Ask Your Question
1

issue regarding port mirroring

asked 2015-02-19 07:08:53 -0600

fresher gravatar image

updated 2015-02-24 01:23:29 -0600

I have an openstack juno setup with one server as controller+neutron and other three servers as compute node. I am doing port mirroring on br-int of one compute node. I noticed that incoming packets from VM on other compute node where not getting captured on the mirrored port. The incoming packets from other VM on the same compute node where getting captured.

qvo5fa64d30-2e is the br-int interface which I had mirrored using the commands as below:

ip link add name snooper2 type dummy
ip link set dev snooper2 up
ovs-vsctl add-port br-int snooper2



ovs-vsctl -- set Bridge br-int mirrors=@m  -- --id=@snooper2 \
get Port snooper2  -- --id=@qvo5fa64d30-2e get Port qvo5fa64d30-2e  \
-- --id=@m create Mirror name=mymirror select-dst-port=@qvo5fa64d30-2e \
select-src-port=@qvo5fa64d30-2e output-port=@snooper2

When I mirror the traffic on br-tun patch-tun I notice the incoming request but no outgoing messages. That is only outgoing packets are captured in br-int and only incoming packets are captured in br-tun.

Can someone please help me solve this issue. Thanks in advance.

edit retag flag offensive close merge delete

Comments

Hi, Same here, during configuring port-mirroring on br-int, but I have seen packets going from VM to OVS (Rx direction) only. I was pinging the VM and on the mirror port I could only see Responses. As a workaround I was modifying OVS rules with additional output action.

Gabor Halasz gravatar imageGabor Halasz ( 2015-03-11 03:29:07 -0600 )edit

Hi Gabor, could you please detail the additional rule you added in OVS?

Thanks in advance.

Echirivella gravatar imageEchirivella ( 2015-03-16 13:54:46 -0600 )edit

Sorry, I was not aware of your response :( What I did (I guess you have already solved it) is to add another port to OVS, and modify the existing rules to have this out port as additional action.

Gabor Halasz gravatar imageGabor Halasz ( 2015-06-02 07:01:10 -0600 )edit

Hi Gabor, Can you please give me more detail in this regard. I mean the steps I should follow. Thanks in advance.

fresher gravatar imagefresher ( 2015-06-03 22:55:10 -0600 )edit

1 answer

Sort by » oldest newest most voted
1

answered 2015-06-04 12:38:31 -0600

Gabor Halasz gravatar image

updated 2015-06-04 12:40:29 -0600

Hi Fresher, I have not been investigating this problem since then, but this is what I have done as a workaround (using port mirroring in one direction, and the following for the other one):

Let’s say you have VM-3823:

  1. Search for the interfaces of the VM on controller, and find the related segmentation_id’s of the networks. $ nova show VM-3823 | grep network | awk '{print "neutron net-show " $2}' | sh | grep segmentation | provider:segmentation_id | 1002 | | provider:segmentation_id | 1003 |

  2. Search OVS rules for these interfaces on compute $ ovs-ofctl dump-flows br-int | grep "1002\|1003" cookie=0x0, duration=583279.444s, table=0, n_packets=5501839, n_bytes=1517799423, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1002 actions=NORMAL cookie=0x0, duration=583279.859s, table=0, n_packets=11027079, n_bytes=1334139221, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1003 actions=NORMAL

  3. Create „mirror” port in OVS (simple internal port now, but we will use it for mirroring) $ ovs-vsctl add-port br-int mirror_tap -- set interface mirror_tap type=internal $ ip link set dev mirror_tap up $ ovs-ofctl show br-int | grep mirror_tap 107(mirror_tap): addr:00:00:00:00:00:00  this is the created openflow port number

  4. Transform the rule printouts to OVS flows e.g. cookie=0x0, duration=583279.444s, table=0, n_packets=5501839, n_bytes=1517799423, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1002 actions=NORMAL  the beginning is only stat, not important now, the first highlighted section is the MATCH, and the second one is the ACTION field

So this is how the related OVS rule looks like when it was created: $ ovs-ofctl add-flow br-int priority=3,in_port=26,dl_vlan=1002,actions=NORMAL

And this is what we want to create: $ ovs-ofctl add-flow br-int priority=3,in_port=26,dl_vlan=1002,actions=output:107,NORMAL

Now it should be safe to run this last command, because OVS will search for matching rules, and modify the rule accordingly... so in our case it will add one more action (to send the traffic to our mirror port as well). So here is the bad thing with this workaround: all traffic on this network will be forwarded to the mirror port, so if we have another interface of the same network on this compute, it makes it difficult to filter... but we can do so at the end by using filters when running tcpdump... 

  1. tcpdump –n –i mirror_tap <filters>
edit flag offensive delete link more

Comments

Thanks a lot Gabor for the solution. I had used linux port mirror to solve this issue. I created two ovs port mirrors for br-int and br-tun and a linux port mirror to capture traffic of these ports using the tc command. Sorry for a late reply.

fresher gravatar imagefresher ( 2015-06-15 00:46:03 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-02-19 07:08:53 -0600

Seen: 2,020 times

Last updated: Jun 04 '15