Hi, ovs-vsctl --version ovs-vsctl (Open vSwitch) 2.6.2 DB Schema 7.14.0
Architecture:
My objective is to use two VxLAN tunnels, one (VNI 888) for VM connectivity
between 2 Hosts, one (VNI 777) to send the monitored traffic from one
host to the other host.
Configuration:
Host1: (IP:B.B.B.B)
ovs-vsctl add-port brvx vxlan0 -- set Interface vxlan0 type=vxlan
options:remote_ip=A.A.A.A options:key=777
ovs-vsctl add-port brad vxlan1 -- set Interface vxlan1 type=vxlan
options:remote_ip=A.A.A.A options:key=888
Host2: (IP:A.A.A.A)
ovs-vsctl add-port brvx vxlan0 -- set Interface vxlan0 type=vxlan
options:remote_ip=B.B.B.B options:key=777
ovs-vsctl add-port brad vxlan1 -- set Interface vxlan1 type=vxlan
options:remote_ip=B.B.B.B options:key=888
Connectivity is tested and ok through the VxLAN tunnels.
3x bridges on each host:
-brad : VM connectivity
-brext: External access (IP Public Address)
-brvx: act like a Remote SPAN bridge (connected to the bridges through patches)
Only one Ethernet card (eno1) per Host (the same is used to send traffic
thought the VxLAN tunnels)
Bridges: (same for Host1 & Host2):
Bridge brad
Port brad
Interface brad
type: internal
Port "vxlan1"
Interface "vxlan1"
type: vxlan
options: {key="888", remote_ip="A.A.A.A"}
Port span_ad
Interface span_ad
type: patch
options: {peer=rspan_ad}
Bridge brvx
Port "vxlan0"
Interface "vxlan0"
type: vxlan
options: {key="777", remote_ip="A.A.A.A"}
Port rspan_ad
Interface rspan_ad
type: patch
options: {peer=span_ad}
Port brvx
Interface brvx
type: internal
Port rspan_ext
Interface rspan_ext
type: patch
options: {peer=span_ext}
Bridge brext
Port span_ext
Interface span_ext
type: patch
options: {peer=rspan_ext}
Port brext
Interface brext
type: internal
Port "eno1"
Interface "eno1"
Mirror:
One mirroring per Bridge is set to copy local bridge interface traffic and send
to
span_ad/ext port, thanks to Patches ports on Bridge brvx the traffic is copied
and
an openflow rule take the traffic from rspan_xx and direct flow to
vxlan0 to send the traffic through the tunnel.
One mirror is using eno1 as source because as I need to monitor the
traffic, the mirrored traffic is sent to vwlan0 (VxLAN Tunnel) passing
through the same physical interface eno1.
As eno1 is also the source of my mirroring then the traffic is copied
again and again 6 times, each time one Vx Layer is added...
Mirror configuration:
sourceext=eno1
destinationext=span_ext
ovs-vsctl --id=@m create mirror name=spanext -- add bridge brext mirrors @m
ovs-vsctl -- --id=@$sourceext get port $sourceext -- set mirror spanext select_src_port=@$sourceext select_dst_port=@$sourceext
ovs-vsctl -- --id=@$destinationext get port $destinationext -- set mirror spanext output-port=@$destinationext
rspan_sourceext_port=$(ovs-vsctl get Interface rspan_ext ofport) rspan_destination_port=$(ovs-vsctl get Interface vxlan0 ofport) ovs-ofctl del-flows brvx ovs-ofctl add-flow brvx priority=500,in_port=$rspan_sourceext_port,actions=pop_vlan,mod_vlan_vid=22,output:$rspan_destination_port I add a VLAN layer here Vid 22 only for troubleshooting purposes. When I ping between host, one ICMP Echo Request is resulting to 6 packets! -ICMP Request VM @ Host A to VM @ Host B -> expected, original traffic -Same Packet, VNI 888 -> expected, traffic passing trought Admin Tunnel -Same Packet, VNI 888 / VNI 777 -> expected as the Mirrored traffic is using eno1 as well -Same Packet, VNI 888 / VNI 777 / VNI 777 -> non expected -Same Packet, VNI 777 / VNI 777 -> non expected -Same Packet, VNI 777 / VNI 777 / VNI 777 -> non expected The last 3 packets are already mirrored packets which are mirrored again... Is there a way to avoid copying the already mirrored traffic passing through the same interface (eno1) but capture all the rest? I thought about filtering during the mirroring but I don't find an option.. I also thought about tweaking the when I add the flow to copy the traffic to vxlan0. If any of you have any idea.. Many thanks :) Many thanks! -- belette
signature.asc
Description: PGP signature
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
