    interfaces {
    ae0 {
    vlan-tagging;
    encapsulation extended-vlan-ccc;
    unit 0 {
    vlan-id 10;
    family ccc {
    filter {
    input pm_ccc;
    }
    }
    }
    unit 1 {
    vlan-id 20;
    family ccc {
    filter {
    output pm_ccc;
    }
    }
    }
    }
    ge-2/0/2 {
    gigether-options {
    802.3ad ae0;
    }
    }
    ge-2/2/8 {
    encapsulation ethernet-bridge;
    unit 0 {
    family bridge;
    }
    }
    }
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.