Routing

Hello everyone.

I`m trying to set up bridge mirror on mx480 with MPC-3D 16x 10GE.

i got two port-mirroring instances:

show configuration forwarding-options port-mirroring
input {
    rate 1;
}
family inet {
    output {
        interface ae0.0 {
            next-hop 169.254.33.2;
        }
        no-filter-check;
    }
}
instance {
    BRIDGE {
        input {
            rate 1;
        }
        family vpls {
            output {
                interface ae0.22;
                no-filter-check;
            }
        }
    }
}

description MIRROR;
flexible-vlan-tagging;
native-vlan-id 1;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
    load-balance {
        per-packet;
    }
}
unit 0 {
    vlan-id 1;
    family inet {
        address 169.254.33.1/30 {
            arp 169.254.33.2 mac 00:11:22:33:44:55;
        }
    }
}
unit 22 {
    encapsulation vlan-bridge;
    vlan-id 22;
}

ae0.22 interface is in bridge-domain:

show configuration bridge-domains ANALYZER
vlan-id 22;
interface ae0.22;

firewall filter that applied to mirrored interfaces:

show configuration firewall family bridge filter MIRROR-TEST
term 1 {
    then {
        count BRIDGE-TEST-COUNT;
        accept;
        port-mirror-instance BRIDGE;
    }
}

and finaly bridge-domain with monitored interfaces:

show configuration routing-instances TEST-switch
instance-type virtual-switch;
bridge-domains {
    TEST {
        vlan-id 22;
        interface ae1.22;
        interface ae2.22;
        interface ae3.22;
        interface ae4.22;
        interface xe-5/1/2.22;
        interface xe-5/2/0.22;
        interface xe-5/2/2.22;
        interface xe-5/3/0.22;
    }
}

show configuration interfaces xe-5/1/2.22 | display inheritance no-comments
encapsulation vlan-bridge;
vlan-id 22;
family bridge {
    filter {
        input MIRROR-TEST;
    }
}

all port-mirroring sessions are up:

 show forwarding-options port-mirroring
Instance Name: &global_instance
  Instance Id: 1
  Input parameters:
    Rate                  : 1
    Run-length            : 0
    Maximum-packet-length : 0
  Output parameters:
    Family              State     Destination          Next-hop
    inet                up        ae0.0                169.254.33.2

Instance Name: BRIDGE
  Instance Id: 4
  Input parameters:
    Rate                  : 1
    Run-length            : 0
    Maximum-packet-length : 0
  Output parameters:
    Family              State     Destination          Next-hop
    vpls                up        ae0.22

But i only see traffic from family inet session and no traffic on analyzer from bridge-mirroring session.

Hello,

Have You created the port-mirroring instance BRIDGE on FPC 5?

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/chassis-port-mirroring-mx-series-configuring.html

Also, please share the printout:

show interface ae0.22 detail | no-more

HTH

Thx

Alex

Hello!

i`ve configured port-mirroring instance of fpc 5:

show chassis fpc 5
pic 0 {
    tunnel-services;
}
pic 2 {
    tunnel-services;
}
port-mirror-instance BRIDGE;

And after that bridge mirror worked, but family inet mirror broke down. I can see packets mirrored from bridge domain on analyzer, but cannot see packets mirrored from inet interfaces.

And this config solved my problem:

input {
    rate 1;
}
family inet {
    output {
        interface ae0.0 {
            next-hop 169.254.33.2;
        }
        no-filter-check;
    }
}
family vpls {
    output {
        interface ae0.22;
        no-filter-check;
    }
}