Просмотр Исходного

h5. Правило для зеркалирования в firewall "internet-output":

\\
{code}
user@host# show firewall family inet filter internet-output term 1-span-to-carbon {from { protocol tcp; destination-port [ http https ftp domain 81 82 84 888 2020 2072 4001 4002 5000 8001 8080 8081 8085 16869 16873 ];}
then port-mirror;
}
term 2-span-to-carbon-udp {
from {protocol udp; destination-port domain;}
then port-mirror;
}
term 9-premit_any {then accept;}
{code}
\\

h5. Настройки зеркалирования (куда отправляем зеркало):

\\
{code}
user@host# show forwarding-options port-mirroring
input { rate 1; }
family inet {
output {
interface xe-2/2/0.4020 { next-hop 172.16.16.2; }
}
}
{code}

\\

h5. Настройки интерфейса для carbon-reductor:

\\
{code}
user@host# show interfaces xe-2/2/0.4020
description "remote mirror for carbon reductor";
vlan-id 4020;
family inet { address 172.16.16.1/30; }
{code}
\\

h5. Настройка firewall:

\\
{code}
user@host# show interfaces | display set | match internet-output
set interfaces xe-2/2/0 unit 1510 family inet filter output internet-output
{code}


\\

h5. На Carbon Reductor:

\\
{code}
[root@localhost]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
BOOTPROTO=static
IPADDR=172.16.16.2
NETMASK=255.255.255.252
DEFROUTE=no
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
ARP=yes
MTU=9200
{code}