Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Port-Based Mirroring

SUMMARY This section describes port-based mirroring in Juniper® Cloud-Native Contrail Networking (CN2) Release 22.2 and later in a Kubernetes-orchestrated environment.

Overview: Port-Based Mirroring

Figure 1: CN2 Port-Based Mirror Topology Diagram of a network setup with a compute host, vRouter, and Pod-2. Traffic from Pod-2 is mirrored by the vRouter to MirrorDestination. MirrorDestination has two configurations: with JuniperHeader on, destination IP 192.168.10.0, port 11111; with JuniperHeader off, uses MAC address and routing instance.

Port mirroring sends network traffic from defined ports to a network analyzer where you can monitor and analyze the data. In CN2, the following is supported:

  • Mirroring configuration is primarily driven from the pod configuration for both the receiver and interface being mirrored. You don't need to configure the virtual machine interface (VMI) directly.

  • Mirroring configuration involves creating a MirrorDestination resource and associating the MirrorDestination resource to the pod interface to be mirrored.

  • MirrorDestination identifies the mirrored traffic receiver pod and interface. When juniperHeader is enabled, the receiver pod IP address and port are used. When juniperHeader is disabled, the receiver pod MAC address routingInstance is used to forward mirrored traffic.

  • A MirrorDestination can be associated with multiple VMIs to be mirrored.
  • A MirrorDestination resource defines the mirrored traffic receiver such as IP address, port used for receiving mirrored traffic, Juniper header configuration, dynamic or static next-hop, and so on.
  • A pod interface to be mirrored can be configured when creating the pod or by editing the pod.

Example: Configure Port-Based Mirroring

The following procedure is an example configuration that creates a MirrorDestination resource and specifies the MirrorDestination resource name, such as mirrordestinationprofile1, on the interface to be mirrored.

  1. Use the MirrorDestination YAML file to create a MirrorDestination resource by adding multiple destination pods with the label core.juniper.net/analyzer-pod-selector: analyzerpod.

    The MirrorDestination resource uses the label core.juniper.net/analyzer-pod-selector: analyzerpod to calculate and determine the mirrored traffic pod receiver.

    ​Example MirrorDestination YAML file:

    When you deploy the YAML file, multiple pods could match the label analyzerpod. The first matching pod is selected as the mirrored traffic receiver. The selected pod remains sticky until the pod or interface is no longer available.

    Following is the analyzer pod YAML file with label analyzerpod, indicating that MirrorDestination can use this pod.

    • Note the label value for core.juniper.net/analyzer-pod analyzerpod is the same as specified in the MirrorDestination YAML file.
    • The MirrorDestination controller uses this label to calculate the analyzer_ip, macaddress, and routinginstance.
    • The pod interface to be used is specified in the annotation below:

      core.juniper.net/analyzer-interface: true

      You can specify the default pod interface directly under annotations. For a custom VN interface, you specify it in the cni-args of the network. The example Pod/analyzerpod YAML file shows both examples.

    • core.juniper.net/analyzer-interface: true indicates that the vn-1 pod interface will receive mirrored traffic.

    Example Pod/analyzerpod YAML file:

  2. Add the pod annotations and specify the mirroringDestination resource name on the interface to be mirrored.

    In the following example YAML file, we enable mirroring on the pod vn-1 interface. We specify the MirrorDestination resource name mirrordestinationprofile1 on the interface to be mirrored.

    Example Pod/mirrored-pod YAML file:

Summary

SUMMARY This section describes configuration changes for port-based mirroring in CN2 Release 22.2.

From the analyzer pod annotations and labels, the VM and VMI are associated with the pod to be used in the MirrorDestination controller.

Analyzer VM Labels:

The VirtualMachine resource corresponding to the pod will have the label core.juniper.net/analyzer-pod label.

Analyzer VMI Labels:

The VirtualMachineInterface resource for the analyzer pod will have the label core.juniper.net/analyzer-interface.

Source VMI Label indicating MirrorDestination:

Source VirtualMachineInterface corresponding to the pod interface being mirrored will have the label core.juniper.net/mirror-destination. The annotations will have the mirror configuration.