Configuring Packet Mirroring
To support packet mirroring in an SRC network, configure a script service that can be activated to set up RADIUS-based packet-mirroring policies on a JUNOSe router. The script service defines the parameters needed to mirror subscriber traffic, such as the address of the subscriber or the analyzer device. This script service is activated for the subscriber whose traffic should be mirrored. For detailed information about configuring script services, see SRC-PE Services and Policies Guide, Chapter 2, Managing Services on a Solaris Platform.
You must have preconfigured RADIUS-based packet mirroring on JUNOSe routers. The JUNOSe software provides RADIUS-based packet mirroring, which allows the router to create dynamic secure policies for the mirroring operation. The RADIUS administrator can configure and manage interface mirroring services that are activated by means of CoA. For information about configuring RADIUS-based packet mirroring on the JUNOSe router, see the JUNOSe Policy Management Configuration Guide.
For information about dynamic RADIUS requests, see RFC 3576—Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) (July 2003).
To set up the SRC software for packet mirroring, perform the following tasks:
- Creating the Script Service for Packet Mirroring
- Configuring the Script Service for Packet Mirroring
- Configuring Subscriptions to the Packet-Mirroring Service
- (Optional) Specifying Maximum Number of Peers139
The SRC software includes a sample script service that you can configure to send dynamic RADIUS requests to the JUNOSe router. You can use the sample service definition and customize it for your environment by modifying the service substitutions. For information about the sample packet mirroring application, see Example: Using the Sample Packet-Mirroring Application.
Creating the Script Service for Packet Mirroring
- In the SDX Admin navigation pane, right-click the Services folder, highlight New, and then click SSP Service.
- In the New SSP Service dialog box, enter a service name or select a name from the drop-down list.
- In the Main tab pane, select script in the Type field.
- If you want to hide the service from users and unauthorized administrators, select true from the menu in the Secret field.
![]()
- Click the Script tab.
![]()
- In the Script Type field, select URL.
- In the Class Name field, enter net.juniper.smgt.sae.packetMirroring.LiService.
- In the File/URL field, enter file:///opt/UMC/sae/var/run/pm.jar.
After you create the script service, you need to configure parameters for the script service. For more information about configuring script services and parameters, see SRC-PE Services and Policies Guide, Chapter 2, Managing Services on a Solaris Platform.
Configuring the Script Service for Packet Mirroring
To configure the script service, you provide parameter substitutions with the values that are in the service definitions. To do so:
- In SDX Admin, select the Parameter tab in the script service configuration. The parameter pane appears.
![]()
- Configure the parameters.
Table 7 lists the parameters specified by the sample packet-mirroring script service. In most cases, you can use the sample script service without modification.
You can also configure dynamic RADIUS requests with the sendDynamicRadius method of the ServiceSessionInfo interface (see Defining RADIUS Attributes for Dynamic Authorization Requests with the API).
For detailed information about configuring services, see SRC-PE Services and Policies Guide, Chapter 2, Managing Services on a Solaris Platform.
Configuring Subscriptions to the Packet-Mirroring Service
You need to configure subscriptions to the packet-mirroring service. You can set up the subscriptions to activate immediately on login.
For more information, see SRC-PE Subscribers and Subscriptions Guide, Chapter 13, Configuring Subscribers and Subscriptions with SDX Admin.