Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

  • 1.  EX3400 Port mirroring not working, Please help!

    Posted 06-24-2022 05:45
    Edited by spuluka 06-25-2022 05:24
    Hello everyone,

    I am testing port mirroring on EX3400, but unable to get it to work, any help will be grateful.



    I have a VM connected onto ge-0/0/47 to perform pings to irb.10/Vlan 10 , 10.80.140.81/29 on the EX3400.

    I have the analyser configured as below on the EX3400.

    root@tsxvcwes02j34> ...arding-options analyzer | display set
    set forwarding-options analyzer analyzer1 input ingress interface ge-0/0/47.0
    set forwarding-options analyzer analyzer1 input egress interface ge-0/0/47.0
    set forwarding-options analyzer analyzer1 output interface ge-0/0/9.0

    root@tsxvcwes02j34> show configuration interfaces ge-0/0/9 | display set
    set interfaces ge-0/0/9 unit 0 family ethernet-switching interface-mode trunk
    set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members vl-99
    set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members remote-monitor
    set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members vl-10

    When I monitor traffic interface ge-0/0/9 size 9999, I should be getting mirrored icmp messages from ge-0/0/47 .. but I dont see them.

    root@tsxvcwes02j34> monitor traffic interface ge-0/0/9 size 9999
    verbose output suppressed, use <detail> or <extensive> for full protocol decode
    Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
    Address resolution timeout is 4s.
    Listening on ge-0/0/9, capture size 9999 bytes

    04:14:02.494008 Out LLDP, name tsxvcwes02j34.ims.telstra.com.au, length 358                 <- no ICMP messages seen.
    04:14:03.163209 In LLDP, name tsxvcwer03c61.ims.telstra.com.au, length 514
    04:14:30.885044 Out LLDP, name tsxvcwes02j34.ims.telstra.com.au, length 358
    04:14:32.924642 In LLDP, name tsxvcwer03c61.ims.telstra.com.au, length 514
    04:15:00.794091 Out LLDP, name tsxvcwes02j34.ims.telstra.com.au, length 358
    04:15:02.890152 In LLDP, name tsxvcwer03c61.ims.telstra.com.au, length 514


    ------------------------------
    Insomnia
    ------------------------------


  • 2.  RE: EX3400 Port mirroring not working, Please help!

    Posted 02-21-2023 09:44

    As I have understood it, this is not how it works (please correct me if I am wrong).

    The "monitor traffic" command (like running tcpdump after a "start shell") only captures traffic that is passed to the routing engine (control plane). All traffic that can be handled within the ASIC itself or another part of the data plane is not pushed to the control plane and you will not any of this traffic.

    If you want to see what happens on a port, the only way (as far as I know) is to mirror the traffic to another port (like you did) and then connect a device (like a laptop) to that port and run tcpdump/wireshark/etc there.

    New Cisco switches have a feature called vlan span, which allows you to mirror a port completely into a vlan that you capture somewhere else. Maybe newer Junipers have this too. But in the end, it would be nice to just have the option to push ALL data from a port to the control plane (and take the risk that the control plane becomes completely overwhelmed, that is the downside).



    ------------------------------
    Erik Slagter
    ------------------------------

    Original Message