[ovs-discuss] Traffic Mirroring using XenServer and OpenVSwitch

Gurucharan Shetty shettyg at nicira.com
Mon Jul 20 14:28:32 UTC 2015


> Q. Does it get added with a different vif name?
> A. Yes - the "dom-id" changes; the VIF name is made up of <dom-id>.<device-id> (e.g. vif2.0).
So you are saying instead of vif2.0, it can become vif3.0

>
> The controller - would that be something within XenServer or OVS?
It would be something that speaks to OVS. For e.g:
https://github.com/openvswitch/ovs/blob/master/xenserver/usr_share_openvswitch_scripts_ovs-xapi-sync

>
> Is there no other way to get this to work without resorting to cron jobs, shell scripts and separate bridges?
You are configuring mirroring without going through Xenserver's
inbuilt tools (if there are any) and using OVS directly instead.  So
it pretty much means that you will need something that watches Open
vSwitch database and performs corrective actions.

A quick Google search talks about "RSPAN" feature in Xenserver (this
is another name for port mirroring). So may be you should try that,
and if it does work, you likely don't need workarounds.

>
> Kind regards
>
> David
>
> -----Original Message-----
> From: Gurucharan Shetty [mailto:shettyg at nicira.com]
> Sent: 17 July 2015 16:26
> To: David Reade
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] Traffic Mirroring using XenServer and OpenVSwitch
>
> On Mon, Jul 13, 2015 at 1:06 AM, David Reade <d.reade at reades.co.uk> wrote:
>> Good morning all!
>>
>> I am using XenServer 6.5 SP1 with OpenVSwitch 2.1.3 and I need to mirror traffic from the source port (vif2.0) to the destination port (vif13.1). I have enabled promiscuous mode on the PIF and target VIF. Using the following command, I can enable traffic mirroring and see the results instantly:
>>
>> ovs-vsctl -- set Bridge xenbr1 mirrors=@m \
>> -- --id=@vif2.0 get Port vif2.0 \
>> -- --id=@vif13.1 get Port vif13.1 \
>> -- --id=@m create Mirror name=MyMirror select-all=true
>> output-port=@vif13.1
>>
>> However the port information changes every time the source/target VM is rebooted. This means I have to keep re-adding the mirror every time I reboot a VM using different VIFs which is not practical.
>
> It has bee a while that I have used Xenserver, so I have a couple of counter questions for you. When a VM is rebooted, does Xenserver delete the vif and re-add it? Does it get added with a different vif name? You can test it with doing a 'ovs-vsctl show' before the shutdown. Again after "shutdown" and again after "start".  If I remember correctly the name remains the same. But it likely deletes it and re-adds it. If it does the latter, I see how your mirror configuration gets destroyed.
>
> Usually such situations are handled via a controller, which watches OVSDB for changes and re-creates the mirror if it gets destroyed.
>
> If you don't want to use a cron job, another option is to not setup your mirror on the same bridge that has your vif attached. You can use a different bridge for each of your vif and then connect them to a separate bridge via a OVS patch port. You can add your mirror on this separate bridge which does not get effected with vm reboots.
>
>
>>
>> I have devised a way to get the current VIF ID and send it to OVS using a cron job or shell script. However I would prefer to just run a single command without resorting to cron jobs and shell scripts as they need managing themselves.
>>
>> Is there a way to setup traffic mirroring to run permanently which is unaffected by VM reboots?
>>
>> Thanks in advance,
>>
>> David
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> http://openvswitch.org/mailman/listinfo/discuss
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss



More information about the discuss mailing list