[ovs-discuss] (no subject)
Tarren, Jacob A. (LARC-B703)[LITES II]
jacob.a.tarren at nasa.gov
Tue Apr 19 17:18:29 UTC 2016
I¹ve figured it out:
ovs-vsctl -- --id=@p get port vif104.1 -- --id=@m create mirror name=m0
select-all=true output-port=@p -- set bridge xenbr1 mirrors=@m
I¹ll need to switch from using port vif104.1 to using vifname, but other
than that this works perfectly. The best part is that it uses the xenbr1
network that xen manages, so I shouldn¹t have to adjust src-port or
dst-port as other VMs reboot.
On 4/18/16, 7:28 PM, "Ben Pfaff" <blp at ovn.org> wrote:
>On Mon, Apr 18, 2016 at 10:42:21PM +0000, Tarren, Jacob A.
>(LARC-B703)[LITES II] wrote:
>> I've just started experimenting with OpenVSwitch on Xen, and so far I
>>like it, but I'm running into an issue setting up port mirroring and
>> I'm trying to get all traffic on a network within my Xen server to be
>>mirrored to a specific VM so I can practice with an IDS. I've
>>determined that the VM I want my IDS on is connected via vif104.1, and I
>>think I should run this command to create a mirror over the whole
>> ovs-vsctl --set Bridge xenbr1 mirrors=@m -- -- email@example.com get Port
>>vif93.0 -- --firstname.lastname@example.org get Port vif78.3 -- --email@example.com get Port
>>vif72.0 -- --firstname.lastname@example.org get Port vif79.1 -- --email@example.com get Port tap93.0
>>-- --id=@xenbr1 get Port xenbr1 -- --firstname.lastname@example.org get Port vif62.3 --
>>--email@example.com get Port tap62.3 -- --id=@eth1 get Port eth1 --
>>--firstname.lastname@example.org get Port vif104.1 -- -- --id=@m create Mirror
>>email@example.com, at vif78.3, at vif72.0, at vif79.1, at tap93.0, at xenbr1, at vif
>>62.3, at vif103.1, at tap62.3, at eth1
>>firstname.lastname@example.org, at vif78.3, at vif72.0, at vif79.1, at tap93.0, at xenbr1, at vif
>>62.3, at vif103.1, at tap62.3, at eth1 email@example.com
>> After running that, I should set the vif of that network on my IDS
>>(vif104.1) into promiscuous mode with:
>> xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true"
>> Unfortunately, when I try running the ovs-vsctl command I get:
>> ovs-vsctl: unrecognized option `--set'
>> I think this is because I'm specifying multiple dst-ports and src-ports
>>but I'm not sure.
>"set" is a command, not an option, so there's no --.
More information about the discuss