Juniper configuring port

??????峤

Configuring Port Mirroring
Port mirroring is the ability of a router to send a copy of an IPv4 or IPv6 packet to an external host address or a packet analyzer for analysis. Port mirroring is different from traffic sampling. In traffic sampling, a sampling key based on the packetheader is sent to the Routing Engine. There, the key can be placed in a file, or cflowd packets based on the key can be sent to a cflowd server. In port mirroring, the entire packet is copied and sent out through a next-hop interface.
One application for port mirroring sends a duplicate packet to a virtual tunnel. A next-hop group can then be configured to forward copies of this duplicate packet to several interfaces. For more information about next-hop groups, see ConfiguringNext-Hop Groups.
All M Series Multiservice Edge Routers, T Series Core Routers, and MX Series Ethernet Services Routers support port mirroring for IPv4 or IPv6. The M120, M320, and MX Series routers support port mirroring for IPv4 and IPv6 simultaneously.
Port mirroring for VPLS traffic is supported on M7i and M10i routers configured with an Enhanced CFEB (CFEB-E), on M120 routers, on M320 routers configured with an Enhanced III Flexible PIC Concentrators (FPCs), and MX Series routers.
Port mirroring for VPLS traffic is supported on M7i and M10i routers configured with Enhanced CFEBs (CFEB-Es), on M120 routers, on M320 routers configured with Enhanced III Flexible PIC Concentrators (FPCs), and MX Series routers.
In JUNOS Release 9.3 and later, port mirroring is supported for Layer 2 traffic on MX Series routers. For information about how to configure port mirroring for Layer 2 traffic, see the JUNOS MX-series Layer 2 Configuration Guide.
In JUNOS Release 9.6 and later, port mirroring is supported for Layer 2 VPN traffic on M120 routers and M320 routers configured with an Enhanced III FPCs. You can also set the maximum length of the mirrored packet. When set, the mirrored packet is truncatedto the specified length.
Configuration Guidelines
When configuring port mirroring, the following restrictions apply:

• Only transit data is supported.
  
• You can configure either IPv4 or IPv6 port mirroring but not both on M Series routers, except for the M120 and M320 routers, which support port mirroring for IPv4 and IPv6 simultaneously.
  
• You can configure port mirroring for IPv4 and IPv6 simultaneously on the M120 and M320 routers and the MX Series routers.
  
• You cannot configure firewall filters on the port-mirroring interface.
  
• You must include a firewall filter with both the accept action and the port-mirror actionmodifier on the inbound interface. Port mirroring does not work if you specify the discard action.
  
• The interface you configure for port mirroring should not participate in any kind of routing activity.
  
• The destination address you specify should not have a route to the ultimate traffic destination. For example, if the sampled IPv4 packets have a destination address of 192.68.9.10 andthe port-mirrored traffic is sent to 192.68.20.15 for analysis, the device associated with the latter address should not know a route to 192.68.9.10.Also, it should not send the sampled packets back to the source address.
  
• On all routers except the MX Series router, you can configure only one port-mirroring interface per router. If you include more than one interface in the port-mirroring statement,the previous one is overwritten. MX Series routers support more than one port-mirroring interface per router.
  
• You can configure multiple port mirroring instances on the M120, M320, and MX Series routers.
  
• In typical applications, you send the sampled packets to an analyzer or a workstation for analysis, not to another router. If you must send this traffic over a network, you should use tunnels. For more informationabout tunnel interfaces, see the JUNOS Network Interfaces Configuration Guide.
  

Configuring Port Mirroring
To configure port mirroring, include the port-mirroring statement at the [editforwarding-options] hierarchy level:
[edit forwarding-options]port-mirroring {family (ccc| inet | inet6 | vpls) {output {interface interface-name {next-hop address;}no-filter-check;}input {maximum-packet-length bytes;rate number;run-length number;}}}Configuring the Port-Mirroring Address Family and Interface
To configure port mirroring, include the port-mirroring statement. To configure the address family type of traffic to sample, include the family statement.To configure the rate of sampling, length of sampling, and the maximum size for the mirrored packet, include the input statement. To specify on which interfaceto send duplicate packets and the next-hop address to send packets, include the output statement. To determine whether there are any filters on the specifiedinterface, include the no-filter-check statement.
For information about the rate and run-length statements,see Configuring Traffic Sampling.
Configuring Multiple Port-Mirroring Instances
In JUNOS Release 9.5 and later, you can configure multiple port-mirroring instances on the M120, M320, and MX Series routers. On the M120 router, you can associate each instance with a specific Forwarding Engine Board (FEB). You cannot associate a port-mirroringinstance with an FEB configured as a backup FEB. On the M320 router, you can associate each instance with a specific Flexible PIC Concentrator (FPC). Associating a port-mirroring instance with an FPC or an FEB enables you to mirror packets to different destinations.Multiple port-mirroring instances are also supported on MX Series routers. For information about configuring multiple port-mirroring instances on MX Series routers, see the JUNOS MX-series Layer 2 Configuration Guide.
To configure a port-mirroring instance, include the instance port-mirroring-instance statement at the [editforwarding-options port-mirroring] hierarchy level:
[edit forwarding-options port-mirroring]instance port-mirroring-instance-name {family (inet| inet6 | vpls | ccc) {output {interface interface-name {next-hop address;}no-filter-check;}}input {maximum-packet-length bytes;rate number;run-length number;}}Configuring Port-Mirroring Instances
You can configure multiple port-mirroring instances. Specify a unique port-mirroring-instance-name for each instance you configure.
Associating a Port-Mirroring Instance on M320 Routers
You can associate a port-mirroring instance with a specific FPC on an M320 router or with a specific FEB on an M120 router. You can associate only one port-mirroring instance with each FPC on an M320 router or with each FEB on an M120 router. On an M120 router,you cannot associate a port-mirroring instance with a FEB configured as a backup FEB.
To associate a port-mirroring instance with an FPC on an M320 router, include the port-mirror-instance port-mirroring-instance-name statement atthe [edit chassis fpc slot-number] hierarchy level:
[edit chassis]fpc slot-number {port-mirror-instance port-mirroring-instance-name;}For slot-number, specify the slot number of the FPC you want to associate with the port-mirroring instance. For port-mirroring-instance-name,specify the name of a port-mirroring instance you configured at the [edit forwarding-options port-mirroring] hierarchy level. For more information aboutconfiguring an FPC on an M320 router, see the JUNOS System Basics Configuration Guide.
Associating a Port-Mirroring Instance on M120 Routers
To associate a port-mirroring instance with a FEB on an M120 router, include the port-mirror-instance port-mirroring-instance-name statement atthe[edit chassis feb slot-number] hierarchy level:
[edit chassis]feb slot-number {port-mirror-instance port-mirroring-instance-name;}For slot-number, specify the slot number of the FEB you want to associate with the port-mirroring instance. For port-mirroring-instance-name,specify the name of a port-mirroring instance you configured at the [edit forwarding-options port-mirroring] hierarchy level. For information about configuringFEB redundancy on an M120 router, see the JUNOS High Availability Configuration Guide. For information about configuring FPC to FEB connectivity on an M120 router, see the JUNOS System Basics Configuration Guide.
Configuring MX Series Ethernet Services Routers and M120 Routers to Mirror Traffic Only Once
On MX Series and M120 routers only, you can configure port mirroring so that the router mirrors traffic only once. If you configure port mirroring on both ingress and egress interfaces, the same packet could be mirrored twice. To mirror packets only once andprevent the router from sending duplicate sampled packets to the same mirroring destination, include the mirror-once statement at the [editforwarding-options port-mirroring] hierarchy level:
[edit forwarding-options port-mirroring]mirror-once;