Mailing List Archive: port-mirror with source inside routing-instance type vrf

port-mirror with source inside routing-instance type vrf

Oct 11, 2022, 7:37 AM

Post #1 of 4 (479 views)

Hello,

Cluebats appreciated, I can contact JTAC on this but am trying to avoid the timesink of opening a case.

Topic is filter based port mirroring for family inet with the wrinkle being that I'm trying to mirror traffic from inside "instance-type vrf". I've done this countless times before successfully [including today as a sanity check] with source being in global table.

So far I've tried putting the output interface both inside the same VRF and in global; no traffic seems to mirror. What is the correct stance? Yes, I've tried to prime the macaddr pump with ICMP from the mx10003 doing the mirroring.

I am aware of mirroring "family any" but am unsure if that applies here, as the source interface I am trying to mirror is edge of VRF and doesn't have family mpls on the logical interface of interest.

I'm confident the traffic I want to mirror is hitting my filter term based on incrementing counters.

Lightly sanitized config below.

# I confirmed this is attached to the interface of question and counters are incrementing.
term mirror-2 {
then {
count :mirror:all;
port-mirror-instance uw;
next term;
}
}

show forwarding-options
port-mirroring {
instance {
uw {
input {
rate 1;
}
family inet {
output {
interface xe-0/0/4:2.3124 {
next-hop 10.235.43.1;
}
}
}
}
}
}

show chassis
fpc 0 {
...
port-mirror-instance uw;
sampling-instance ins1;
}

show interfaces xe-0/0/4:2 | no-more
enable;
vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
...
...
unit 3124 {
description "mirror test";
vlan-id 3124;
family inet {
address 10.235.43.0/31;
}
}

and then I've put xe-0/0/4:2.3124 inside and outside the relevant routing-instance as tests.

-Michael
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: port-mirror with source inside routing-instance type vrf [ In reply to ]

juniper-nsp at puck

Oct 11, 2022, 8:58 AM

Post #2 of 4 (479 views)

Permalink

Did you try creating a static ARP entry for the port mirroring destination?

interfaces {
xe-0/0/4:2 {
vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 3124 {
description "mirror test";
vlan-id 3124;
family inet {
no-redirects;
no-neighbor-learn;
address 10.235.43.0/31 {
arp 10.235.43.1 mac 02:02:02:02:02:02;
}
}
}
}
}

On Tue, Oct 11, 2022 at 02:37:47PM +0000, Michael Hare via juniper-nsp wrote:
> show interfaces xe-0/0/4:2 | no-more
> enable;
> vlan-tagging;
> mtu 9192;
> encapsulation flexible-ethernet-services;
> ...
> ...
> unit 3124 {
> description "mirror test";
> vlan-id 3124;
> family inet {
> address 10.235.43.0/31;
> }
> }
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: port-mirror with source inside routing-instance type vrf [ In reply to ]

juniper-nsp at puck

Oct 11, 2022, 9:03 AM

Post #3 of 4 (479 views)

Permalink

Chuck,

Thanks for the suggestion. I have tried it at least four ways; both with and without the static-arp entry and with egress interface in global and egress interface in VRF. When I tried without static-arp, I forced mirror up with a ping from our mirroring device. My fw counters imply > 100pps hitting the relevant firewall "then" clause.

@re0# run show forwarding-options port-mirroring
Oct 11 11:00:33
Instance Name: uwwhitewater
Instance Id: 3
Input parameters:
Rate : 1
Run-length : 0
Maximum-packet-length : 0
Output parameters:
Family State Destination Next-hop
inet up xe-0/0/4:2.3124 10.235.43.1

-Michael

> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces@puck.nether.net> On Behalf Of
> Chuck Anderson via juniper-nsp
> Sent: Tuesday, October 11, 2022 10:59 AM
> To: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf
>
> Did you try creating a static ARP entry for the port mirroring destination?
>
> interfaces {
> xe-0/0/4:2 {
> vlan-tagging;
> mtu 9192;
> encapsulation flexible-ethernet-services;
> unit 3124 {
> description "mirror test";
> vlan-id 3124;
> family inet {
> no-redirects;
> no-neighbor-learn;
> address 10.235.43.0/31 {
> arp 10.235.43.1 mac 02:02:02:02:02:02;
> }
> }
> }
> }
> }
>
> On Tue, Oct 11, 2022 at 02:37:47PM +0000, Michael Hare via juniper-nsp
> wrote:
> > show interfaces xe-0/0/4:2 | no-more
> > enable;
> > vlan-tagging;
> > mtu 9192;
> > encapsulation flexible-ethernet-services;
> > ...
> > ...
> > unit 3124 {
> > description "mirror test";
> > vlan-id 3124;
> > family inet {
> > address 10.235.43.0/31;
> > }
> > }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: port-mirror with source inside routing-instance type vrf [ In reply to ]

juniper-nsp at puck

Oct 18, 2022, 8:43 AM

Post #4 of 4 (479 views)

Permalink

Circling around on this, the solution was simple. My ingress interface was on fpc1, my egress interface was on fpc0. I attached the port-mirror-instance to fpc0. The fix was to attach to fpc1. The ingress and egress interfaces are both in the "instance-type vrf" RI.

Thanks to all who chimed in,
-Michael

> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces@puck.nether.net> On Behalf Of
> Michael Hare via juniper-nsp
> Sent: Tuesday, October 11, 2022 11:04 AM
> To: Chuck Anderson <cra@fea.st>; juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf
>
> Chuck,
>
> Thanks for the suggestion. I have tried it at least four ways; both with and
> without the static-arp entry and with egress interface in global and egress
> interface in VRF. When I tried without static-arp, I forced mirror up with a
> ping from our mirroring device. My fw counters imply > 100pps hitting the
> relevant firewall "then" clause.
>
> @re0# run show forwarding-options port-mirroring
> Oct 11 11:00:33
> Instance Name: uwwhitewater
> Instance Id: 3
> Input parameters:
> Rate : 1
> Run-length : 0
> Maximum-packet-length : 0
> Output parameters:
> Family State Destination Next-hop
> inet up xe-0/0/4:2.3124 10.235.43.1
>
> -Michael
>
> > -----Original Message-----
> > From: juniper-nsp <juniper-nsp-bounces@puck.nether.net> On Behalf Of
> > Chuck Anderson via juniper-nsp
> > Sent: Tuesday, October 11, 2022 10:59 AM
> > To: juniper-nsp@puck.nether.net
> > Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf
> >
> > Did you try creating a static ARP entry for the port mirroring destination?
> >
> > interfaces {
> > xe-0/0/4:2 {
> > vlan-tagging;
> > mtu 9192;
> > encapsulation flexible-ethernet-services;
> > unit 3124 {
> > description "mirror test";
> > vlan-id 3124;
> > family inet {
> > no-redirects;
> > no-neighbor-learn;
> > address 10.235.43.0/31 {
> > arp 10.235.43.1 mac 02:02:02:02:02:02;
> > }
> > }
> > }
> > }
> > }
> >
> > On Tue, Oct 11, 2022 at 02:37:47PM +0000, Michael Hare via juniper-nsp
> > wrote:
> > > show interfaces xe-0/0/4:2 | no-more
> > > enable;
> > > vlan-tagging;
> > > mtu 9192;
> > > encapsulation flexible-ethernet-services;
> > > ...
> > > ...
> > > unit 3124 {
> > > description "mirror test";
> > > vlan-id 3124;
> > > family inet {
> > > address 10.235.43.0/31;
> > > }
> > > }
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp