Packet-Mirroring Services Overview
Packet mirroring allows you to mirror subscriber traffic by configuring a script service with the SRC software that applies policies on a router running JunosE Software for RADIUS-based packet mirroring.
When the service activation engine (SAE) activates a packet-mirroring service session, the session sends dynamic RADIUS requests, such as change-of-authorization (COA) messages, to a RADIUS device such as a router running JunosE Software.
In RADIUS-based packet mirroring on a router running JunosE Software, a RADIUS administrator uses RADIUS attributes to configure packet mirroring of a particular subscriber’s traffic. The router creates dynamic secure policies for the mirroring operation. The original traffic is sent to its intended destination, and the mirrored traffic is sent to an analyzer device (the mediation device). The mirroring operations are transparent to the subscriber whose traffic is being mirrored. This dynamic method uses RADIUS attributes and RADIUS vendor-specific attributes (VSAs) to identify a subscriber whose traffic is to be mirrored and to trigger the mirroring session. RADIUS-based mirroring uses dynamically created secure policies based on certain RADIUS VSAs. You attach the secure policies to the interface used by the mirrored subscriber. The packet-mirroring VSAs that the RADIUS server sends to the E Series router are MD5 salt-encrypted.
You must deploy RADIUS-based packet mirroring on routers running JunosE Software to monitor the subscriber traffic.