# issue regarding port mirroring

I have an openstack juno setup with one server as controller+neutron and other three servers as compute node. I am doing port mirroring on br-int of one compute node. I noticed that incoming packets from VM on other compute node where not getting captured on the mirrored port. The incoming packets from other VM on the same compute node where getting captured.

qvo5fa64d30-2e is the br-int interface which I had mirrored using the commands as below:

ip link add name snooper2 type dummy
ip link set dev snooper2 up

ovs-vsctl -- set Bridge br-int mirrors=@m  -- --id=@snooper2 \
get Port snooper2  -- --id=@qvo5fa64d30-2e get Port qvo5fa64d30-2e  \
-- --id=@m create Mirror name=mymirror select-dst-port=@qvo5fa64d30-2e \
select-src-port=@qvo5fa64d30-2e output-port=@snooper2


When I mirror the traffic on br-tun patch-tun I notice the incoming request but no outgoing messages. That is only outgoing packets are captured in br-int and only incoming packets are captured in br-tun.

edit retag close merge delete

Hi, Same here, during configuring port-mirroring on br-int, but I have seen packets going from VM to OVS (Rx direction) only. I was pinging the VM and on the mirror port I could only see Responses. As a workaround I was modifying OVS rules with additional output action.

( 2015-03-11 03:29:07 -0500 )edit

( 2015-03-16 13:54:46 -0500 )edit

Sorry, I was not aware of your response :( What I did (I guess you have already solved it) is to add another port to OVS, and modify the existing rules to have this out port as additional action.

( 2015-06-02 07:01:10 -0500 )edit

Hi Gabor, Can you please give me more detail in this regard. I mean the steps I should follow. Thanks in advance.

( 2015-06-03 22:55:10 -0500 )edit

Sort by » oldest newest most voted

Hi Fresher, I have not been investigating this problem since then, but this is what I have done as a workaround (using port mirroring in one direction, and the following for the other one):

Let’s say you have VM-3823:

1. Search for the interfaces of the VM on controller, and find the related segmentation_id’s of the networks. $nova show VM-3823 | grep network | awk '{print "neutron net-show "$2}' | sh | grep segmentation | provider:segmentation_id | 1002 | | provider:segmentation_id | 1003 |

2. Search OVS rules for these interfaces on compute $ovs-ofctl dump-flows br-int | grep "1002\|1003" cookie=0x0, duration=583279.444s, table=0, n_packets=5501839, n_bytes=1517799423, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1002 actions=NORMAL cookie=0x0, duration=583279.859s, table=0, n_packets=11027079, n_bytes=1334139221, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1003 actions=NORMAL 3. Create „mirror” port in OVS (simple internal port now, but we will use it for mirroring)$ ovs-vsctl add-port br-int mirror_tap -- set interface mirror_tap type=internal $ip link set dev mirror_tap up$ ovs-ofctl show br-int | grep mirror_tap 107(mirror_tap): addr:00:00:00:00:00:00  this is the created openflow port number

4. Transform the rule printouts to OVS flows e.g. cookie=0x0, duration=583279.444s, table=0, n_packets=5501839, n_bytes=1517799423, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1002 actions=NORMAL  the beginning is only stat, not important now, the first highlighted section is the MATCH, and the second one is the ACTION field

So this is how the related OVS rule looks like when it was created: $ovs-ofctl add-flow br-int priority=3,in_port=26,dl_vlan=1002,actions=NORMAL And this is what we want to create:$ ovs-ofctl add-flow br-int priority=3,in_port=26,dl_vlan=1002,actions=output:107,NORMAL

Now it should be safe to run this last command, because OVS will search for matching rules, and modify the rule accordingly... so in our case it will add one more action (to send the traffic to our mirror port as well). So here is the bad thing with this workaround: all traffic on this network will be forwarded to the mirror port, so if we have another interface of the same network on this compute, it makes it difficult to filter... but we can do so at the end by using filters when running tcpdump... 

1. tcpdump –n –i mirror_tap <filters>
more

Thanks a lot Gabor for the solution. I had used linux port mirror to solve this issue. I created two ovs port mirrors for br-int and br-tun and a linux port mirror to capture traffic of these ports using the tc command. Sorry for a late reply.

( 2015-06-15 00:46:03 -0500 )edit