[ovs-discuss] Doing port mirroring for KVM guests
C. L. Martinez
carlopmart at gmail.com
Mon Apr 3 13:54:49 UTC 2017
On Mon, Apr 03, 2017 at 10:43:48AM +0000, C. L. Martinez wrote:
> Hi all,
>
> I have installed Openvswitch 2.5.2 in a RHEL 7.3 KVM host fully patched. I need to implement port mirroring for some kvm guests (not all). According to openvswitch's docs this can be done using the following command:
>
> ovs-vsctl -- --id=@m create mirror name=tapmirror -- add bridge idsbr0 mirrors @m -- --id=@oneguest0 get port oneguest0 -- set mirror tapmirror select_src_port=@oneguest0 select_dst_port=@oneguest0 -- --id=@idsguest0 get port idsguest0 -- set mirror tapmirror output-port=@idsguest0
>
> where oneguest0 interface is the kvm guest virtual interface, idsguest0 is the interface where I will receive mirrored traffic and idsbr0 is the openvswitch bridge where idsguest0 is assigned.
>
> Is it correct this command?.
>
> Then, I have the following questions:
>
> a/ Is it possible to use full openvswitches switche as a src_port and dst_port (and output-port) instead of every virtual interface (oneguest0, oneguest1, etc.) that I want to monitor?
>
> b/ If "no" is the answer to question a/, do I need to execute previous command for every virtual interface that I need to monitor?
>
> c/ Do I need to create idsbr0 bridge before to launch previous command?
>
> d/ Last question, do I need to run the previous command every time that kvm host starts?
>
> Many thanks for your attention.
>
I have done some tests, and it seems previous command returns a syntax. I have launched this one:
ovs-vsctl -- set Bridge idsif mirrors=@m \
-- --id=@fwprod0 get Port fwprod0 \
-- --id=@fwdmz0 get Port fwdmz0 \
-- --id=@fwvpn0 get Port fwvpn0 \
-- --id=@fwenc0 get Port fwenc0 \
-- --id=@fwmgmtif0 get Port fwmgmtif0 \
-- --id=@idsif0 get Port idsif0 \
-- --id=@m create Mirror name=tapmirror select-dst-port=@fwprod0, at fwdmz0, at fwvpn0, at fwenc0, at fwmgmtif0 \
select-src-port=@fwprod0, at fwdmz0, at fwvpn0, at fwenc0, at fwmgmtif0 output-port=@idsif0
... but nothing is mirrored ... What am I doing wrong??
Thanks
--
Greetings,
C. L. Martinez
More information about the discuss
mailing list