Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

thank you for the answer. The reason i am asking this is because i want to mirror the traffic on the br-int and send it to another host. I have tried to mirror all traffic to a gre tunnel ( using the ovs command for mirroring to a gre tunnel) but again i only see the arp requests. Now if i setup a mirror port (snooper) on br-int this logs everything( along with the icmp requests). My issue is how to redirect this traffic from snooper to a gre tunnel to another host (that will run snort). My set up is like this :

Bridge br-int
    fail_mode: secure
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
    Port "qvoe8c77d3e-de"
        tag: 1
        Interface "qvoe8c77d3e-de"
    Port br-int
        Interface br-int
            type: internal
    Port "qvo9370efb0-8f"
        tag: 1
        Interface "qvo9370efb0-8f"
    Port snooper
        Interface snooper
            type: internal
Bridge br-tun
    Port "gre-0a188503"
        Interface "gre-0a188503"
            type: gre
            options: {df_default="true", in_key=flow, local_ip="10.x.x.x", out_key=flow, remote_ip="10.x.x.x"}
    Port gremirror
        Interface gremirror
            type: gre
            options: {remote_ip="10.x.x.x"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port "gre-0a188501"
        Interface "gre-0a188501"
            type: gre
            options: {df_default="true", in_key=flow, local_ip="10.x.x.x", out_key=flow, remote_ip="10.x.x.x"}
    Port br-tun
        Interface br-tun
            type: internal

what i wanna do is send the traffic from snooper to gremirror ( i am suspecting it has something to do with adding a flow rule to br-tun but i cant seem to get how)