Re: [ovs-discuss] Doing port mirroring for KVM guests

Mon, 03 Apr 2017 06:55:18 -0700 

On Mon, Apr 03, 2017 at 10:43:48AM +0000, C. L. Martinez wrote:
> Hi all,
> 
>  I have installed Openvswitch 2.5.2 in a RHEL 7.3 KVM host fully patched. I 
> need to implement port mirroring for some kvm guests (not all). According to 
> openvswitch's docs this can be done using the following command:
> 
> ovs-vsctl -- --id=@m create mirror name=tapmirror -- add bridge idsbr0 
> mirrors @m -- --id=@oneguest0 get port oneguest0 -- set mirror tapmirror 
> select_src_port=@oneguest0 select_dst_port=@oneguest0 -- --id=@idsguest0 get 
> port idsguest0 -- set mirror tapmirror output-port=@idsguest0
> 
>  where oneguest0 interface is the kvm guest virtual interface, idsguest0 is 
> the interface where I will receive mirrored traffic and idsbr0 is the 
> openvswitch bridge where idsguest0 is assigned.
> 
>  Is it correct this command?.
> 
>  Then, I have the following questions:
> 
>  a/ Is it possible to use full openvswitches switche as a src_port and 
> dst_port (and output-port) instead of every virtual interface (oneguest0, 
> oneguest1, etc.) that I want to monitor?
> 
>  b/ If "no" is the answer to question a/, do I need to execute previous 
> command for every virtual interface that I need to monitor?
> 
>  c/ Do I need to create idsbr0 bridge before to launch previous command?
> 
>  d/ Last question, do I need to run the previous command every time that kvm 
> host starts?
> 
> Many thanks for your attention.
>  
I have done some tests, and it seems previous command returns a syntax. I have 
launched this one:

ovs-vsctl -- set Bridge idsif mirrors=@m \
                -- --id=@fwprod0 get Port fwprod0 \
                -- --id=@fwdmz0 get Port fwdmz0 \
                -- --id=@fwvpn0 get Port fwvpn0 \
                -- --id=@fwenc0 get Port fwenc0 \
                -- --id=@fwmgmtif0 get Port fwmgmtif0 \
                -- --id=@idsif0 get Port idsif0 \
                -- --id=@m create Mirror name=tapmirror 
select-dst-port=@fwprod0,@fwdmz0,@fwvpn0,@fwenc0,@fwmgmtif0 \
                select-src-port=@fwprod0,@fwdmz0,@fwvpn0,@fwenc0,@fwmgmtif0 
output-port=@idsif0

 ... but nothing is mirrored ... What am I doing wrong??

Thanks

-- 
Greetings,
C. L. Martinez
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Reply via email to