> On Feb 27, 2016, at 4:34 PM, Robert Mustacchi <[email protected]> wrote:
>
> On 2/26/16 16:23 , Rob Seastrom wrote:
>>
>> Hi folks,
>>
>> Maybe my Google-fu is failing me (and searching my archives of this list has
>> failed me too)... but has anyone got a recipe for passing through a
>> physical NIC in a mode where it can go promiscuous mode to a SmartMachine?
>> Is that even possible with Crossbow in the middle?
>>
>> Use case is monitoring span/port mirrors on a couple of switches, or maybe
>> optical taps if I manage to find my junk box. I see that Snort is in pkgsrc
>> - don't know if that means people are running it just on a SmartMachine to
>> monitor traffic to and from it, or if folks are actually running a full
>> blown network IDS on SmartOS.
>
> While you can't assign a physical nic itself you can opt to allow the
> vnic to have unfiltered access to the underlying device's promiscuous
> mode with the vmadm property 'nics.*.allow_unfiltered_promisc'.
>
> That should do what you need, I expect, but still allow other zones to
> leverage the device (which would not really be possible if you assigned
> the NIC fully to the zone).
Not sure what I'm doing wrong here, but I'm only seeing broadcast and multicast
traffic. The vnic in the zone doesn't show PROMISC in the flags when I'm
running tcpdump or snoop.
I can see all traffic just fine when I run snoop in the global zone.
A possible added difficulty is that the mirror port is spitting out 802.1q
tagged traffic. I was only getting the LLDP traffic between the switch and the
router (i.e. untagged) before I configured the nic with a vlan in the
smartmachine.
SmartOS boot image 20160218T022556Z with base-64-lts 15.4.0 smartos for the
zone.
nics stanza from the smartmachine:
{
"nic_tag": "vlan",
"ips": [ "192.168.250.1/24" ],
"allow_unfiltered_promisc": "1",
"vlan_id": 10
}
and the switch config in case you find it interesting:
root@woodburn-bigswitch> show configuration interfaces ge-0/0/0
description "uplink to router and internet";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
root@woodburn-bigswitch> show configuration interfaces ge-0/0/1
description "analyzer port mirroring ge-0/0/0.0 both ways unsampled";
unit 0 {
family ethernet-switching;
}
root@woodburn-bigswitch> show configuration ethernet-switching-options analyzer
spanport
ratio 1;
input {
ingress {
interface ge-0/0/0.0;
}
egress {
interface ge-0/0/0.0;
}
}
output {
interface {
ge-0/0/1.0;
}
}
root@woodburn-bigswitch> show configuration vlans
appleguest {
vlan-id 1003;
}
dutnet {
vlan-id 13;
}
guestnet {
vlan-id 12;
}
v6only {
vlan-id 11;
}
woodburn {
vlan-id 10;
l3-interface vlan.0;
}
root@woodburn-bigswitch>
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
