[ovs-discuss] Sflow packet samples in Openstack environment on OVS bridge

Peter Phaal peter.phaal at inmon.com
Thu Apr 23 05:56:42 UTC 2015


Ingress means that packets are captured as they are received on a physical or virtual bridge ports. Patch ports are ignored.

In stand alone mode you typically define a single bridge. However, OpenStack defines a pair of bridges (br-in and br-ex) and to get full coverage, you need to enable sFlow on both bridges.

Why is it a problem that the sFlow sample contains the GRE header? An sFlow analyzer should be able to decode tenant packet encapsulated by GRE. There is currently work underway to add support for the sFlow tunnel spec to OVS which should further improve visibility into underlay / overlay in virtual networks:

http://sflow.org/sflow_tunnels.txt <http://sflow.org/sflow_tunnels.txt>

Peter

> On Apr 22, 2015, at 10:31 PM, harsh jain <harshjain32 at gmail.com> wrote:
> 
> Hi Peter,
> 
> Thanks for reply.
> 
> What is the difference in vSwitch configuration in Openstack environment  and in standalone use. if i try to enable sflow on OVS-bridge having following setup. It captures packet in both direction. I think I am not able to understand exactly what ingress means.
> 
> In PC
> eth0--> br0-->tap0 (mktun command) --> Passed the tap device to qemu to launch VM.
> 
> In compute node
> VM-->tap-->Linux Bridge --veth pair-->br-int(sflow enabled)-veth pair->br-tun
> 
> 
> Actually We can not use br-ex to enable flow because sflow sample contain GRE header.
> 
> 
> Thanks & Regards
> Harsh Jain
> 
> 
> 
> On Wed, Apr 22, 2015 at 8:00 PM, Peter Phaal <peter.phaal at inmon.com <mailto:peter.phaal at inmon.com>> wrote:
> The sFlow implementation in OVS applies ingress sampling. To get full coverage into all traffic paths you need to enable sFlow on all bridges. For OpenStack, enabling sFlow on br-ex should give you visibility into the traffic destined to VMs.
> 
> You may also want to take a look at the Host sFlow agent (http://host-sflow.sourceforge.net/ <http://host-sflow.sourceforge.net/>). It can automatically manage the OVS sFlow settings and will also export hypervisor and VM CPU, memory, disk and network IO stats.
> 
>> On Apr 22, 2015, at 12:46 AM, harsh jain <harshjain32 at gmail.com <mailto:harshjain32 at gmail.com>> wrote:
>> 
>> Hi,
>> 
>> I tried to collect sflow packet on OVS switch in Openstack. But captured paackets contain only traffic coming out from the VM i.e samples contain Raw Packet of VM to external network direction only.following command is used to enable 
>> 
>> export COLLECTOR_IP=10.3.5.112
>> export COLLECTOR_PORT=6343
>> export AGENT_IP=eth1
>> export HEADER_BYTES=256
>> export SAMPLING_N=1
>> export POLLING_SECS=10
>> 
>> ovs-vsctl -- --id=@sflow create sflow agent=${AGENT_IP} target=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" header=${HEADER_BYTES} sampling=${SAMPLING_N} polling=${POLLING_SECS} -- set bridge br-int sflow=@sflow
>> 
>> Connection is 
>> VM ->tap device->br-int(sflow enabled)-----veth-pair----->br-data-eth.
>> 
>> Why packets are colected for 1 direction only?
>> 
>> 
>> Thanks & Regards
>> Harsh Jain
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org <mailto:discuss at openvswitch.org>
>> http://openvswitch.org/mailman/listinfo/discuss <http://openvswitch.org/mailman/listinfo/discuss>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20150422/1ba3a116/attachment-0002.html>


More information about the discuss mailing list