Configuring Traffic Analyzers and Packet Capture for Mirroring
Contrail provides traffic mirroring so you can mirror specified traffic to a traffic analyzer where you can perform deep traffic inspection. Traffic mirroring enables you to designate certain traffic flows to be mirrored to a traffic analyzer, where you can view traffic flows in great detail.
Use Monitor > Debug > Packet Capture to configure packets to be captured and “mirrored” to a virtual machine configured as a traffic analyzer. The packet activity can then be inspected for monitoring and troubleshooting purposes. This section demonstrates how to set up packet capture to mirror traffic packets to an analyzer.
Traffic Analyzer Images
Before using the Contrail interface to configure traffic analyzers and packet capture for mirroring, make sure that the following analyzer images are available in the VM image list for your system. The traffic analyzer images are enhanced for viewing details of captured packets in Wireshark. When creating a policy for the traffic analyzer, the traffic analyzer instance should always have the Mirror to field selected in the policy, do not select the Apply Service field for a traffic analyzer.
analyzer-vm-console-qcow2—Standard traffic analyzer; should be named analyzer in the image list. This type of traffic analyzer is always configured with a single interface, and the interface should be a Left interface.
analyzer-vm-console-two-if qcow2—This type of traffic analyzer has two interfaces, Left and Management. This traffic analyzer can have any name except the name analyzer, which is reserved for the single interface analyzer.
The analyzer-vm
images are
valid for all versions of Contrail. Download the images from the Contrail
1.0 software download page: https://www.juniper.net/support/downloads/?p=contrail#sw .
Configuring Traffic Analyzers
In Contrail Controller, you use a two-part configuration to mirror captured packet traffic to a traffic analyzer, where the traffic details can be inspected. The configuration has the following steps:
Configure analyzer(s) on the host.
Set up rules for packet capture.
Additionally, there are two ways to configure the packet capture for the analyzers from within the Contrail interface:
Configure from Monitor > Debug > Packet Capture
Configure from Configure > Networking > Services
Setting Up Traffic Mirroring Using Monitor > Debug > Packet Capture
The following are the steps needed to set up packet capture in order to “mirror” the traffic to an analyzer VM for the purpose of reviewing various aspects of packet traffic moving through the system.
Setting Up Traffic Mirroring Using Configure > Networking > Services
You can set up packet capture for mirroring to an analyzer within a service chain utilizing more than one interface by starting with a service template. The following procedure provides the steps needed.