Packet Header for Mirrored Traffic Sent to Mediation Device
When the router sends mirrored traffic to the mediation device, it encapsulates the mirrored payload in a packet header before it sends the mirrored traffic to the mediation device.
The packet header includes the Session ID that Junos assigns to the subscriber session. The mediation device can use the ID to identify the session of the mirrored subscriber. The mediation device can use the Session ID along with the Intercept ID to track a subscriber across multiple login and logout events. The Intercept ID is constant, but the Session ID changes with each new session for a subscriber.
Figure 1 is the mirrored packet header that the router sends to the mediation device.
Table 1 describes the fields in the packet header of mirrored packets.
Field |
Value |
Length (Bits) |
|---|---|---|
IP Header |
||
Version |
4 |
4 |
IHL |
5 |
4 |
Type of Service |
0 |
8 |
Total Length |
Dynamically computed |
16 |
Identification |
Dynamically computed |
16 |
Flags |
Dynamically computed |
3 |
Fragment Offset |
Dynamically computed |
13 |
Time to Live |
255 |
8 |
Protocol |
17 |
8 |
Header Checksum |
Dynamically computed |
16 |
Source Address |
IP address of the router interface that sends mirrored traffic to the mediation device |
32 |
Destination Address |
IP address of the mediation device to which mirrored traffic is forwarded. This value is taken from the X-JTap-Cdest-Dest-Address attribute that is sent to the router in the DTCP ADD command. |
32 |
UDP Header |
||
Source Port |
UDP port number on the router from which mirrored traffic is sent to the mediation device |
16 |
Destination Port |
UDP port on the mediation device to which mirrored traffic is forwarded. This value is taken from the X-JTap-Cdest-Dest-Port attribute that is sent to the router in the DTCP ADD command. |
16 |
Length |
Dynamically computed |
16 |
Checksum |
0 |
16 |
Mirror Header |
||
V (mirror header value) |
0 |
2 |
Intercept ID |
Value of the X-MD-Intercept-Id that is sent to the router in the DTCP ADD command. |
30 |
Session ID |
Subscriber session ID assigned by the router. See Format of the Mirror Header Values Used to Track Subscribers and Subscriber Sessions |
32 |
Format of the Mirror Header Values Used to Track Subscribers and Subscriber Sessions
The packet header includes mirror header attributes that the mediation device can use to track subscribers and subscriber sessions. There are three mirror header attributes in the packet header:
V (mirror header value)— For DTCP, this value is always set to 0 in the packet header sent to the mediation device.
Session ID— Used by the mediation device to identify the session of the mirrored subscriber. The value is assigned to a subscriber session by the Junos OS. The Session ID changes with each new session for a subscriber.
Intercept ID— Used along with the Session ID by the mediation device to track a subscriber across multiple login and logout events. The value is assigned to a subscriber whose traffic is being intercepted. The Intercept ID is constant; it does not change as a subscriber logs in and logs out of sessions.
Manually Setting the Session-ID and Intercept ID in Packet Headers
You can use the DTCP ADD command to manually specify the Session
ID value (X-Act-Sess-Id) and the Intercept ID value (X-MD-Intercept-Id)
placed in the headers sent to the mediation device. You
configure the values in an 8-byte format. To do so:
Configure the first two most significant bits to a value of 0, which indicates two words.
Configure the remaining 30 bits of the first word to form the Intercept ID field.
Configure the second word to form the Session-ID field.
You cannot change the order of these two words.
Figure 2 shows an example of the mirror header:
For example, a value of 0000030000000090 configures the following fields in the mirror header: :
V = 0
Intercept-ID = 0x300
Session-ID = 0x90