Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Understanding Port Mirroring Analyzers on a Junos Fusion Enterprise

This topic describes port mirroring analyzers in a Junos Fusion Enterprise.

This topic covers:

Port Mirroring Analyzers on a Junos Fusion Enterprise Overview

Port mirroring can be used for traffic analysis on routers and switches that, unlike hubs, do not broadcast packets to every port on the destination device. Port mirroring sends copies of all packets or policy-based sample packets to local or remote analyzers where you can monitor and analyze the data.

In a Junos Fusion Enterprise, analyzers are used to mirror traffic from an extended port on a satellite device to an output interface or VLAN. The output interface or VLAN can be connected to the aggregation device or to an extended port on a satellite device.

You can configure an analyzer to mirror:

  • Bridged packets (Layer 2 packets)

  • Routed packets (Layer 3 packets)

Many port mirroring analyzer concepts for standalone switches also apply to port mirroring analyzers on Junos Fusion Enterprise. See Understanding Port Mirroring Analyzers for a detailed overview of port mirroring analyzers on standalone switches.

Understanding the Configuration of Analyzers in a Junos Fusion Enterprise

Like all features in a Junos Fusion Enterprise, port mirroring analyzers are configured from the aggregation devices.

The mirroring options in a Junos Fusion Enterprise are:

  • Mirror traffic from a native interface to an extended port.

  • Mirror traffic from an extended port on one satellite device to an extended port on another satellite device.

  • Mirror traffic from an extended port to a native interface. Configure remote mirroring for this scenario—that is, configure an analyzer output VLAN with an ICL and a native interface as remote-mirroring VLAN members in one aggregation device and an ICL as a remote-mirroring VLAN member in the peer aggregation device, so that both aggregation devices can mirror to the native interface.

Note:

Even if the mirroring source and destination are on the same satellite device, the mirrored traffic always goes back to the aggregation device.

Best Practice:

We recommend the following configuration guidelines for analyzers in a Junos Fusion Enterprise:

  • Configure remote mirroring.

  • Configure an analyzer output VLAN with both an ICL (interchassis link) and the mirror destination as VLAN members, so that mirrored traffic can travel through the ICL to the peer aggregation device if the mirror destination is not directly reachable on the local aggregation device. This is applicable in scenarios where the mirror destination is single-homed or a dual-homed satellite device and the cascade port is down on the local aggregation device.

  • Use the configuration sync feature to synchronize the configuration across aggregation devices.

Limitations for Port Mirroring Analyzers on a Junos Fusion Enterprise

Consider the following limitations when you configure port mirroring analyzers on a Junos Fusion Enterprise:

  • You cannot mirror a cascade port or an ICL. (See the configuration guidelines in Understanding Port Mirroring Analyzers for other port types that cannot be mirrored.)

  • An analyzer input VLAN mirrors all interfaces in the VLAN except the ICL in the VLAN. This limitation keeps mirrored traffic from causing congestion in the ICL.

Related Documentation