Configuring The Analyzer Device - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Related
Documentation

Configuring the Analyzer Device

Copyright © 2010, Juniper Networks, Inc.
Example: Configuring CLI-Based Interface-Specific Mirroring on page 228
Example: Configuring CLI-Based User-Specific Mirroring on page 229
The analyzer device must be configured to receive the mirrored traffic from the E Series
router's analyzer interface. You can use the default keyword with the interface command
to configure an interface as the virtual router's default analyzer interface; it is then used
when an analyzer interface is not explicitly specified in the ip mirror command. You
cannot configure multiaccess interfaces, such as IP over Ethernet, as default analyzer
interfaces.
You can configure any type of IP interface on the E Series router as an analyzer interface,
except for special interfaces such as SRP interfaces, null interfaces, and loopback
interfaces. An interface cannot be both an analyzer interface and a mirrored interface at
the same time. A single analyzer interface can serve multiple mirrored sessions. Analyzer
interfaces drop all nonmirrored traffic.
You can configure IP or GRE analyzer interfaces to enable traffic to flow between tunnel
endpoints that are local to the router. The tunnel can be located on a shared tunnel server
port or line module. For a complete list of the line modules and I/O modules available
for ERX14xx models, ERX7xx models, and the ERX310 Broadband Services Router, see
ERX Module Guide. For more information about line modules and IOAs available with the
E120 and E320 Broadband Services Routers, see E120 and E320 Module Guide.
Shared tunnel server on the ES2 10G ADV LM supports GRE tunnels for tunneling the
mirrored data packets. The mirrored data is forwarded to the analyzer device using the
GRE analyzer interface. Use the ip analyzer command to configure the GRE tunnel
interface to act as as a GRE analyzer tunnel interface. The ES2 10G ADV LM does not
support non-analyzer tunnel interfaces. Also, when you configure a GRE interface for
checksum calculations, use of sequence numbers, session keys, and other optional
parameters, the ES2 10G ADV LM does not support those GRE interfaces. However, if
you have configured a non-analyzer tunnel interface or a GRE interface with optional
parameters, these interfaces remain non-operational. The GRE analyzer interface forwards
mirrored traffic and drops all non-mirrored traffic.
Also, placement of GRE tunnels on the supported locations is no longer synchronous
with the tunnel configuration. So, you can configure tunnel servers when the chassis does
not support the required resources such as shared tunnel server ports or tunnel server
modules. However, the tunnels configured are non-operational. The tunnels become
operational when the required resources are added to the chassis.
NOTE: If a chassis has shared or dedicated tunnel server on the ES2 4G LM
and shared tunnel server on the ES2 10G ADV LM, the GRE non-analyzer
tunnel interfaces are available on the ES2 4G LM. Only GRE analyzer interfaces
with no optional configurations are available on the ES2 10G ADV LM shared
tunnel server.
Chapter 11: Configuring CLI-Based Packet Mirroring
227