Circling around on this, the solution was simple. My ingress interface was on fpc1, my egress interface was on fpc0. I attached the port-mirror-instance to fpc0. The fix was to attach to fpc1. The ingress and egress interfaces are both in the "instance-type vrf" RI.
Thanks to all who chimed in, -Michael > -----Original Message----- > From: juniper-nsp <[email protected]> On Behalf Of > Michael Hare via juniper-nsp > Sent: Tuesday, October 11, 2022 11:04 AM > To: Chuck Anderson <[email protected]>; [email protected] > Subject: Re: [j-nsp] port-mirror with source inside routing-instance type vrf > > Chuck, > > Thanks for the suggestion. I have tried it at least four ways; both with and > without the static-arp entry and with egress interface in global and egress > interface in VRF. When I tried without static-arp, I forced mirror up with a > ping from our mirroring device. My fw counters imply > 100pps hitting the > relevant firewall "then" clause. > > @re0# run show forwarding-options port-mirroring > Oct 11 11:00:33 > Instance Name: uwwhitewater > Instance Id: 3 > Input parameters: > Rate : 1 > Run-length : 0 > Maximum-packet-length : 0 > Output parameters: > Family State Destination Next-hop > inet up xe-0/0/4:2.3124 10.235.43.1 > > -Michael > > > -----Original Message----- > > From: juniper-nsp <[email protected]> On Behalf Of > > Chuck Anderson via juniper-nsp > > Sent: Tuesday, October 11, 2022 10:59 AM > > To: [email protected] > > Subject: Re: [j-nsp] port-mirror with source inside routing-instance type > > vrf > > > > Did you try creating a static ARP entry for the port mirroring destination? > > > > interfaces { > > xe-0/0/4:2 { > > vlan-tagging; > > mtu 9192; > > encapsulation flexible-ethernet-services; > > unit 3124 { > > description "mirror test"; > > vlan-id 3124; > > family inet { > > no-redirects; > > no-neighbor-learn; > > address 10.235.43.0/31 { > > arp 10.235.43.1 mac 02:02:02:02:02:02; > > } > > } > > } > > } > > } > > > > On Tue, Oct 11, 2022 at 02:37:47PM +0000, Michael Hare via juniper-nsp > > wrote: > > > show interfaces xe-0/0/4:2 | no-more > > > enable; > > > vlan-tagging; > > > mtu 9192; > > > encapsulation flexible-ethernet-services; > > > ... > > > ... > > > unit 3124 { > > > description "mirror test"; > > > vlan-id 3124; > > > family inet { > > > address 10.235.43.0/31; > > > } > > > } > > _______________________________________________ > > juniper-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
