On Fri, Apr 08, 2016 at 09:43:09AM +0200, Vasileios Kotronis wrote: > I have an issue with port mirroring on ovs. I am trying to reload a mirror > configuration on-the-fly, using an internal bridge port as the target mirror > out port. There is no error that makes ovs complain, but the behavior of the > mirror is not the intended one. > > Here are the steps I followed: > > 1) First, I clear the bridge’s mirrors: > > ovs-vsctl clear Bridge my_br mirrors > > 2) Afterwards, I create a new mirror from eth1 to the mirror out port (the > latter port is an internal port used for this purpose): > > ovs-vsctl -- set Bridge my_br mirrors=@m1 -- --id=@eth1 get Port eth1 -- > --id=@mir0 get Port mir0 -- --id=@m1 create Mirror name=port_mirror1 > select-dst-port=@eth1 select-src-port=@eth1 output-port=@mir0 > > 3) Using tcpdump on eth1 and mir0 and comparing their outputs I see that the > mirror works correctly. > Till now, all good. > > 4) Next, I am changing the configuration of the mirror since I want, > on-the-fly, to monitor a different interface with the same mirror out target. > > 5) I am clearing the old configuration: > > ovs-vsctl clear Bridge my_br mirrors > > 6) I am creating the new mirror from eth2 to the mirror out port: > > ovs-vsctl -- set Bridge my_br mirrors=@m1 -- --id=@eth2 get Port eth2 -- > --id=@mir0 get Port mir0 -- --id=@m1 create Mirror name=port_mirror1 > select-dst-port=@eth2 select-src-port=@eth2 output-port=@mir0 > > 7) Using tcpdump on eth2 and mir0 and comparing their outputs I see that the > mirror DOES NOT work correctly. > > That is, I still see traffic from the old mirrored interface (eth1), which > should not be there after clearing the mirror. > Also, after such a process, it may happen that I see only the correct arp and > ipv6 traffic on mir0, but no ipv4 traffic, or the traffic may be mixed > with the old interface traffic which should not happen. > > It is hard to understand if this is an ovs bug or whether I am doing sth > totally wrong.
This is quite strange. It tends to indicate that Open vSwitch has somehow retained the old configuration. Please try restarting ovs-vwitchd at this point. If that makes a difference, then it is almost certainly an OVS bug. If the behavior of the previous configuration persists, however, then it's probably something else. > Moreover, I would like to ask if you are aware of any side-effects of > using port mirroring on interfaces that are bonded, since I also tried > another mirror creation on such an interface and I could only see arp > and ipv6 traffic, no ipv4 packets. This did not have to do anything > with changing the mirror configuration, but is related to the port > mirroring problems with OVS. Do you mean mirroring with a bond as a source or as a destination? Both of them should work, but we have not tested either one very much. My recollection is that mirroring to an SLB bond will not work well; I believe that this is documented. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
