这一节我们来分析Mirror

Mirror就是配置一个bridge,将某些包发给指定的mirrored ports

对于包的选择:

  • select_all,所有的包
  • select_dst_port
  • select_src_port
  • select_vlan

对于指定的目的:

  • output_port (SPAN)
  • output_vlan (RSPAN)

Port mirroring on a Cisco Systems switch is generally referred to as Switched Port ANalyzer (SPAN) or Remote Switched Port ANalyzer (RSPAN)

(1) Configure Mirroring
root@XorPlus# ovs-vsctl --db=tcp:10.10.50.215:6633 -- set bridge br0 mirrors=@m -- --id=@te-1/1/1 get Port te-1/1/1 -- --id=@te-1/1/2 get Port te-1/1/2 -- --id=@te-1/1/3 get Port te-1/1/3 -- --id=@m create Mirror name=mymirror select-dst-port=@te-1/1/1,@te-1/1/2 select-src-port=@te-1/1/1,@te-1/1/2 output-port=@te-1/1/3 root@XorPlus#
In above configuration, user configure the te-1/1/1, te-1/1/2 and te-1/1/3 in the mirroring, in which the source port are te-1/1/1 and te-1/1/2 (including the ingress and egress), the output port (monitor port) is te-1/1/3.
The “select-dst-port” means some packet (in switch chip) will go-out from the specified port (egress).
The “select-src-port” means some packet enter the specified port (ingress).
(2) Delete the Mirroring
root@XorPlus# ovs-vsctl --db=tcp:10.10.50.215:6633 -- remove bridge br0 mirrors mymirror

  • Ingress traffic-Traffic that enters the switch.
  • Egress traffic-Traffic that leaves the switch.
  • Source (SPAN) port -A port that is monitored with use of the SPAN feature.
  • Source (SPAN) VLAN -A VLAN whose traffic is monitored with use of the SPAN feature.
  • Destination (SPAN) port -A port that monitors source ports, usually where a network analyzer is connected.
  • Reflector Port -A port that copies packets onto an RSPAN VLAN.
  • Local SPAN-The SPAN feature is local when the monitored ports are all located on the same switch as the destination port.
  • Remote SPAN (RSPAN)-Some source ports are not located on the same switch as the destination port. RSPAN is an advanced feature that requires a special VLAN to carry the traffic that is monitored by SPAN between switches.
  • Port-based SPAN (PSPAN)-The user specifies one or several source ports on the switch and one destination port.
  • VLAN-based SPAN (VSPAN)-On a particular switch, the user can choose to monitor all the ports that belong to a particular VLAN in a single command.

RSPAN allows you to monitor source ports that are spread all over a switched network, not only locally on a switch with SPAN.

The functionality works exactly as a regular SPAN session. The traffic that is monitored by SPAN is not directly copied to the destination port, but flooded into a special RSPAN VLAN. The destination port can then be located anywhere in this RSPAN VLAN. There can even be several destination ports.

These are a few remarks on this design:

  • S1 is called a source switch. Packets only enter the RSPAN VLAN in switches that are configured as RSPAN source. Currently, a switch can only be the source for one RSPAN session, which means that a source switch can only feed one RSPAN VLAN at a time.
  • S2 and S3 are intermediate switches. They are not RSPAN sources and do not have destination ports. A switch can be intermediate for any number of RSPAN sessions.
  • S4 and S5 are destination switches. Some of their ports are configured to be destination for an RSPAN session.
  • You can see that RSPAN packets are flooded into the RSPAN VLAN. Even switches that are not on the path to a destination port, such as S2, receive the traffic for the RSPAN VLAN. You can find it useful to prune this VLAN on such S1-S2 links.
  • In order to achieve the flooding, learning is disabled on the RSPAN VLAN.
  • In order to prevent loops, the STP has been maintained on the RSPAN VLAN. Therefore, RSPAN cannot monitor Bridge Protocol Data Units (BPDUs).

我们先来测试SPAN

我们按照下面的拓扑结构创建vswitch

$ sudo ovs-vsctl add-port helloworld first_br
$ sudo ovs-vsctl add-port helloworld second_br -- set Port second_br tag=110      
$ sudo ovs-vsctl add-br helloworld1
$ sudo ovs-vsctl add-port helloworld1 second_if -- set Port second_if tag=110
$ sudo ovs-vsctl add-port helloworld1 third_br -- set Port third_br tag=110         
$ sudo ovs-vsctl show
c24322e6-8453-402a-afaf-64757ef231e9
    Bridge helloworld
        Controller "tcp:16.158.165.102:6633"
            is_connected: true
        Port "vnet8"
            Interface "vnet8"
        Port first_br
            Interface first_br
        Port second_br
            tag: 110
            Interface second_br
        Port "vnet10"
            Interface "vnet10"
        Port helloworld
            Interface helloworld
                type: internal
        Port "vnet9"
            Interface "vnet9"
    Bridge "helloworld1"
        Port second_if
            tag: 110
            Interface second_if
        Port "helloworld1"
            Interface "helloworld1"
                type: internal
        Port third_br
            tag: 110
            Interface third_br
    ovs_version: "2.0.1"

然后我们在first_br上面mirror所有进出vnet8的包

$ sudo ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@vnet8 get Port vnet8 -- --id=@first_br get Port first_br -- --id=@m create Mirror name=mirrorvnet8 select-dst-port=@vnet8 select-src-port=@vnet8 output-port=@first_br
19ed2f51-3245-4d5b-8e6c-67ccbb7c7ebd

这时候我们监听first_if,并且从instance01里面ping 10.10.10.3,可以看到下面的效果

$ sudo tcpdump  -n -i first_if icmp
tcpdump: WARNING: first_if: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on first_if, link-type EN10MB (Ethernet), capture size 65535 bytes
23:58:02.310198 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 1, length 64
23:58:02.312447 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 1, length 64
23:58:02.314314 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 1, length 64
23:58:03.311894 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 2, length 64
23:58:03.312266 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 2, length 64
23:58:04.313522 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 3, length 64
23:58:04.313739 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 3, length 64
23:58:05.314827 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 4, length 64
23:58:05.314979 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 4, length 64
23:58:06.316870 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 5, length 64
23:58:06.317156 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 5, length 64
23:58:07.318242 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 6, length 64
23:58:07.318481 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 6, length 64
23:58:08.319579 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 7, length 64
23:58:08.319802 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 7, length 64

然后我们来配置RSPAN

我们对进入vnet9的所有进出包,然而ouput到一个vlan 110

$ sudo ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@vnet9 get Port vnet9 -- --id=@m create Mirror name=mirrorvnet9 select-dst-port=@vnet9 select-src-port=@vnet9 output-vlan=110
cb361fa2-914d-494b-94ef-c625d194247c

在helloworld1中也要配置从110来的,都output到vlan 110

$ sudo ovs-vsctl -- set bridge helloworld1 mirrors=@m -- --id=@m create Mirror name=mirrorvlan select-vlan=110 output-vlan=110
cef13445-c6ea-45e7-bb9d-1a267b24c91c

disable mac address learning for vlan 110

$ sudo ovs-vsctl set bridge helloworld flood-vlans=110
$ sudo ovs-vsctl set bridge helloworld1 flood-vlans=110

这时候我们监听third_if,并且从instance02里面ping 10.10.10.3,可以看到下面的效果

$ sudo tcpdump  -n -i third_if icmp                   
tcpdump: WARNING: third_if: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on third_if, link-type EN10MB (Ethernet), capture size 65535 bytes
00:24:38.089192 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 1, length 64
00:24:38.090844 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 1, length 64
00:24:38.093228 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 1, length 64
00:24:39.090506 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 2, length 64
00:24:39.091024 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 2, length 64
00:24:40.091945 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 3, length 64
00:24:40.092202 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 3, length 64
00:24:41.093826 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 4, length 64
00:24:41.093917 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 4, length 64
00:24:42.095681 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 5, length 64
00:24:42.095915 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 5, length 64
00:24:43.097414 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 6, length 64
00:24:43.097586 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 6, length 64

Openvswitch手册(4): Mirror的更多相关文章

  1. Openvswitch手册(1): 架构,SSL, Manager, Bridge

    Openvswitch是一个virutal swtich, 支持Open Flow协议,当然也有一些硬件Switch也支持Open Flow协议,他们都可以被统一的Controller管理,从而实现物 ...

  2. Openvswitch手册(2): OpenFlow Controller

         我们这一节主要来看Controller Controller有两种: Primary Controller: 真正控制vswitch的flow table,vswitch会保持和contro ...

  3. Openvswitch手册(5): VLAN and Bonding

    我们这一节来看Port 一般来说一个Port就是一个Interface,当然也有一个Port对应多个Interface的情况,成为Bond VLAN Configuration Port的一个重要的方 ...

  4. Openvswitch手册(3): sFlow, netFlow

    这一节,我们重点看sFlow 采样流sFlow(Sampled Flow)是一种基于报文采样的网络流量监控技术,主要用于对网络流量进行统计分析. sFlow系统包含一个嵌入在设备中的sFlow Age ...

  5. Openvswitch手册(6): QoS

    这一节我们看QoS,Qos的设置往往是和flow中的policy一起使用的 Open vSwitch QoS capabilities 1 Interface rate limiting 2 Port ...

  6. Openvswitch手册(7): Interfaces

    我们来看Interfaces ofport: OpenFlow port number for this interface. type: system: An ordinary network de ...

  7. Openvswitch手册(8): ovs-vsctl的DB的操作

    ovs-vsctl的DB的操作 如果你在命令行里面找不到相应的命令创建和删除对象,则可以直接删除数据库 [−−if−exists] [−−columns=column[,column]...] lis ...

  8. Openvswitch手册(9): Flow

    这一节我们将flow table flow table主要由ovs-ofctl命令操作 ovs-ofctl可以走和openflow controller一样的协议: ssl:ip[:port]: Th ...

  9. Ceph相关博客、网站(256篇OpenStack博客)

    官网文档: http://docs.ceph.com/docs/master/cephfs/ http://docs.ceph.com/docs/master/cephfs/createfs/   ( ...

随机推荐

  1. sql的日期和时间函数–date_format

    Mysql的日期和时间函数–date_format   DATE_FORMAT(date,format)依照 format 字符串格式化 date 值.下面的修饰符可被用于 format 字符串中:修 ...

  2. 基于IPv6的数据包抓包分析(GNS3)

    一.实验拓扑 二.路由配置 路由R1.R2.R3.R4.R5详细配置: 1.配置R1: R1(config)#interface fastEthernet 0/1 R1(config-if)#ipv6 ...

  3. SQL Server 异常解决:语句被终止。完成执行语句前已用完最大递归 100。

    问题出现业务场景: 我司有个缺料分析报表,有一个字段是适用机种,需要通过BOM递归读取顶层父物料.这个错就是缺料分析报表执行时报的错: 原因分析定位: 通过网上一些资料,猜测应该是某个递归查询语句,遇 ...

  4. 第二期,问道PC端游戏免安装,下载即可体验

    最近 迷恋游戏搭建不能自拔.搭建过 手游梦幻诛仙,传奇等等. 今天还是推荐PC端的问道这款游戏,原因是个人投入修改的时间太多了.基本完善了好多.这还得感谢这都是论坛的各位大佬体验的结果. 原来这个游戏 ...

  5. 解决Tomcat version 7.0 only supports J2EE 1.2, 1.3, 1.4, and Java EE 5 and 6 Web modules

    1.在eclipse的workspace里面找到该项目.settings文件夹 2.编辑org.eclipse.wst.common.project.facet.core.xml文件 <?xml ...

  6. canvas的使用方法

    了解canvas:canvas标签是用作图形绘制,但是通过js脚本来实现的,canvas标签其实只是一个容器 ,最终实现绘制功能肯定是通过js脚本实现. 首先肯定要定义一个canvas标签当做容器 & ...

  7. docker--容器和镜像的导入导出及部署

    一.镜像导出 save 1.查看镜像 docker images 2.导出镜像 docker save -o test.tar image_name 或 docker save image_name ...

  8. dt常用类

    经常使用的一些datatable的操作,包括一些过滤去重的方法 using System; using System.Collections; using System.Collections.Gen ...

  9. pypi batch download

    https://wiki.archlinux.org/index.php/Python_package_guidelines_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87 ...

  10. mysql & sqlserver语法差异

    isnull   vs   ifnull dateadd  vs date_add limit vs  top