[ovs-discuss] Fwd: Port Mirroring on XenCenter 7

Jerome Eichler jerome at eichler.org
Thu Oct 6 07:03:12 UTC 2016 

Hello @ll,

I just want to push up this issue. It is quite important for me to get this solved. Is anybody here that can help?


Thank you so much,

Jerome


> Anfang der weitergeleiteten Nachricht:
> 
> Von: "Jerome Eichler" <jerome at eichler.org>
> Betreff: AW: [ovs-discuss] Port Mirroring on XenCenter 7
> Datum: 9. August 2016 um 08:14:40 MESZ
> An: "'Justin Pettit'" <jpettit at ovn.org>
> Kopie: <discuss at openvswitch.org>
> 
> Hi Justin,
> 
> thank you for replying!
> 
>> I'm not familiar with pmacct, but a quick look at the documentation
> makes it look like by default it captures 4KB per packet.  It could also
> be dropping packets.  There are a lot of variables here.  You may want to
> check the
>> interface statistics in both the guest and dom0 to make sure those are
> right.
> 
> pmacct itself is not the problem. Both pmacct configuration (the one in
> the VM and the one on the XenServer host) are the same. Just one of them
> (the on in the VM) seems not to get all traffic data.
> 
> I tried to do some more analysis. Doing a tcpdump for the same time for
> around 15 seconds on the VM and the xenserver host gives very different
> results:
> 
> +++
> VM:
> 
> [root at xen04 ~]# tcpdump -i eth1 -n not port 22
> (...)
> 1374 packets captured
> 1637 packets received by filter
> 0 packets dropped by kernel
> +++
> 
> +++
> XenServer Host:
> 
> root at trafficmirror:~# tcpdump -i eth1 -n not port 22
> (...)
> 68272 packets captured
> 81960 packets received by filter
> 13663 packets dropped by kernel
> +++
> 
> As we can see the VM only has a small amount of packets which arrive on
> eth1 interface in total.
> 
> Could this have to do with VLAN tagging? When reviewing the tcpdump it
> looks like that I only see traffic inside that VLAN in which the VM is
> hosted in. Traffic outside this VLAN is not available, although
> eth1/vif1.1 is not in a VLAN. Only vif1.0 (the VM's network interface to
> connect to the server) is inside a VLAN.
> 
> How can I get the rest of all the other VLAN traffic to my vif1.1?
> 
> 
> Thank you,
> 
> Jerome
> 
> -----Ursprüngliche Nachricht-----
> Von: Justin Pettit [mailto:jpettit at ovn.org]
> Gesendet: Dienstag, 9. August 2016 07:05
> An: Jerome Eichler
> Cc: discuss at openvswitch.org
> Betreff: Re: [ovs-discuss] Port Mirroring on XenCenter 7
> 
> 
>> On Aug 8, 2016, at 4:45 AM, Jerome Eichler <jerome at eichler.org> wrote:
>> 
>> Dear all,
>> 
>> although there are few blogs on the web regarding this matter my problem
> cannot be resolved following them.
>> 
>> My setup:
>> XenServer 7.0 with 2 NICs onboard. NIC1 (eth1) is connected to my
> Juniper switch (EX-4200-48T). At this Juniper-Port all traffic in my
> network is being mirrored to.
>> 
>> What I want to do:
>> Forward all that traffic from eth1 to my VM's interface. I assigned the
> interface eth1 to the vm as secondary interface.
>> 
>> In XenServer itself I also put all the network interfaces (physical ones
> as well as the virtual ones)  to promisc mode.
>> Following this blog article:
> http://blog.manula.org/2014/02/port-mirroring-with-openvswitch.html I
> configured OVS to mirror all that traffic from eth1 to vif1.1 (which is
> the virtual interface of the physical interface eth1 inside the VM)
>> 
>> +++
>> ovs-vsctl -- set Bridge xenbr1 mirrors=@m -- --id=@eth1 get Port eth1 --
> --id=@vif1.1 get Port vif1.1 -- --id=@m create Mirror name=mirror1
> select-dst-port=@eth1 select-src-port=@eth1 output-port=@vif1.1
>> +++
>> 
>> Then I am able to see some traffic on eth1 in my VM. But it seems to be
> not all traffic.
>> I am using pmacct to collect data, this data is being stored to a mysql
> database and from there being handled further by own scripts.
>> 
>> I did a download of a 10GB file. So I should see 10GB downloaded, but I
> only see around 400MB.
>> 
>> When starting pmacct on the xenserver host itself, I see the whole 10GB
> thing. So I assume that not all traffic is forwarded from eth1 to vif1.1?
> What am I doing wrong? Anybody here that can help?
> 
> I'm not familiar with pmacct, but a quick look at the documentation makes
> it look like by default it captures 4KB per packet.  It could also be
> dropping packets.  There are a lot of variables here.  You may want to
> check the interface statistics in both the guest and dom0 to make sure
> those are right.
> 
> --Justin
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20161006/9c0e9168/attachment-0002.html>

More information about the discuss mailing list