Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring Tunnel Interfaces for Subscriber Secure Policy Mirroring

The router, acting as the IAP, uses tunnel interfaces (vt interfaces) to send mirrored traffic to the mediation device. The IAP equally distributes the mirrored traffic across the available tunnel interfaces.

Because the MX Series 3D Universal Edge Routers do not support Tunnel Services PICs, you create a pool tunnel interfaces on MX Series routers at the [edit chassis] hierarchy level.

You can configure up to 2048 mirrored subscriber sessions per chassis.

To configure a pool of tunnel interfaces for use by subscriber secure policy mirroring:

  1. Access the chassis configuration, and specify the slot number of the DPC, MPC, or MIC.
    • On the MX80 router, the range is 0 through 1.
    • On other MX Series routers, if two System Control Boards (SCBs), are installed, the range is 0 through 11. If three SCBs are installed, the range is 0 through 5 and 7 through 11.
    [edit chassis]user@host# edit fpc 1
  2. Configure the PIC number of the FPC.
    • On MX80 routers, if the FPC is 0, the PIC number can only be 0. If the FPC is 1, the PIC range is 0 through 3.
    • For all other MX Series routers, the range is 0 through 3.
    [edit chassis fpc 1]user@host# edit pic 1
  3. Specify that the FPC and PIC are to be used for tunnel interfaces.
    [edit chassis fpc 1 pic 1]user@host# edit tunnel-services
  4. Specify the amount of bandwidth to reserve for tunnel traffic on each Packet Forwarding Engine.
    • 1g indicates that 1 Gbps of bandwidth is reserved for tunnel traffic.
    • 10g indicates that 10 Gbps of bandwidth is reserved for tunnel traffic.

    If you specify a bandwidth that is not compatible, tunnel services are not activated. For example, you cannot specify a bandwidth of 1 Gbps for a Packet Forwarding Engine on a 10-Gigabit Ethernet 4-port DPC.

    [edit chassis fpc 1 pic 1 tunnel-services]user@host# user@host# set bandwidth 1g
  5. Configure the tunnel interfaces, including the family.

    To configure subscriber secure policy mirroring for IPv6 traffic, configure the tunnel interfaces for both the inet and inet6 families.

    [edit interfaces]user@host# set vt-1/1/0 unit 0 family inet user@host# set vt-1/1/0 unit 0 family inet6
 

Related Documentation

 

Published: 2013-07-31

Previous Page Next Page