Known Behavior
27
Release 10.3.2
Packet Mirroring
The ES2 10G LM supports the packet mirroring feature when the module is
paired with the ES2-S2 10GE PR IOA, the ES2-S1 GE-8 IOA, or the ES2-S3 GE-20
IOA. When you use the ES2 10G LM with these IOAs, CLI-based
interface-specific mirroring is not supported.
When both interface-specific mirroring and user-specific mirroring are
configured on the same interface, the interface-specific secure policies take
precedence. The interface-specific secure policies, which you manually attach
using the CLI, override and remove any existing secure polices that were
attached by a trigger action. If the interface-specific secure polices are
subsequently deleted, the original trigger-based secure policies are not restored.
Typically, when configuring packet mirroring, you configure a static route to
reach the analyzer device through the analyzer port. If the analyzer port is an
IP-over-Ethernet interface, you must also configure a static Address Resolution
Protocol (ARP) entry to reach the analyzer device. However, because only a
single static ARP entry can be installed for a given address at any given time,
when you are using equal-cost multipath (ECMP) links to connect to the
analyzer device, the static ARP configuration does not provide failover if the link
being selected fails or is disconnected. Therefore, to provide continued
connectivity if the link fails when using ECMP, enable the
ip proxy-arp
unrestricted
command on the next-hop router for each ECMP interface. As a
result, when the link fails, the router sends an ARP request to identify the MAC
address of the analyzer device and gets a response over the new link.
Policy Management
The ES2 10G LM does not support the deprecated
next-hop
command.
You cannot configure classifier lists that reference multiple fields for a VLAN
policy list on the ES2 10G Uplink LM or the ES2 10G LM, with the exception of
traffic-class and color. The system incorrectly classifies VLAN policies that
classify using multiple fields. For example, an invalid policy list that references
multiple fields uses both color and user-packet-class, or one classifier list using
color and another using user-packet-class.
In rare cases, some policy configurations that use CAM hardware classifiers
from releases earlier than Release 7.1.0 can fail because they exceed the total
hardware classifier entry size of 128 bits that was introduced in Release 7.1.0.
For more information and examples of previous configurations, see
JunosE
Policy Management Configuration Guide, Chapter 8, Policy Resources.