Technical Documentation

Example: Layer 2 Port Mirroring for a Layer 2 VPN with LAG Links

The following example is not a complete configuration, but shows all the steps needed to configure port mirroring on an L2VPN using family ccc and aggregated Ethernet links.

  1. Configure the bridge domain port_mirror_bd, which contains the external packet analyzer:

    [edit]bridge-domains {port_mirror_bd { # Contains an external traffic analyzerinterface ge-2/2/8.0; # External analyzer}}
  2. Configure the Layer 2 VPN CCC to connect interface ae0.0 and interface ae0.1:

    [edit]protocols {mpls {interface all;}connections {interface-switch if_switch {interface ae0.0;interface ae0.1;}}}
  3. Configure Layer 2 port mirroring for the global instance, with the port-mirroring destination being the bridge domain interface associated with the external analyzer (logical interface ge-2/2/9.0 on bridge domain example_bd_with_analyzer):

    [edit]forwarding-options {port-mirroring {input {rate 1; maximum-packet-length 200; }family ccc {output {interface ge-2/2/8.0; # Mirror packets to the external analyzer}}instance {pm_instance_1 {input {rate 1; maximum-packet-length 300; }family ccc {output {interface ge-2/2/8.0;}{}}}}
  4. Configure the firewall filter pm_ccc for family ccc:

    [edit]firewall {family ccc {filter pm_ccc {term pm {then port-mirror;}}}}
  5. Apply the aggregated Ethernet interfaces and port mirror instance to the chassis:

    [edit]chassis {aggregated-devices {ethernet {device-count 10;}}fpc 2 {port-mirror-instance pm_instance_1;}}
  6. Configure interfaces ae0 and ge-2/0/2 (for aggregated Ethernet) and ge-2/2/8 (for port mirroring) with the pm_ccc filter:

    [edit]interfaces {ae0 {vlan-tagging;encapsulation extended-vlan-ccc;unit 0 {vlan-id 10;family ccc {filter {input pm_ccc;}}}unit 1 {vlan-id 20;family ccc {filter {output pm_ccc;}}}}ge-2/0/2 {gigether-options {802.3ad ae0;}}ge-2/2/8 {encapsulation ethernet-bridge;unit 0 {family bridge;}}}

Published: 2010-05-11