[ovs-discuss] Help with OVS flows for mirroring packets

Tue Dec 3 18:11:32 UTC 2019

 Hi,

We are working on OVS-DPDK mirroring without overlay. We are using Openstack which populate the flows to accomplish this when there is overlay. However we have need to make mirroring work with provider vlan network/no overlay. We are seeking some help to discuss any possible way to transport a mirrored stream of packet on a vlan provider network to a vprobe VM (on same provider network) where the source VM and the vprobe VMs exist on different computes.

Current neutron port mirroring plugin<https://review.opendev.org/gitweb?p=x%2Ftap-as-a-service.git;a=summary> uses vxlan overlay tunnels to achieve packet mirroring for vxlan tenant networks. We need to do the similar for vlan provider networks
·         It uses specially generated ids (taas_id) for each mirroring service, which is then used as tunnelling ids in the mirrored packets across computes.
·         At source compute, taas_id is copied to the mirrored packets’ tunnelling id via flows in br-tun
·         On the destination compute side, there are flows in br-tun which match the packets with that specific tunnelling_id and forwards them to br-tap (a new bridge introduced by taas) instead of br-int for normal packets
·         br-tap forwards those packets to br-int and then there are flows in br-int which match the taas_id and based on that forward those mirrored packets to destination port. Please note that the final routing is done based on taas-id rather than dest MAC. So mirrored packets remain intact from source to dest.
   # Add flow(s) in br-int
        self.int_br.add_flow(table=0,
                             priority=25,
                             in_port=patch_int_tap_id,
                             dl_vlan=taas_id,
                             actions="mod_vlan_vid:%s,output:%s" %
                             (str(port_vlan_id), str(ovs_port_id)))

        # Add flow(s) in br-tap
        self.tap_br.add_flow(table=taas_ovs_consts.TAAS_RECV_LOC,
                             priority=1,
                             dl_vlan=taas_id,
                             actions="output:in_port")

        self.tap_br.add_flow(table=taas_ovs_consts.TAAS_RECV_REM,
                             priority=1,
                             dl_vlan=taas_id,
                             actions="output:%s" % str(patch_tap_int_id))

        # Add flow(s) in br-tun
        for tunnel_type in ovs_consts.TUNNEL_NETWORK_TYPES:
            self.tun_br.add_flow(table=ovs_consts.TUN_TABLE[tunnel_type],
                                 priority=1,
                                 tun_id=taas_id,
                                 actions=(
                                     "move:NXM_OF_VLAN_TCI[0..11]->"
                                     "NXM_NX_REG0[0..11],move:NXM_NX_TUN_ID"
                                     "[0..11]->NXM_OF_VLAN_TCI[0..11],"
                                     "resubmit(,%s)" %
                                     taas_ovs_consts.TAAS_CLASSIFY))

        self.tun_br.add_flow(table=taas_ovs_consts.TAAS_DST_CHECK,
                             priority=1,
                             tun_id=taas_id,
                             actions="resubmit(,%s)" %
                             taas_ovs_consts.TAAS_DST_RESPOND)

We are trying to find some way to achieve this without having to modify the packet’s dest MAC (basically keeping the mirrored payload packet intact) and get this delivered to vprobe VM across another compute.
If we are able to define right flows for this then we can code that into TaaS.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20191203/aff246c5/attachment.html>