Gabor Halasz's profile - activity

2015-09-14 18:08:13 -0600 received badge  Necromancer (source)
2015-09-14 18:08:13 -0600 received badge  Teacher (source)
2015-06-04 12:38:31 -0600 answered a question issue regarding port mirroring

Hi Fresher, I have not been investigating this problem since then, but this is what I have done as a workaround (using port mirroring in one direction, and the following for the other one):

Let’s say you have VM-3823:

  1. Search for the interfaces of the VM on controller, and find the related segmentation_id’s of the networks. $ nova show VM-3823 | grep network | awk '{print "neutron net-show " $2}' | sh | grep segmentation | provider:segmentation_id | 1002 | | provider:segmentation_id | 1003 |

  2. Search OVS rules for these interfaces on compute $ ovs-ofctl dump-flows br-int | grep "1002\|1003" cookie=0x0, duration=583279.444s, table=0, n_packets=5501839, n_bytes=1517799423, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1002 actions=NORMAL cookie=0x0, duration=583279.859s, table=0, n_packets=11027079, n_bytes=1334139221, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1003 actions=NORMAL

  3. Create „mirror” port in OVS (simple internal port now, but we will use it for mirroring) $ ovs-vsctl add-port br-int mirror_tap -- set interface mirror_tap type=internal $ ip link set dev mirror_tap up $ ovs-ofctl show br-int | grep mirror_tap 107(mirror_tap): addr:00:00:00:00:00:00  this is the created openflow port number

  4. Transform the rule printouts to OVS flows e.g. cookie=0x0, duration=583279.444s, table=0, n_packets=5501839, n_bytes=1517799423, idle_age=0, hard_age=65534, priority=3,in_port=26,dl_vlan=1002 actions=NORMAL  the beginning is only stat, not important now, the first highlighted section is the MATCH, and the second one is the ACTION field

So this is how the related OVS rule looks like when it was created: $ ovs-ofctl add-flow br-int priority=3,in_port=26,dl_vlan=1002,actions=NORMAL

And this is what we want to create: $ ovs-ofctl add-flow br-int priority=3,in_port=26,dl_vlan=1002,actions=output:107,NORMAL

Now it should be safe to run this last command, because OVS will search for matching rules, and modify the rule accordingly... so in our case it will add one more action (to send the traffic to our mirror port as well). So here is the bad thing with this workaround: all traffic on this network will be forwarded to the mirror port, so if we have another interface of the same network on this compute, it makes it difficult to filter... but we can do so at the end by using filters when running tcpdump... 

  1. tcpdump –n –i mirror_tap <filters>
2015-06-02 07:01:10 -0600 commented question issue regarding port mirroring

Sorry, I was not aware of your response :( What I did (I guess you have already solved it) is to add another port to OVS, and modify the existing rules to have this out port as additional action.

2015-03-11 05:48:18 -0600 commented question issue regarding port mirroring

Hi, Same here, during configuring port-mirroring on br-int, but I have seen packets going from VM to OVS (Rx direction) only. I was pinging the VM and on the mirror port I could only see Responses. As a workaround I was modifying OVS rules with additional output action.

2015-03-11 05:48:17 -0600 answered a question issue regarding port mirroring

Hi, Same here, during configuring port-mirroring on br-int, but I have seen packets going from VM to OVS (Rx direction) only. I was pinging the VM and on the mirror port I could only see Responses. As a workaround I was modifying OVS rules with additional output action.