Skip to Main Content
JUNOS High Availability
book

JUNOS High Availability

by James Sonderegger, Orin Blomberg, Kieran Milne, Senad Palislamovic
August 2009
Intermediate to advanced content levelIntermediate to advanced
690 pages
20h 14m
English
O'Reilly Media, Inc.
Content preview from JUNOS High Availability

Gathering Evidence

Sometimes you may want to collect information about an attack that has occurred. You might want to analyze the attack further, or perhaps you want to provide data to a law enforcement agency. In either case, there are several tools you can use to gather the appropriate data.

Firewall Logs and Counters

We discussed firewall logs and counters throughout this chapter. They provide direct information about which traffic is being accepted and denied, and how much traffic matches each filter. Using these tools, you can get a good indication of whether attacks are occurring, and capture data to use as evidence of the existence of the attack.

Port Mirroring

You can use port mirroring to capture entire packets and send a copy of them to another device. This can be very useful to gather evidence of an attack.

To configure port mirroring, you must first define parameters for how much data to capture and where to send it:

[edit]
lab@r1# show forwarding-options
port-mirroring {
    family inet {
        input {
            rate 100;
            run-length 3;
        }
        output {
            interface fe-0/0/1.0 {
                next-hop 10.10.1.1;
            }
        }
    }
}

In this example, you can see that port mirroring parameters are configured under the forwarding-options section of the CLI. You must define two input parameters: the rate, which is the capture sampling rate, and the run-length, which is how many packets are captured each time a capture is performed; for example, a rate of 100 means a capture will be triggered for each 100 eligible packets. A run-length ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Performance Baselining

Network Performance Baselining

Daniel Nassar
Cisco Catalyst QoS: Quality of Service in Campus Networks

Cisco Catalyst QoS: Quality of Service in Campus Networks

Mike Flannagan - CCIE® No. 7651, Richard Froom - CCIE No. 5102, Kevin Turek - CCIE No. 7284
Juniper Networks® Field Guide and Reference

Juniper Networks® Field Guide and Reference

Aviva Garrett, Gary Drenan, Cris Morris, Juniper Networks®
Juniper Networks® Reference Guide: JUNOS™ Routing, Configuration, and Architecture

Juniper Networks® Reference Guide: JUNOS™ Routing, Configuration, and Architecture

Thomas M. Thomas II, Doris Pavlichek, Lawrence H. Dwyer III, Rajah Chowbay, Wayne W. Downing III, James Sonderegger

Publisher Resources

ISBN: 9780596805449Errata Page