Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Port-Based Mirroring

SUMMARY This section describes port-based mirroring in Juniper Cloud-Native Contrail® Networking™ Release 22.2 and later in a Kubernetes-orchestrated environment.

Overview: Port-Based Mirroring

Figure 1: Cloud-Native Contrail Networking Port-Based Mirror Topology Diagram of network traffic mirroring with Pod-2 connected to vRouter on Compute Host. vRouter mirrors traffic to MirrorDestination. Configurations include JuniperHeader on with IP 192.168.10.0 Port 11111, and JuniperHeader off with MAC address and routing instance.

Port mirroring sends network traffic from defined ports to a network analyzer where you can monitor and analyze the data. In Cloud-Native Contrail Networking, the following is supported:

  • Mirroring configuration is primarily driven from the pod configuration for both the receiver and interface being mirrored. You don't need to configure the virtual machine interface (VMI) directly.
  • Mirroring configuration involves creating a mirrorDestination resource and associating the mirrorDestination resource to the pod interface to be mirrored.
  • MirrorDestination identifies the mirrored traffic receiver pod and interface. When juniperHeader is enabled, receiver pod IP address and port are used. When juniperHeader is disabled, receiver pod MAC address routingInstance is used to forward mirrored traffic.
  • A mirrorDestination can be associated with multiple VMIs to be mirrored.
  • MirrorDestination resource defines the mirrored traffic receiver such as, IP address, port used for receiving mirrored traffic, Juniper header configuration, dynamic or static next-hop, and so on.
  • A pod interface to be mirrored can be configured when creating the pod or by editing the pod.

Example: Configure Port-Based Mirroring

The following procedure is an example configuration that creates a MirrorDestination resource and specifies the mirrorDestination resource name, for example mirrordestinationprofile1, on the interface to be mirrored.

  1. Use the MirrorDestination YAML to create a mirrorDestination resource. by adding multiple destination pods with the label core.juniper.net/analyzer-pod-selector: analyzerpod.
    • MirrorDestination resource uses the label core.juniper.net/analyzer-pod-selector: analyzerpod to calculate and determine the mirrored traffic pod receiver.

    ​Example MirrorDestination YAML file.

    When the YAML file is deployed, there could be multiple pods matching the label analyzerpod. First matching pod is selected as the mirrored traffic receiver. The selected pod remains sticky until the pod or interface is no longer available.

    Following is the analyzer pod YAML file with label analyzerpod, indicating MirrorDestination can use this pod.

    • Note the label value for core.juniper.net/analyzer-pod analyzerpod is the same as specified in the MirrorDestination YAML file.
    • The mirrorDestination controller uses this label to calculate the analyzer_ip, macaddress, and routinginstance.
    • The pod interface to be used is specified in annotation below:

      core.juniper.net/analyzer-interface: true

      To indicate default pod interface, it is specified directly under annotations. For custom VN interface, it is specified in cni-args of the network. The example Pod/analyzerpod YAML file shows both examples.

    • core.juniper.net/analyzer-interface: true indicates the vn-1 pod interface will receive mirrored traffic.

    Example Pod/analyzerpod YAML file.

  2. Add the pod annotations and specify the mirroringDestination resource name on the interface to be mirrored.

    In the following example YAML file, we are enabling mirroring on the pod vn-1 interface and we specify the mirrorDestination resource name mirrordestinationprofile1 on the interface to be mirrored.

    Example Pod/mirrored-pod YAML file.

Summary

SUMMARY This section describes configuration changes for port-based mirroring in Cloud-Native Contrail Networking Release 22.2.

From the analyzer pod annotations and labels, the VM and VMI are associated with the pod to be used in the mirrorDestination controller.

Analyzer VM Labels:

The VirtualMachine resource corresponding to the pod will have the label core.juniper.net/analyzer-pod label.

Analyzer VMI Labels:

The VirtualMachineInterface resource for the analyzer pod will have the label core.juniper.net/analyzer-interface.

Source VMI Label indicating mirrorDestination:

Source VirtualMachineInterface corresponding to the pod interface being mirrored will have label core.juniper.net/mirror-destination. And the annotations will have the mirror configuration.