1:N Port Mirroring to Multiple Destinations on Switches

What Is 1:N Port Mirroring?

We use the term 1:N port mirroring in this document to refer to the feature that enables you to mirror packets to multiple destinations. "1" represents the packet source being mirrored and "N" represents the multiple destinations the packet is sent to. You might also see this feature described as multipacket mirroring.

Use Feature Explorer to confirm platform and release support for specific features.

Review Platform-Specific 1:N Port Mirroring Behavior for notes related to your platform.

Port mirroring helps network administrators to debug network problems and to fend off attacks on the network. You can use port mirroring for traffic analysis on network devices such as routers and switches that, unlike hubs, do not broadcast packets to every interface on the destination device. Port mirroring sends copies of all packets to local or remote analyzers where you can monitor and analyze the data.

You use 1:N port mirroring to mirror traffic to multiple Layer 2 destinations. You use next-hop groups in this feature configuration.

You configure these multiple observing ports with connections to different monitoring devices.

Getting Ready to Configure 1:N Port Mirroring—Guidelines and Limitations

You can configure the 1:N port mirroring feature in the following two configuration methods:

• Port mirroring (using a firewall filter-based method) at the [edit forwarding-options port-mirroring instance] hierarchy

• Native analyzer at the [edit forwarding-options analyzer] hierarchy

Note:

You can configure both of the preceding methods on the same device. See Sample Configuration Results for an example.

The following address families are supported in 1:N port mirroring:

• ethernet-switching

• inet

• inet6

Here are the limitations that you need to keep in mind as you configure the feature:

Remember to review Platform-Specific 1:N Port Mirroring Behavior for notes related to your platform.

• Next-hop group members can be Layer 2 only, not Layer 3.

• You can configure as many as 4 next-hop groups, and you can add up to 4 interfaces to each next-hop group.

• You must define at least two destinations to send packets to more than one destination.

Table 1 lists the configuration-hierarchy combinations you use to build your 1:N mirroring topology:

Table 1: Configuration Hierarchies for 1:N Port Mirroring

Configuration Method	Hierarchies
Port mirroring (filter-based)	[edit forwarding-options port-mirroring instance]
	[edit firewall family family-name filter]
	[edit forwarding-options next-hop-group]
	[edit interfaces]
	[edit vlans]
Native analyzer	[edit forwarding-options analyzer]
	[edit forwarding-options next-hop-group]
	[edit interfaces]
	[edit vlans]

Note:

You can read through the configuration task subsections, or you can jump to the Sample Configuration Results that shows the combined task results.

Overview of Configuration Tasks for 1:N Port Mirroring

The following configuration task subsections show you how to configure each of the hierarchies listed in Table 1. You can read through the configuration task subsections, or you can jump to the Sample Configuration Results that shows the combined task results.