Hello @ll, I just want to push up this issue. It is quite important for me to get this solved. Is anybody here that can help?
Thank you so much, Jerome > Anfang der weitergeleiteten Nachricht: > > Von: "Jerome Eichler" <jer...@eichler.org> > Betreff: AW: [ovs-discuss] Port Mirroring on XenCenter 7 > Datum: 9. August 2016 um 08:14:40 MESZ > An: "'Justin Pettit'" <jpet...@ovn.org> > Kopie: <discuss@openvswitch.org> > > Hi Justin, > > thank you for replying! > >> I'm not familiar with pmacct, but a quick look at the documentation > makes it look like by default it captures 4KB per packet. It could also > be dropping packets. There are a lot of variables here. You may want to > check the >> interface statistics in both the guest and dom0 to make sure those are > right. > > pmacct itself is not the problem. Both pmacct configuration (the one in > the VM and the one on the XenServer host) are the same. Just one of them > (the on in the VM) seems not to get all traffic data. > > I tried to do some more analysis. Doing a tcpdump for the same time for > around 15 seconds on the VM and the xenserver host gives very different > results: > > +++ > VM: > > [root@xen04 ~]# tcpdump -i eth1 -n not port 22 > (...) > 1374 packets captured > 1637 packets received by filter > 0 packets dropped by kernel > +++ > > +++ > XenServer Host: > > root@trafficmirror:~# tcpdump -i eth1 -n not port 22 > (...) > 68272 packets captured > 81960 packets received by filter > 13663 packets dropped by kernel > +++ > > As we can see the VM only has a small amount of packets which arrive on > eth1 interface in total. > > Could this have to do with VLAN tagging? When reviewing the tcpdump it > looks like that I only see traffic inside that VLAN in which the VM is > hosted in. Traffic outside this VLAN is not available, although > eth1/vif1.1 is not in a VLAN. Only vif1.0 (the VM's network interface to > connect to the server) is inside a VLAN. > > How can I get the rest of all the other VLAN traffic to my vif1.1? > > > Thank you, > > Jerome > > -----Ursprüngliche Nachricht----- > Von: Justin Pettit [mailto:jpet...@ovn.org] > Gesendet: Dienstag, 9. August 2016 07:05 > An: Jerome Eichler > Cc: discuss@openvswitch.org > Betreff: Re: [ovs-discuss] Port Mirroring on XenCenter 7 > > >> On Aug 8, 2016, at 4:45 AM, Jerome Eichler <jer...@eichler.org> wrote: >> >> Dear all, >> >> although there are few blogs on the web regarding this matter my problem > cannot be resolved following them. >> >> My setup: >> XenServer 7.0 with 2 NICs onboard. NIC1 (eth1) is connected to my > Juniper switch (EX-4200-48T). At this Juniper-Port all traffic in my > network is being mirrored to. >> >> What I want to do: >> Forward all that traffic from eth1 to my VM's interface. I assigned the > interface eth1 to the vm as secondary interface. >> >> In XenServer itself I also put all the network interfaces (physical ones > as well as the virtual ones) to promisc mode. >> Following this blog article: > http://blog.manula.org/2014/02/port-mirroring-with-openvswitch.html I > configured OVS to mirror all that traffic from eth1 to vif1.1 (which is > the virtual interface of the physical interface eth1 inside the VM) >> >> +++ >> ovs-vsctl -- set Bridge xenbr1 mirrors=@m -- --id=@eth1 get Port eth1 -- > --id=@vif1.1 get Port vif1.1 -- --id=@m create Mirror name=mirror1 > select-dst-port=@eth1 select-src-port=@eth1 output-port=@vif1.1 >> +++ >> >> Then I am able to see some traffic on eth1 in my VM. But it seems to be > not all traffic. >> I am using pmacct to collect data, this data is being stored to a mysql > database and from there being handled further by own scripts. >> >> I did a download of a 10GB file. So I should see 10GB downloaded, but I > only see around 400MB. >> >> When starting pmacct on the xenserver host itself, I see the whole 10GB > thing. So I assume that not all traffic is forwarded from eth1 to vif1.1? > What am I doing wrong? Anybody here that can help? > > I'm not familiar with pmacct, but a quick look at the documentation makes > it look like by default it captures 4KB per packet. It could also be > dropping packets. There are a lot of variables here. You may want to > check the interface statistics in both the guest and dom0 to make sure > those are right. > > --Justin > >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
