[ovs-discuss] (no subject)

Tarren, Jacob A. (LARC-B703)[LITES II] jacob.a.tarren at nasa.gov
Mon Apr 18 22:42:21 UTC 2016


Hello!

I've just started experimenting with OpenVSwitch on Xen, and so far I like it, but I'm running into an issue setting up port mirroring and promiscuous mode.

I'm trying to get all traffic on a network within my Xen server to be mirrored to a specific VM so I can practice with an IDS.  I've determined that the VM I want my IDS on is connected via vif104.1, and I think I should run this command to create a mirror over the whole network:

ovs-vsctl --set Bridge xenbr1 mirrors=@m -- -- id=@vif93.0 get Port vif93.0 -- --id=@vif78.3 get Port vif78.3 -- --id=@vif72.0 get Port vif72.0 -- --id=@79.1 get Port vif79.1 -- --id=@tap93.0 get Port tap93.0 -- --id=@xenbr1 get Port xenbr1 -- --id=@vif62.3 get Port vif62.3 -- --id=@tap62.3 get Port tap62.3 -- --id=@eth1 get Port eth1 -- --id=@vif104.1 get Port vif104.1  -- -- --id=@m create Mirror name=xenbr1-everything-mirror select-dst-port=@vif93.0, at vif78.3, at vif72.0, at vif79.1, at tap93.0, at xenbr1, at vif62.3, at vif103.1, at tap62.3, at eth1 select-src-port=@vif93.0, at vif78.3, at vif72.0, at vif79.1, at tap93.0, at xenbr1, at vif62.3, at vif103.1, at tap62.3, at eth1 output-port=@vif104.1

After running that, I should set the vif of that network on my IDS (vif104.1) into promiscuous mode with:
xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true"

Unfortunately, when I try running the ovs-vsctl command I get:
ovs-vsctl: unrecognized option `--set'
I think this is because I'm specifying multiple dst-ports and src-ports but I'm not sure.

My problem appears to be in the syntax.  I feel like there should be a way to mirror all interfaces on the xenbr1 network to a specified interface without having to list all of them as src-ports and dst-ports, but I haven't been able to find anything online.  I asked in the Xen mailing list first, but it seems like most people there weren't familiar with the intricacies of OpenVSwitch so I figured I'd ask directly here as well.

Also, VM's get a new VIF each time they're rebooted, so any mirror I create will need to be recreated after each power cycle.  Is there a way to make this persistent?

________________________________
Thanks,
Jake Tarren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160418/a760f585/attachment-0002.html>


More information about the discuss mailing list