Re: [vpp-dev] Port mirroring support in vpp

2018-01-18 Thread John Lo (loj) 
Hi Juraj,

Can you check what “show node counters” or “sho run” give you? Do you see any 
evidence of span nodes being active or any packet drops? I think the output 
interface for mirrored packets in L2 also needs to be in L2 mode as well.

You can find SPAN test cases in test/test_span.py to check how it is set up and 
tested. The test cases include L2 ones with mirrored packet output to VLAN 
sub-interfaces and VXLAN tunnels.

Regards,
John

From: Juraj Linkeš [mailto:juraj.lin...@pantheon.tech]
Sent: Thursday, January 18, 2018 11:14 AM
To: John Lo (loj) <l...@cisco.com>; Damjan Marion (damarion) 
<damar...@cisco.com>
Cc: vpp-dev@lists.fd.io
Subject: RE: [vpp-dev] Port mirroring support in vpp

Hi John,

Thanks for the summary. I’ve been using 1710 when I wrote the e-mail, but I’ve 
tried 1801 and I could configure span on a veth interface (that’s my setup for 
now), but I didn’t see any traffic on the destination port (I tried loopback 
bvi and an L2 and L3 physical interface as destinations) - nothing in show 
trace and the interface counters didn’t go up. How do I verify that the traffic 
is mirrored onto the destination port? Is there some constraint on what the 
destination port can be?

Thanks,
Juraj

From: John Lo (loj) [mailto:l...@cisco.com]
Sent: Thursday, January 18, 2018 3:20 AM
To: Damjan Marion (damarion) <damar...@cisco.com<mailto:damar...@cisco.com>>; 
Juraj Linkeš <juraj.lin...@pantheon.tech<mailto:juraj.lin...@pantheon.tech>>
Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: RE: [vpp-dev] Port mirroring support in vpp

For VPP 18.01 and master, SPAN has been enhanced to allow port mirroring for 
interface in L2 mode such as ones in bridge domains. There is a “L2” argument 
added to the SPAN CLI/API which allow any interface, including vHost, to have 
packet replicated on its L2 input and/or output paths and be sent to the 
specified destination interface.

The CLI syntax for SPAN is now:
DBGvpp# set int span ?
  set interface span … set interface span  [l2] {disable | destination 
 [both|rx|tx]}

If you specify the “l2” keyword, packet replication will be performed on L2 
input and/or output packets on the specified interface. It should work for any 
interface in any bridge domain except BVI. For the BVI, SPAN can only replicate 
L2 input (and not output) packets.

Regards,
John

From: vpp-dev-boun...@lists.fd.io<mailto:vpp-dev-boun...@lists.fd.io> 
[mailto:vpp-dev-boun...@lists.fd.io] On Behalf Of Damjan Marion (damarion)
Sent: Wednesday, January 17, 2018 8:17 PM
To: Juraj Linkeš <juraj.lin...@pantheon.tech<mailto:juraj.lin...@pantheon.tech>>
Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] Port mirroring support in vpp

Have you tried with SPAN?

On 17 Jan 2018, at 10:07, Juraj Linkeš 
<juraj.lin...@pantheon.tech<mailto:juraj.lin...@pantheon.tech>> wrote:

Hi VPP devs,

I’m trying to figure out whether it’s possible to set up port mirroring on a 
vhost-user port in VPP. The case I’m trying to make work is simple: I have 
traffic between two vms (using vhost-user ports) and I want to listen to that 
traffic, replicate it and send it somewhere else (to an interface, but 
preferably an ip).

I’ve looked into what’s available in VPP and there is some support for SPAN, 
but doesn’t seem to work with vhost-user interfaces (I wasn’t able to configure 
it). In fact, it only seems to be configurable on physical interfaces. Is this 
accurate?

Then there are clis for lawful intercept (set li), but the configuration 
doesn’t seem to do anything. Is this supported?

Is there some other way to achieve port mirroring on vhost-user interfaces in 
case the two above are not supported? It can be any unwieldy/hacky way (maybe 
setting something up with multicast?).

Thanks,
Juraj
___
vpp-dev mailing list
vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
https://lists.fd.io/mailman/listinfo/vpp-dev

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] Port mirroring support in vpp

2018-01-18 Thread Juraj Linkeš 
Hi John,

Thanks for the summary. I’ve been using 1710 when I wrote the e-mail, but I’ve 
tried 1801 and I could configure span on a veth interface (that’s my setup for 
now), but I didn’t see any traffic on the destination port (I tried loopback 
bvi and an L2 and L3 physical interface as destinations) - nothing in show 
trace and the interface counters didn’t go up. How do I verify that the traffic 
is mirrored onto the destination port? Is there some constraint on what the 
destination port can be?

Thanks,
Juraj

From: John Lo (loj) [mailto:l...@cisco.com]
Sent: Thursday, January 18, 2018 3:20 AM
To: Damjan Marion (damarion) <damar...@cisco.com>; Juraj Linkeš 
<juraj.lin...@pantheon.tech>
Cc: vpp-dev@lists.fd.io
Subject: RE: [vpp-dev] Port mirroring support in vpp

For VPP 18.01 and master, SPAN has been enhanced to allow port mirroring for 
interface in L2 mode such as ones in bridge domains. There is a “L2” argument 
added to the SPAN CLI/API which allow any interface, including vHost, to have 
packet replicated on its L2 input and/or output paths and be sent to the 
specified destination interface.

The CLI syntax for SPAN is now:
DBGvpp# set int span ?
  set interface span … set interface span  [l2] {disable | destination 
 [both|rx|tx]}

If you specify the “l2” keyword, packet replication will be performed on L2 
input and/or output packets on the specified interface. It should work for any 
interface in any bridge domain except BVI. For the BVI, SPAN can only replicate 
L2 input (and not output) packets.

Regards,
John

From: vpp-dev-boun...@lists.fd.io<mailto:vpp-dev-boun...@lists.fd.io> 
[mailto:vpp-dev-boun...@lists.fd.io] On Behalf Of Damjan Marion (damarion)
Sent: Wednesday, January 17, 2018 8:17 PM
To: Juraj Linkeš <juraj.lin...@pantheon.tech<mailto:juraj.lin...@pantheon.tech>>
Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] Port mirroring support in vpp

Have you tried with SPAN?

On 17 Jan 2018, at 10:07, Juraj Linkeš 
<juraj.lin...@pantheon.tech<mailto:juraj.lin...@pantheon.tech>> wrote:

Hi VPP devs,

I’m trying to figure out whether it’s possible to set up port mirroring on a 
vhost-user port in VPP. The case I’m trying to make work is simple: I have 
traffic between two vms (using vhost-user ports) and I want to listen to that 
traffic, replicate it and send it somewhere else (to an interface, but 
preferably an ip).

I’ve looked into what’s available in VPP and there is some support for SPAN, 
but doesn’t seem to work with vhost-user interfaces (I wasn’t able to configure 
it). In fact, it only seems to be configurable on physical interfaces. Is this 
accurate?

Then there are clis for lawful intercept (set li), but the configuration 
doesn’t seem to do anything. Is this supported?

Is there some other way to achieve port mirroring on vhost-user interfaces in 
case the two above are not supported? It can be any unwieldy/hacky way (maybe 
setting something up with multicast?).

Thanks,
Juraj
___
vpp-dev mailing list
vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
https://lists.fd.io/mailman/listinfo/vpp-dev

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] Port mirroring support in vpp

2018-01-17 Thread John Lo (loj) 
For VPP 18.01 and master, SPAN has been enhanced to allow port mirroring for 
interface in L2 mode such as ones in bridge domains. There is a “L2” argument 
added to the SPAN CLI/API which allow any interface, including vHost, to have 
packet replicated on its L2 input and/or output paths and be sent to the 
specified destination interface.

The CLI syntax for SPAN is now:
DBGvpp# set int span ?
  set interface span … set interface span  [l2] {disable | destination 
 [both|rx|tx]}

If you specify the “l2” keyword, packet replication will be performed on L2 
input and/or output packets on the specified interface. It should work for any 
interface in any bridge domain except BVI. For the BVI, SPAN can only replicate 
L2 input (and not output) packets.

Regards,
John

From: vpp-dev-boun...@lists.fd.io [mailto:vpp-dev-boun...@lists.fd.io] On 
Behalf Of Damjan Marion (damarion)
Sent: Wednesday, January 17, 2018 8:17 PM
To: Juraj Linkeš <juraj.lin...@pantheon.tech>
Cc: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Port mirroring support in vpp

Have you tried with SPAN?


On 17 Jan 2018, at 10:07, Juraj Linkeš 
<juraj.lin...@pantheon.tech<mailto:juraj.lin...@pantheon.tech>> wrote:

Hi VPP devs,

I’m trying to figure out whether it’s possible to set up port mirroring on a 
vhost-user port in VPP. The case I’m trying to make work is simple: I have 
traffic between two vms (using vhost-user ports) and I want to listen to that 
traffic, replicate it and send it somewhere else (to an interface, but 
preferably an ip).

I’ve looked into what’s available in VPP and there is some support for SPAN, 
but doesn’t seem to work with vhost-user interfaces (I wasn’t able to configure 
it). In fact, it only seems to be configurable on physical interfaces. Is this 
accurate?

Then there are clis for lawful intercept (set li), but the configuration 
doesn’t seem to do anything. Is this supported?

Is there some other way to achieve port mirroring on vhost-user interfaces in 
case the two above are not supported? It can be any unwieldy/hacky way (maybe 
setting something up with multicast?).

Thanks,
Juraj
___
vpp-dev mailing list
vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
https://lists.fd.io/mailman/listinfo/vpp-dev

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] Port mirroring support in vpp

2018-01-17 Thread Damjan Marion (damarion) 
Have you tried with SPAN?

On 17 Jan 2018, at 10:07, Juraj Linkeš 
> wrote:

Hi VPP devs,

I’m trying to figure out whether it’s possible to set up port mirroring on a 
vhost-user port in VPP. The case I’m trying to make work is simple: I have 
traffic between two vms (using vhost-user ports) and I want to listen to that 
traffic, replicate it and send it somewhere else (to an interface, but 
preferably an ip).

I’ve looked into what’s available in VPP and there is some support for SPAN, 
but doesn’t seem to work with vhost-user interfaces (I wasn’t able to configure 
it). In fact, it only seems to be configurable on physical interfaces. Is this 
accurate?

Then there are clis for lawful intercept (set li), but the configuration 
doesn’t seem to do anything. Is this supported?

Is there some other way to achieve port mirroring on vhost-user interfaces in 
case the two above are not supported? It can be any unwieldy/hacky way (maybe 
setting something up with multicast?).

Thanks,
Juraj
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] Port mirroring support in vpp

2018-01-17 Thread Juraj Linkeš 
Hi VPP devs,

I'm trying to figure out whether it's possible to set up port mirroring on a 
vhost-user port in VPP. The case I'm trying to make work is simple: I have 
traffic between two vms (using vhost-user ports) and I want to listen to that 
traffic, replicate it and send it somewhere else (to an interface, but 
preferably an ip).

I've looked into what's available in VPP and there is some support for SPAN, 
but doesn't seem to work with vhost-user interfaces (I wasn't able to configure 
it). In fact, it only seems to be configurable on physical interfaces. Is this 
accurate?

Then there are clis for lawful intercept (set li), but the configuration 
doesn't seem to do anything. Is this supported?

Is there some other way to achieve port mirroring on vhost-user interfaces in 
case the two above are not supported? It can be any unwieldy/hacky way (maybe 
setting something up with multicast?).

Thanks,
Juraj
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev