[ovs-discuss] Port Mirroring on XenCenter 7

[Justin Pettit]

> On Aug 8, 2016, at 4:45 AM, Jerome Eichler <jerome at eichler.org> wrote:
> 
> Dear all,
>  
> although there are few blogs on the web regarding this matter my problem cannot be resolved following them.
>  
> My setup:
> XenServer 7.0 with 2 NICs onboard. NIC1 (eth1) is connected to my Juniper switch (EX-4200-48T). At this Juniper-Port all traffic in my network is being mirrored to.
>  
> What I want to do:
> Forward all that traffic from eth1 to my VM's interface. I assigned the interface eth1 to the vm as secondary interface.
>  
> In XenServer itself I also put all the network interfaces (physical ones as well as the virtual ones)  to promisc mode.
> Following this blog article: http://blog.manula.org/2014/02/port-mirroring-with-openvswitch.html I configured OVS to mirror all that traffic from eth1 to vif1.1 (which is the virtual interface of the physical interface eth1 inside the VM)
>  
> +++
> ovs-vsctl -- set Bridge xenbr1 mirrors=@m -- --id=@eth1 get Port eth1 -- --id=@vif1.1 get Port vif1.1 -- --id=@m create Mirror name=mirror1 select-dst-port=@eth1 select-src-port=@eth1 output-port=@vif1.1
> +++
>  
> Then I am able to see some traffic on eth1 in my VM. But it seems to be not all traffic. 
> I am using pmacct to collect data, this data is being stored to a mysql database and from there being handled further by own scripts.
>  
> I did a download of a 10GB file. So I should see 10GB downloaded, but I only see around 400MB.
>  
> When starting pmacct on the xenserver host itself, I see the whole 10GB thing. So I assume that not all traffic is forwarded from eth1 to vif1.1? What am I doing wrong? Anybody here that can help?

I'm not familiar with pmacct, but a quick look at the documentation makes it look like by default it captures 4KB per packet.  It could also be dropping packets.  There are a lot of variables here.  You may want to check the interface statistics in both the guest and dom0 to make sure those are right.

--Justin