Dear Ben, all, thanks a lot for the reply.
Restarting the vswitchd helps, but it is in my opinion too heavyweight a solution for a simple mirror deletion and re-creation. Could you please check whether there is sth in the related ovs code that prevents the correct “clearing” of the mirrored traffic? I do not see any special reason why the on-the-fly mirror reloading would have such side-effects. The main problem is that previous traffic gets “stuck” at the mirror interfaces, and I cannot explain this except for a potential bug related to the mirror state that the ovs preserves (even after mirror deletion). Best regards, Vasileios Kotronis > On 10 Apr 2016, at 21:20, Ben Pfaff <b...@ovn.org> wrote: > > On Fri, Apr 08, 2016 at 09:43:09AM +0200, Vasileios Kotronis wrote: >> I have an issue with port mirroring on ovs. I am trying to reload a mirror >> configuration on-the-fly, using an internal bridge port as the target mirror >> out port. There is no error that makes ovs complain, but the behavior of the >> mirror is not the intended one. >> >> Here are the steps I followed: >> >> 1) First, I clear the bridge’s mirrors: >> >> ovs-vsctl clear Bridge my_br mirrors >> >> 2) Afterwards, I create a new mirror from eth1 to the mirror out port (the >> latter port is an internal port used for this purpose): >> >> ovs-vsctl -- set Bridge my_br mirrors=@m1 -- --id=@eth1 get Port eth1 -- >> --id=@mir0 get Port mir0 -- --id=@m1 create Mirror name=port_mirror1 >> select-dst-port=@eth1 select-src-port=@eth1 output-port=@mir0 >> >> 3) Using tcpdump on eth1 and mir0 and comparing their outputs I see that the >> mirror works correctly. >> Till now, all good. >> >> 4) Next, I am changing the configuration of the mirror since I want, >> on-the-fly, to monitor a different interface with the same mirror out target. >> >> 5) I am clearing the old configuration: >> >> ovs-vsctl clear Bridge my_br mirrors >> >> 6) I am creating the new mirror from eth2 to the mirror out port: >> >> ovs-vsctl -- set Bridge my_br mirrors=@m1 -- --id=@eth2 get Port eth2 -- >> --id=@mir0 get Port mir0 -- --id=@m1 create Mirror name=port_mirror1 >> select-dst-port=@eth2 select-src-port=@eth2 output-port=@mir0 >> >> 7) Using tcpdump on eth2 and mir0 and comparing their outputs I see that the >> mirror DOES NOT work correctly. >> >> That is, I still see traffic from the old mirrored interface (eth1), which >> should not be there after clearing the mirror. >> Also, after such a process, it may happen that I see only the correct arp >> and ipv6 traffic on mir0, but no ipv4 traffic, or the traffic may be mixed >> with the old interface traffic which should not happen. >> >> It is hard to understand if this is an ovs bug or whether I am doing sth >> totally wrong. > > This is quite strange. It tends to indicate that Open vSwitch has > somehow retained the old configuration. Please try restarting > ovs-vwitchd at this point. If that makes a difference, then it is > almost certainly an OVS bug. If the behavior of the previous > configuration persists, however, then it's probably something else. > >> Moreover, I would like to ask if you are aware of any side-effects of >> using port mirroring on interfaces that are bonded, since I also tried >> another mirror creation on such an interface and I could only see arp >> and ipv6 traffic, no ipv4 packets. This did not have to do anything >> with changing the mirror configuration, but is related to the port >> mirroring problems with OVS. > > Do you mean mirroring with a bond as a source or as a destination? Both > of them should work, but we have not tested either one very much. > > My recollection is that mirroring to an SLB bond will not work well; I > believe that this is documented. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
