Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Frequently Asked Questions About Using Flow-Tap
Can port-mirroring be used when flow-tap is configured?
When flow-tap is configured, port-mirroring may not work for certain interfaces, due to sampling hardware limitations. On these interfaces, if a packet matches more than one sampling class, with each having a next hop programmed, then only one of the next hops can be chosen. Both flow-tap and port-mirroring use next-hop sampling, so any traffic through these interfaces that is marked for both flow-tap and port-mirroring will default to flow-tap, and no port-mirroring will be used for these packets.
If port-mirroring is configured for other types of interfaces that do not have sampling limitations, it will continue to work as expected.
Can syslog be used when flow-tap is configured?
The filter action then syslog (to forward packets to the syslog server) cannot be configured for any firewall filter if flow-tap is configured on the same platform. The flow-tap configuration commit will fail if the then syslog filter action is configured on any filter. This is true for all platforms on which flow-tap is supported. This helps ensure the security of the target packets.
What is flow-tap-lite?
Flow-tap-lite is a version of flow-tap in which all of the functionality is performed on the Packet Forwarding Engine, instead of on the services PIC as in the full-featured flow-tap. This is the only version of flow-tap supported on MX Series platforms, M120 routers, and M320 routers with Enhanced III FPCs only.
For flow-tap-lite, everything is specified under the flow-tap hierarchy only. Under [edit services flow-tap], use the tunnel-interface option to specify the flow-tap-lite feature. Use the interface option if you want to use the full-featured flow-tap based on the services PIC.
