[ovs-discuss] Deleting and re-creating mirror with different configuration does not work

Vasileios Kotronis vak at open.ch
Wed Apr 6 14:18:22 UTC 2016 

Hello,

I have an issue with port mirroring on ovs. I am trying to reload a mirror configuration on-the-fly, using an internal bridge port as the target mirror out port. There is no error that makes ovs complain, but the behavior of the mirror is not the intended one.

Here are the steps I followed:

1) First, I clear the bridge’s mirrors:

ovs-vsctl clear Bridge my_br mirrors

2) Afterwards, I create a new mirror from eth1 to the mirror out port:

ovs-vsctl -- set Bridge my_br mirrors=@m1 -- --id=@eth1 get Port eth1 -- --id=@mir0 get Port mir0 -- --id=@m1 create Mirror name=port_mirror1 select-dst-port=@eth1 select-src-port=@eth1 output-port=@mir0

3) Using tcpdump on eth1 and mir0 and comparing their outputs I see that the mirror works correctly.
Till now, all good.

4) Next, I am changing the configuration of the mirror since I want, on-the-fly, to monitor a different interface with the same mirror out target.

5) I am clearing the old configuration:

ovs-vsctl clear Bridge my_br mirrors

6) I am creating the new mirror from eth2 to the mirror out port:

ovs-vsctl -- set Bridge my_br mirrors=@m1 -- --id=@eth2 get Port eth2 -- --id=@mir0 get Port mir0 -- --id=@m1 create Mirror name=port_mirror1 select-dst-port=@eth2 select-src-port=@eth2 output-port=@mir0

7) Using tcpdump on eth2 and mir0 and comparing their outputs I see that the mirror DOES NOT work correctly.

That is, I still see traffic from the old mirrored interface (eth1), which should not be there after clearing the mirror. 
Also, after such a process, it may happen that I see only the correct arp and ipv6 traffic on mir0, but no ipv4 traffic, or the traffic may be mixed
with the old interface traffic which should not happen.

It is hard to understand if this is an ovs bug or whether I am doing sth totally wrong. 

Moreover, I would like to ask if you are aware of any side-effects of using port mirroring on interfaces that are bonded, since
I also tried another mirror creation on such an interface and I could only see arp and ipv6 traffic, no ipv4 packets. This did not have to do
anything with changing the mirror configuration, but is related to the port mirroring problems with OVS.

In general, there seems to be a very well-hidden bug with this behavior and I would appreciate if we could discuss how this can be remedied.

Thanks in advance!

Best regards,
Vasileios Kotronis

More information about the discuss mailing list