Source Address Only Configuration

Multiple tunneled port mirrors can be configured to use a single source address configured L2 tunnel (VPPS) at its destination, by configuring the destination end as an any-remote tunnel. An any-remote tunnel accepts any remote IP as the source IP address, as long as the destination IP address matches this tunnel's source IP. When any-remote is enabled on the destination end of a VPPS tunnel:

• The any-remote configured tunnel accepts any tunneled packet destined to it's tunnel source. It decapsulates the packet and forwards it out the Ethernet port assigned to the tunnel.
• Any packets received on the Ethernet port assigned to the tunnel are switched or routed as normal, and not sent across the VPPS.
• If a destination address is configured on an any-remote enabled L2 tunnel, it has no practical affect, but it must have a route to the destination for the tunnel to be up.

Virtual Private Port Service Any-Remote Configuration Example presents an example of an any-remote enabled L2 tunnel. In this example port mirroring is enabled on Router 1 packet sources:

• Packet Source 1 – Port mirror enabled source port ge.1.1 (Callout 1) and target port tg.1.1 (Callout 3)
• Packet Source 2 – Port mirror enabled source port ge.1.2 (Callout 4) and target port tg.1.2 (Callout 6)

Two mirror enabled VPPS tunnels (one for each mirrored source) with a single tunnel destination are created on Router1 and Router2:

• tun.0.1 (Router1) – With a tunnel source of IP address 77.77.77.1 on loopback interface loop.0.1 (Callout 2), a bound physical port of tg.1.1 (same as the Packet Source 1 port mirror target), and a tunnel destination of IP address 99.99.99.1 (Callout 4)
• tun.0.2 (Router2) – With a tunnel source of IP address 88.88.88.1 on loopback interface loop.0.2 (Callout 6), a bound physical port of tg.1.2 (same as the Packet Source 2 port mirror target), and a tunnel destination of IP address 99.99.99.1 (Callout 4)
  

  Virtual Private Port Service Any-Remote Configuration Example

  

  1	ge.1.1 – tun.0.1 Mirrored Port (Source)	6	loop.0.2 – tun.0.2 Source, IP Add 88.88.88.1
  2	loop.0.1 – tun.0.1 Source, IP Add 77.77.77.1	7	tg.2.1 – tun.0.2 Mirrored Port (Target)
  3	tg.1.1 – tun.0.1 Mirrored Port (Target)	8	VLAN 20 (specified in static route to tunnel destination)
  4	loop.0.1 – tun.0.1-2 Destination, IP Add 99.99.99.1	9	ge.1.3 – Any-Remote tun.0.1 Ingress Port
  5	ge.1.2 – tun.0.2 Mirrored Port (Source)	10	ge.1.4 – Any-Remote tun.0.2 Ingress Port

On the Router 3 destination side of the VPPS tunnel, an any-remote L2 tunnel is created as tun.0.1 with a tunnel source of IP address 99.99.99.1 on loopback interface of loop.0.1 (Callout 4) and a bound physical port of ge.1.3. No tunnel destination is configured and will have on affect if one is configured.

A static route with VPPS tunnel destination as its destination assures a route exists for the VPPS tunnels.

Packets from Packet Source 1 are port mirrored on port ge.1.1 and targeted to port tg.1.1 (Router1) which is the bound physical port for tun.0.1. Packets are tunneled to Router 3 loopback interface loop.0.1. Returning packets will be sourced to loopback interface 1 on Router 3, but will be decapsulated and will be switched or routed out port ge.1.3 on Router 3 to its destination.

Packets from Packet Source 2 are port mirrored on port ge.1.2 and targeted to port tg.1.2 (Router2) which is the bound physical port for tun.0.2. Packets are tunneled to Router 3 loopback interface loop.0.1. Returning packets will be sourced to loopback interface 1 on Router 3, but will be decapsulated and will be switched or routed out port ge.1.3 on Router 3 to its destination.