Routing

I'm trying to use port mirror on an MX80 with no luck. I've followed different examples on the web but can't seem to get traffic mirrored into the output port. Can anyone supply a working example of port mirroring on an MX80 version 10.3 for an inet port (not a bridge port)?

cheers

Carlos Isaza

Senior Network Engineer

JNCIS-E  JNCIP-M/T #992

NEC New Zealand Limited - NZ Juniper Partner of the Year

Hello,

below is the adapted example of classic IPv4 port-mirroring config from production MX960. It worked without changes in 9.4 and 10.1 and I expect it to work in 10.3 as well:

forwarding-options {
    port-mirroring {
        input {
            rate 1;
            run-length 1;
        }
        family inet {
            output {
                interface xe-0/1/0.0 {
                    next-hop 10.0.0.2;
                }
                no-filter-check;
            }
        }
    }

}
interfaces {
    xe-0/1/0 {
        unit 0 {
            family inet {
                address 10.0.0.1/30 {
                    arp 10.0.0.2 mac 00:00:00:00:00:11;
                }
            }
        }
    }
    xe-0/2/0 {
        vlan-tagging;
        unit 92 {
            vlan-id 92;
            family inet {
                filter {
                    output egress-portmirror;
                }
                address 10.25.64.2/30;
            }
        }
    }
}
firewall {
    family inet {
        filter egress-portmirror {
            term port-mirror {
                from {
                    destination-address {
                    10.20.30.0/24;
                    }
                }
                then {
                    port-mirror;
                    next term;
                }
            }
            term default {
                then accept;
            }
        }
    }
}

HTH

Rgds

Alex

thanks for looking into this Alex

The only thing I was missing from previuos tests is that mac address that you added in port xe-0/1/0. I'm assuming that's the mac address of your analyzer PC ?

I tried to add the mac address that I use with Wireshark running, but I still cannot see mirrored packets to that PC. I checked the port counters on that port but can't see anything going out to the analyzer.

this is the config I used: Any other ideas?

carlos@MX80-1# show forwarding-options
port-mirroring {
    input {
        rate 1;
        run-length 1;
    }
    family inet {
        output {
            interface ge-1/2/9.0 {
                next-hop 9.9.9.2;
            }
            no-filter-check;
        }
    }
}

carlos@MX80-1# show firewall
family inet {
    filter inetMirrorFilter {
        interface-specific;
        term all {
            then {
                count mirror;
                port-mirror;
                accept;
            }
        }
    }
}

carlos@MX80-1# show interfaces ge-1/2/0
unit 0 {
    family inet {
        filter {
            input inetMirrorFilter;
        }
        address 192.7.7.1/30;
    }
}

carlos@MX80-1# show interfaces ge-1/2/9
unit 0 {
    family inet {
        address 9.9.9.1/30 {
            arp 9.9.9.2 mac d8:d3:85:99:3f:77;
        }
    }
}

cheers

The MAC addres is that of analyzer, correct.

Does "show filrewall" indicate that counter "mirror-ge-1/2/0.0-i" is incrementing when there is traffic hitting ge-1/2/0?

If not then there are no IPv4 packets to mirror.

it works now, we didn't noticed before that the interfaceconnected to the anlyzer was part of a bridge domain and that seems to stop the mirrored traffic going to the PC.

thanks a lot for your help

Hi All,

Can some one show me the configuration for port mirroring. So I want to mirror the traffic that going out an interface, and I want to copy/mirror the traffic to a load balancer that only has layer 2 address, without layer 3 (Ip address).

Many thanks in advance before.

thanks,

NwS