Routing
Routing

VPLS port mirroring

‎11-16-2014 10:36 AM

Hi All,
I am trying to port mirror traffic coming on a vpls instance but the problem is that I a seeing traffic from only one direction.
with regard to the attached topology and the below configuration, the traffic coming SRX1/SRX2 hitting irb.822 is seen but the opposite traffic coming from the Control-VRF on the same irb is not.

 

 

 

The thing is the mirroring server operates only on layer 2; so how can I mirror the opposite traffic using the same VPLS ?

And if it is not possible, how can I mirror OSPF traffic on ae2.9 which does not have a VPLS at the source?

 


MX1# show forwarding-options
port-mirroring {
instance {
PM {
input {
rate 1;
run-length 1;
}
family vpls {
output {
interface ge-8/3/8.899;
no-filter-check;
}
}
}

}
}

MX1# show firewall family vpls filter Port-Mirror
term 1 {
then {
accept;
port-mirror-instance PM;
}
}


MX1# show routing-instances VPLS-VLAN-822
instance-type vpls;
vlan-id 822;
interface xe-0/0/0.822;
routing-interface irb.822;
route-distinguisher 10.215.15.32:1822;
vrf-target target:65012:1822;
forwarding-options {
family vpls {
filter {
input Port-Mirror;
}
flood {
input Port-Mirror;
}
}
}
protocols {
vpls {
no-tunnel-services;
site MX-1 {
site-identifier 1;
interface xe-0/0/0.822;
}
}
}

MX1# show routing-instances Control-VRF
instance-type vrf;
interface ae2.9;
interface irb.1;
interface irb.2;
interface irb.3;
interface irb.822;
interface lo0.30;
route-distinguisher 10.215.15.32:300;
vrf-target target:65012:300;
vrf-table-label;
routing-options {
router-id 10.215.15.32;
}
protocols {
ospf {
export Control-Direct-Routes;
sham-link local 10.215.15.32;
area 0.0.0.0 {
interface irb.822;
}
area 0.0.0.14 {
nssa {
default-lsa {
default-metric 10;
metric-type 1;
}
no-summaries;
}
sham-link-remote 10.200.15.33;
interface ae2.9 {
interface-type p2p;
bfd-liveness-detection {
minimum-interval 200;
multiplier 3;
}
}
}
}
}

 

Thanks in advance

Bassem Wahba

JNCIE-SP#2233

Bassem Wahba

Attachments

2 REPLIES 2
Routing

Re: VPLS port mirroring

‎11-17-2014 12:57 PM

Hello,

You need to use "family any" port-mirroring to mirror packets which egress out of IRB into VPLS instance

http://www.juniper.net/documentation/en_US/junos14.2/topics/task/configuration/services-configuring-...

HTH

Thanks

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Routing

Re: VPLS port mirroring

‎11-26-2014 01:55 AM