这一节我们来分析Mirror

Mirror就是配置一个bridge,将某些包发给指定的mirrored ports

对于包的选择:

  • select_all,所有的包
  • select_dst_port
  • select_src_port
  • select_vlan

对于指定的目的:

  • output_port (SPAN)
  • output_vlan (RSPAN)

Port mirroring on a Cisco Systems switch is generally referred to as Switched Port ANalyzer (SPAN) or Remote Switched Port ANalyzer (RSPAN)

(1) Configure Mirroring
root@XorPlus# ovs-vsctl --db=tcp:10.10.50.215:6633 -- set bridge br0 mirrors=@m -- --id=@te-1/1/1 get Port te-1/1/1 -- --id=@te-1/1/2 get Port te-1/1/2 -- --id=@te-1/1/3 get Port te-1/1/3 -- --id=@m create Mirror name=mymirror select-dst-port=@te-1/1/1,@te-1/1/2 select-src-port=@te-1/1/1,@te-1/1/2 output-port=@te-1/1/3 root@XorPlus#
In above configuration, user configure the te-1/1/1, te-1/1/2 and te-1/1/3 in the mirroring, in which the source port are te-1/1/1 and te-1/1/2 (including the ingress and egress), the output port (monitor port) is te-1/1/3.
The “select-dst-port” means some packet (in switch chip) will go-out from the specified port (egress).
The “select-src-port” means some packet enter the specified port (ingress).
(2) Delete the Mirroring
root@XorPlus# ovs-vsctl --db=tcp:10.10.50.215:6633 -- remove bridge br0 mirrors mymirror

  • Ingress traffic-Traffic that enters the switch.
  • Egress traffic-Traffic that leaves the switch.
  • Source (SPAN) port -A port that is monitored with use of the SPAN feature.
  • Source (SPAN) VLAN -A VLAN whose traffic is monitored with use of the SPAN feature.
  • Destination (SPAN) port -A port that monitors source ports, usually where a network analyzer is connected.
  • Reflector Port -A port that copies packets onto an RSPAN VLAN.
  • Local SPAN-The SPAN feature is local when the monitored ports are all located on the same switch as the destination port.
  • Remote SPAN (RSPAN)-Some source ports are not located on the same switch as the destination port. RSPAN is an advanced feature that requires a special VLAN to carry the traffic that is monitored by SPAN between switches.
  • Port-based SPAN (PSPAN)-The user specifies one or several source ports on the switch and one destination port.
  • VLAN-based SPAN (VSPAN)-On a particular switch, the user can choose to monitor all the ports that belong to a particular VLAN in a single command.

RSPAN allows you to monitor source ports that are spread all over a switched network, not only locally on a switch with SPAN.

The functionality works exactly as a regular SPAN session. The traffic that is monitored by SPAN is not directly copied to the destination port, but flooded into a special RSPAN VLAN. The destination port can then be located anywhere in this RSPAN VLAN. There can even be several destination ports.

These are a few remarks on this design:

  • S1 is called a source switch. Packets only enter the RSPAN VLAN in switches that are configured as RSPAN source. Currently, a switch can only be the source for one RSPAN session, which means that a source switch can only feed one RSPAN VLAN at a time.
  • S2 and S3 are intermediate switches. They are not RSPAN sources and do not have destination ports. A switch can be intermediate for any number of RSPAN sessions.
  • S4 and S5 are destination switches. Some of their ports are configured to be destination for an RSPAN session.
  • You can see that RSPAN packets are flooded into the RSPAN VLAN. Even switches that are not on the path to a destination port, such as S2, receive the traffic for the RSPAN VLAN. You can find it useful to prune this VLAN on such S1-S2 links.
  • In order to achieve the flooding, learning is disabled on the RSPAN VLAN.
  • In order to prevent loops, the STP has been maintained on the RSPAN VLAN. Therefore, RSPAN cannot monitor Bridge Protocol Data Units (BPDUs).

我们先来测试SPAN

我们按照下面的拓扑结构创建vswitch

$ sudo ovs-vsctl add-port helloworld first_br
$ sudo ovs-vsctl add-port helloworld second_br -- set Port second_br tag=110      
$ sudo ovs-vsctl add-br helloworld1
$ sudo ovs-vsctl add-port helloworld1 second_if -- set Port second_if tag=110
$ sudo ovs-vsctl add-port helloworld1 third_br -- set Port third_br tag=110         
$ sudo ovs-vsctl show
c24322e6-8453-402a-afaf-64757ef231e9
    Bridge helloworld
        Controller "tcp:16.158.165.102:6633"
            is_connected: true
        Port "vnet8"
            Interface "vnet8"
        Port first_br
            Interface first_br
        Port second_br
            tag: 110
            Interface second_br
        Port "vnet10"
            Interface "vnet10"
        Port helloworld
            Interface helloworld
                type: internal
        Port "vnet9"
            Interface "vnet9"
    Bridge "helloworld1"
        Port second_if
            tag: 110
            Interface second_if
        Port "helloworld1"
            Interface "helloworld1"
                type: internal
        Port third_br
            tag: 110
            Interface third_br
    ovs_version: "2.0.1"

然后我们在first_br上面mirror所有进出vnet8的包

$ sudo ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@vnet8 get Port vnet8 -- --id=@first_br get Port first_br -- --id=@m create Mirror name=mirrorvnet8 select-dst-port=@vnet8 select-src-port=@vnet8 output-port=@first_br
19ed2f51-3245-4d5b-8e6c-67ccbb7c7ebd

这时候我们监听first_if,并且从instance01里面ping 10.10.10.3,可以看到下面的效果

$ sudo tcpdump  -n -i first_if icmp
tcpdump: WARNING: first_if: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on first_if, link-type EN10MB (Ethernet), capture size 65535 bytes
23:58:02.310198 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 1, length 64
23:58:02.312447 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 1, length 64
23:58:02.314314 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 1, length 64
23:58:03.311894 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 2, length 64
23:58:03.312266 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 2, length 64
23:58:04.313522 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 3, length 64
23:58:04.313739 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 3, length 64
23:58:05.314827 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 4, length 64
23:58:05.314979 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 4, length 64
23:58:06.316870 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 5, length 64
23:58:06.317156 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 5, length 64
23:58:07.318242 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 6, length 64
23:58:07.318481 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 6, length 64
23:58:08.319579 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 7, length 64
23:58:08.319802 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 7, length 64

然后我们来配置RSPAN

我们对进入vnet9的所有进出包,然而ouput到一个vlan 110

$ sudo ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@vnet9 get Port vnet9 -- --id=@m create Mirror name=mirrorvnet9 select-dst-port=@vnet9 select-src-port=@vnet9 output-vlan=110
cb361fa2-914d-494b-94ef-c625d194247c

在helloworld1中也要配置从110来的,都output到vlan 110

$ sudo ovs-vsctl -- set bridge helloworld1 mirrors=@m -- --id=@m create Mirror name=mirrorvlan select-vlan=110 output-vlan=110
cef13445-c6ea-45e7-bb9d-1a267b24c91c

disable mac address learning for vlan 110

$ sudo ovs-vsctl set bridge helloworld flood-vlans=110
$ sudo ovs-vsctl set bridge helloworld1 flood-vlans=110

这时候我们监听third_if,并且从instance02里面ping 10.10.10.3,可以看到下面的效果

$ sudo tcpdump  -n -i third_if icmp                   
tcpdump: WARNING: third_if: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on third_if, link-type EN10MB (Ethernet), capture size 65535 bytes
00:24:38.089192 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 1, length 64
00:24:38.090844 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 1, length 64
00:24:38.093228 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 1, length 64
00:24:39.090506 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 2, length 64
00:24:39.091024 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 2, length 64
00:24:40.091945 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 3, length 64
00:24:40.092202 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 3, length 64
00:24:41.093826 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 4, length 64
00:24:41.093917 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 4, length 64
00:24:42.095681 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 5, length 64
00:24:42.095915 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 5, length 64
00:24:43.097414 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 6, length 64
00:24:43.097586 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 6, length 64

Openvswitch手册(4): Mirror的更多相关文章

  1. Openvswitch手册(1): 架构,SSL, Manager, Bridge

    Openvswitch是一个virutal swtich, 支持Open Flow协议,当然也有一些硬件Switch也支持Open Flow协议,他们都可以被统一的Controller管理,从而实现物 ...

  2. Openvswitch手册(2): OpenFlow Controller

         我们这一节主要来看Controller Controller有两种: Primary Controller: 真正控制vswitch的flow table,vswitch会保持和contro ...

  3. Openvswitch手册(5): VLAN and Bonding

    我们这一节来看Port 一般来说一个Port就是一个Interface,当然也有一个Port对应多个Interface的情况,成为Bond VLAN Configuration Port的一个重要的方 ...

  4. Openvswitch手册(3): sFlow, netFlow

    这一节,我们重点看sFlow 采样流sFlow(Sampled Flow)是一种基于报文采样的网络流量监控技术,主要用于对网络流量进行统计分析. sFlow系统包含一个嵌入在设备中的sFlow Age ...

  5. Openvswitch手册(6): QoS

    这一节我们看QoS,Qos的设置往往是和flow中的policy一起使用的 Open vSwitch QoS capabilities 1 Interface rate limiting 2 Port ...

  6. Openvswitch手册(7): Interfaces

    我们来看Interfaces ofport: OpenFlow port number for this interface. type: system: An ordinary network de ...

  7. Openvswitch手册(8): ovs-vsctl的DB的操作

    ovs-vsctl的DB的操作 如果你在命令行里面找不到相应的命令创建和删除对象,则可以直接删除数据库 [−−if−exists] [−−columns=column[,column]...] lis ...

  8. Openvswitch手册(9): Flow

    这一节我们将flow table flow table主要由ovs-ofctl命令操作 ovs-ofctl可以走和openflow controller一样的协议: ssl:ip[:port]: Th ...

  9. Ceph相关博客、网站(256篇OpenStack博客)

    官网文档: http://docs.ceph.com/docs/master/cephfs/ http://docs.ceph.com/docs/master/cephfs/createfs/   ( ...

随机推荐

  1. python note 15 正则表达式

    # 正则表达式 只和字符串打交道 # 正则表达式的规则# 规则 字符串 从字符串中找到符合规则的内容 # 字符组 : [] 写在中括号中的内容,都出现在下面的某一个字符的位置上都是符合规则的 # [0 ...

  2. sqlserver改主键初始ID

  3. stark组件开发之组合搜索高级显示和扩展

    上一篇,我只是做了. 默认的显示. def __iter__(self): '''默认显示. 用户可以自定制''' if isinstance(self.queryset_or_tuple, list ...

  4. CentOS7 常用设置

    安装配置 0.Centos7 优盘U盘安装以及解决安装时引导错误 1.CentOS7开启网卡,设置开机启用网卡 2.CentOS7 修改静态IP地址 3.CentOS7 下使用root免密码输入自动登 ...

  5. nuget安装本地nupkg文件

    打开visual studio,菜单选择‘工具’->‘选项’ 然后 接下来,选择‘程序包源’,把‘包括预发行版’打钩,然后安装需要的包到工程即可,如下图:

  6. A Model of Saliency-Based Visual Attention for Rapid Scene Analysis

    A Model of Saliency-Based Visual Attention for Rapid Scene Analysis 题目:A Model of Saliency-Based Vis ...

  7. DataTables warning : Requested unknown parameter '0' from the data source for row 0错误

    在做datatables的项目,从后台取得数据后,返回给datatables界面时会报下面的错误: DataTables warning : Requested unknown parameter ' ...

  8. SHELL脚本学习-练习写一个脚本4

    #编写一个脚本时,自动生成”#!/bin/bash”这一行和相关注释信息. 把以下的代码保存为一个sh文件,比如test.sh , 新建脚本是使用  bash test.sh newfile 即可. ...

  9. Core DES加、解密

    安装 Portable.BouncyCastle Nuget包 地址:https://www.nuget.org/packages/Portable.BouncyCastle/ Install-Pac ...

  10. vue2项目结构搭建

    vue2项目结构初搭建与项目基本流程 一.开始项目结构搭建的重要性 决定项目是否能够健康成长 决定了项目是否利于多人协作开发 决定了项目是否利于后期维护 决定了项目是否性能良好 决定了代码是否重用率降 ...