Information on remote port mirroring on Junos routers doesn’t seem to be very easy to come by for some reason – there is quite a lot of information about doing this on EX switches (a bit like RSPAN in Cisco’s IOS), which wasn’t what I needed. Various other sources of information (such as Cluepon) say this can be done using a GRE tunnel, but that the capturing device needs to be a server that terminates the GRE tunnel – which all seemed a bit complicated.
I needed to remotely mirror a port on an MX to a second MX where a windows-based Wireshark was connected, so getting GRE working to a Windows host sounded like a non starter.
So I had to work it out myself – and hopefully this write-up will prove useful to someone else in the future.
An additional requirement for the customer was that the captured interface should be in a VRF, so the test-bed I set up below has production traffic flowing through a VRF, and the mirrored traffic in a GRE tunnel which is running in the global routing table.
Here’s the write-up I did for the customer:
The more I play around with Docker and Kubernetes the more I find myself needing to rebuild my lab. Config file changes are done all over the place, permissions change, some binaries are added or updated, and things get out of sync. I always like to figure out how things work and then rebuild ‘the right way’ to make sure I know what I’m talking about. The process of rebuilding the lab takes quite a bit of time and was generally annoying. So I was looking for a way to automate some of the rebuild. Having some previous experience with Chef, I thought I might give that a try but I never got around to it. Then one day I was browsing the Kubernetes github repo and noticed that there was already a fair amount of SaltStack files out in the repo. I had heard about SaltStack, but had no idea what it was so I thought I’d give it a try and see if it could help me with my lab rebuilds.
Make a long story short, it helps, A LOT. While I know I’ve only scratched the surface the Continue reading
Survey says: Global Operators are ready for something new. Lifecycle Service Orchestration may be what they're looking for.