Configuration Guidelines for Port Mirroring on EX Series Switches
When you configure port mirroring on EX Series switches, we recommend that you follow certain guidelines to ensure that you obtain optimum benefit from port mirroring.
Mirror only necessary packets to reduce potential performance impact. We recommend that you:
Disable your configured port mirroring analyzers when you are not using them.
Specify individual interfaces as input to analyzers rather than specifying all interfaces as input.
Limit the amount of mirrored traffic by:
Using statistical sampling.
Setting ratios to select statistical samples.
Using firewall filters.
With local mirroring, traffic from multiple ports is replicated to the analyzer output interface. If the output interface for an analyzer reaches capacity, packets are dropped. Thus, while configuring an analyzer, you must consider whether the traffic being mirrored exceeds the capacity of the analyzer output interface.
This document provides a workaround to the port mirroring configuration guideline that limits the number of port mirroring sessions that can be configured on an EX2300, EX3200, EX3400, or EX4300 switch to one session. While you can configure more than the specified number of analyzers on these switches, you can enable only one analyzer for a session.Table 1 summarizes further configuration guidelines for port mirroring on the switches.
Table 1: Configuration Guidelines for Port Mirroring
Note: “All other switches” or “All switches” in the Description column applies to switch platforms that support port mirroring. For details on platform support, see Feature Explorer.
Number of VLANs that you can use as ingress input to an analyzer
Number of analyzers that you can enable concurrently
Number of firewall filter-based analyzers that you can configure on EX4500 and EX4600 switches
If you configure multiple analyzers, you cannot attach any of them to a firewall filter.
Types of ports on which you cannot mirror traffic
If port mirroring is configured to mirror packets exiting or entering 10-Gigabit Ethernet ports, packets are dropped in both network and mirrored traffic when the mirrored packets exceed 60 percent of the 10-Gigabit Ethernet port traffic for egress traffic, and when the mirrored packets exceed 70 percent of the 10-Gigabit Ethernet port traffic for ingress traffic.
Traffic directions for which you can specify a ratio
Protocol families that you can include in a firewall filter-based remote analyzer
You can use inet and inet6 on EX8200 switches in a local analyzer.
Traffic directions that you can configure for mirroring on ports in firewall filter-based configurations
Mirrored packets on tagged interfaces might contain an incorrect VLAN ID or Ethertype.
Mirrored packets exiting an interface do not reflect rewritten class-of-service (CoS) DSCP or 802.1p bits.
The analyzer appends an incorrect 802.1Q (dot1q) header to the mirrored packets on the routed traffic or does not mirror any packets on the routed traffic when an egress VLAN that belongs to a routed VLAN interface (RVI) is configured as the input for that analyzer.
As a workaround, configure an analyzer that uses each port (member interface) of the VLAN as egress input.
Packets with physical layer errors are not sent to the local or remote analyzer.
Packets with these errors are filtered out and thus are not sent to the analyzer.
Port mirroring configuration on a Layer 3 interface with the output configured to a VLAN is not available on EX8200 switches.
Port mirroring does not support line-rate traffic.
Port mirroring for line-rate traffic is done on a best-effort basis.
In an EX8200 Virtual Chassis, if you need to mirror traffic across the virtual chassis, then the output port must be a LAG.
In an EX8200 Virtual Chassis:
In standalone EX8200 switches, you can configure LAG in the output definition.
In EX8200 standalone switches: