Junos OS

Expand all | Collapse all

MX104 monitor traffic interface not showing forwarded traffic

Jump to Best Answer
  • 1.  MX104 monitor traffic interface not showing forwarded traffic

    Posted 02-06-2019 06:49

    Hi, 
    I'm trying to sniff and analyze traffic on one of my interfaces that is forwarding traffic but infortunately I'm only able to see traffic that is destined directly to the interface (BGP messages, L2 messages and ICMP destined to the interface direct IP address).

    I have a LACP bundle so I tried to check for the packets at all interface level (physical, logical bundle, and sub-interface) without any success. I also tried to go directly to the UNIX shell and the result is same. 

    Given the example below, the interface ae0.10 can be the default gateway for it's subnet, but I'm only able to see the packets destined or originated from the interface itself and not the forwarded ones. 

    ge-0/0/0 {

        gigether-options {

            802.3ad ae0;

        }

    }

    ge-0/0/1 {

        gigether-options {

            802.3ad ae0;

        }

    }

    ae0 {

        vlan-tagging;

        aggregated-ether-options {

            lacp {

                active;

            }

        }

        unit 10 {

            vlan-id 10;                     

            family inet {                   

                address 10.0.0.10/28;      

            }                               

        }             


    Is there a way to see all the traffic that is being forwarded through that interface?

    Thanks


    #monitortrafficinterface


  • 2.  RE: MX104 monitor traffic interface not showing forwarded traffic
    Best Answer

    Posted 02-06-2019 08:51

    Hello,


    @vascom wrote:

    Hi, 
    I'm trying to sniff and analyze traffic on one of my interfaces that is forwarding traffic but infortunately I'm only able to see traffic that is destined directly to the interface (BGP messages, L2 messages and ICMP destined to the interface direct IP address).

     


    This is a well-known feature|bug|limitation|pecularity|quirk (strike out as necessary) for distributed platfroms where control plane is physically separate from forwarding plane. MX104 is a distributed platform, as are all other Juniper router products. 

     


    @vascom wrote:

     


    Is there a way to see all the traffic that is being forwarded through that interface?



    If You want to examine transit packet contents, then can use port-mirroring 

    https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/services-configuring-port-mirroring.html

    You will need a free revenue port (sending mirrored packets out from fxp0 is not supported), a copper SFP, RJ45 cable, a laptop with Wireshark and 1000Base-T GigE card.

     

    If You want to see what TCP/UDP ports are most used among transit traffic, use traffic sampling

    https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-configuring-the-output-file-for-traffic-sampling.html

     

    HTH

    Thx
    Alex