Hi Peter, I tried with sflow enabled on both port and i am able to get samples of both direction. Thanks.
Openstack uses Linux Bridge to apply iptables security rules.Refer diagram below https://ask.openstack.org/en/question/58638/does-neutron-br-int-accepts-nova-instances-sending-vlan-tagged-traffic/ Regards Harsh Jain Regards harsh Jain On Thu, Apr 23, 2015 at 7:41 PM, Peter Phaal <[email protected]> wrote: > I am unfamiliar with this configuration. I wasn’t aware that you could > create a patch link between the Linux bridge and OVS. I thought patch links > were internal to OVS. Why are you using the Linux bridge? Why not connect > VMs directly to OVS? > > Normally the traffic from a VM would enter br-int through a veth port and > be sampled. In the reverse direction traffic enters through a network > adapter attached to br-tun and would be sampled (provided you enable sFlow > on br-tun). > > On Apr 23, 2015, at 12:54 AM, harsh jain <[email protected]> wrote: > > Hi Peter, > > 1 confusion If Patch ports are ignored then How br-int captures the > samples of outgoing packet from VM br-int as it is connected via patch > ports on both ends. > > > Linux Bridge-->Patch port --> br-int(Sflow enabled) --> patch-port --> > br-tun > > > Regards > Harsh Jain > > > > On Thu, Apr 23, 2015 at 11:26 AM, Peter Phaal <[email protected]> > wrote: > >> Ingress means that packets are captured as they are received on a >> physical or virtual bridge ports. Patch ports are ignored. >> >> In stand alone mode you typically define a single bridge. However, >> OpenStack defines a pair of bridges (br-in and br-ex) and to get full >> coverage, you need to enable sFlow on both bridges. >> >> Why is it a problem that the sFlow sample contains the GRE header? An >> sFlow analyzer should be able to decode tenant packet encapsulated by GRE. >> There is currently work underway to add support for the sFlow tunnel spec >> to OVS which should further improve visibility into underlay / overlay in >> virtual networks: >> >> http://sflow.org/sflow_tunnels.txt >> >> Peter >> >> >> On Apr 22, 2015, at 10:31 PM, harsh jain <[email protected]> wrote: >> >> Hi Peter, >> >> Thanks for reply. >> >> What is the difference in vSwitch configuration in Openstack environment >> and in standalone use. if i try to enable sflow on OVS-bridge having >> following setup. It captures packet in both direction. I think I am not >> able to understand exactly what ingress means. >> >> In PC >> eth0--> br0-->tap0 (mktun command) --> Passed the tap device to qemu to >> launch VM. >> >> In compute node >> VM-->tap-->Linux Bridge --veth pair-->br-int(sflow enabled)-veth >> pair->br-tun >> >> >> Actually We can not use br-ex to enable flow because sflow sample contain >> GRE header. >> >> >> Thanks & Regards >> Harsh Jain >> >> >> >> On Wed, Apr 22, 2015 at 8:00 PM, Peter Phaal <[email protected]> >> wrote: >> >>> The sFlow implementation in OVS applies ingress sampling. To get full >>> coverage into all traffic paths you need to enable sFlow on all bridges. >>> For OpenStack, enabling sFlow on br-ex should give you visibility into the >>> traffic destined to VMs. >>> >>> You may also want to take a look at the Host sFlow agent ( >>> http://host-sflow.sourceforge.net/). It can automatically manage the >>> OVS sFlow settings and will also export hypervisor and VM CPU, memory, disk >>> and network IO stats. >>> >>> On Apr 22, 2015, at 12:46 AM, harsh jain <[email protected]> wrote: >>> >>> Hi, >>> >>> I tried to collect sflow packet on OVS switch in Openstack. But captured >>> paackets contain only traffic coming out from the VM i.e samples contain >>> Raw Packet of VM to external network direction only.following command is >>> used to enable >>> >>> export COLLECTOR_IP=10.3.5.112 >>> export COLLECTOR_PORT=6343 >>> export AGENT_IP=eth1 >>> export HEADER_BYTES=256 >>> export SAMPLING_N=1 >>> export POLLING_SECS=10 >>> >>> ovs-vsctl -- --id=@sflow create sflow agent=${AGENT_IP} >>> target=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" header=${HEADER_BYTES} >>> sampling=${SAMPLING_N} polling=${POLLING_SECS} -- set bridge br-int >>> sflow=@sflow >>> >>> Connection is >>> VM ->tap device->br-int(sflow enabled)-----veth-pair----->br-data-eth. >>> >>> Why packets are colected for 1 direction only? >>> >>> >>> Thanks & Regards >>> Harsh Jain >>> _______________________________________________ >>> discuss mailing list >>> [email protected] >>> http://openvswitch.org/mailman/listinfo/discuss >>> >>> >>> >> >> > >
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
