这一节我们来分析Mirror

Mirror就是配置一个bridge,将某些包发给指定的mirrored ports

对于包的选择:

  • select_all,所有的包
  • select_dst_port
  • select_src_port
  • select_vlan

对于指定的目的:

  • output_port (SPAN)
  • output_vlan (RSPAN)

Port mirroring on a Cisco Systems switch is generally referred to as Switched Port ANalyzer (SPAN) or Remote Switched Port ANalyzer (RSPAN)

(1) Configure Mirroring
root@XorPlus# ovs-vsctl --db=tcp:10.10.50.215:6633 -- set bridge br0 mirrors=@m -- --id=@te-1/1/1 get Port te-1/1/1 -- --id=@te-1/1/2 get Port te-1/1/2 -- --id=@te-1/1/3 get Port te-1/1/3 -- --id=@m create Mirror name=mymirror select-dst-port=@te-1/1/1,@te-1/1/2 select-src-port=@te-1/1/1,@te-1/1/2 output-port=@te-1/1/3 root@XorPlus#
In above configuration, user configure the te-1/1/1, te-1/1/2 and te-1/1/3 in the mirroring, in which the source port are te-1/1/1 and te-1/1/2 (including the ingress and egress), the output port (monitor port) is te-1/1/3.
The “select-dst-port” means some packet (in switch chip) will go-out from the specified port (egress).
The “select-src-port” means some packet enter the specified port (ingress).
(2) Delete the Mirroring
root@XorPlus# ovs-vsctl --db=tcp:10.10.50.215:6633 -- remove bridge br0 mirrors mymirror

  • Ingress traffic-Traffic that enters the switch.
  • Egress traffic-Traffic that leaves the switch.
  • Source (SPAN) port -A port that is monitored with use of the SPAN feature.
  • Source (SPAN) VLAN -A VLAN whose traffic is monitored with use of the SPAN feature.
  • Destination (SPAN) port -A port that monitors source ports, usually where a network analyzer is connected.
  • Reflector Port -A port that copies packets onto an RSPAN VLAN.
  • Local SPAN-The SPAN feature is local when the monitored ports are all located on the same switch as the destination port.
  • Remote SPAN (RSPAN)-Some source ports are not located on the same switch as the destination port. RSPAN is an advanced feature that requires a special VLAN to carry the traffic that is monitored by SPAN between switches.
  • Port-based SPAN (PSPAN)-The user specifies one or several source ports on the switch and one destination port.
  • VLAN-based SPAN (VSPAN)-On a particular switch, the user can choose to monitor all the ports that belong to a particular VLAN in a single command.

RSPAN allows you to monitor source ports that are spread all over a switched network, not only locally on a switch with SPAN.

The functionality works exactly as a regular SPAN session. The traffic that is monitored by SPAN is not directly copied to the destination port, but flooded into a special RSPAN VLAN. The destination port can then be located anywhere in this RSPAN VLAN. There can even be several destination ports.

These are a few remarks on this design:

  • S1 is called a source switch. Packets only enter the RSPAN VLAN in switches that are configured as RSPAN source. Currently, a switch can only be the source for one RSPAN session, which means that a source switch can only feed one RSPAN VLAN at a time.
  • S2 and S3 are intermediate switches. They are not RSPAN sources and do not have destination ports. A switch can be intermediate for any number of RSPAN sessions.
  • S4 and S5 are destination switches. Some of their ports are configured to be destination for an RSPAN session.
  • You can see that RSPAN packets are flooded into the RSPAN VLAN. Even switches that are not on the path to a destination port, such as S2, receive the traffic for the RSPAN VLAN. You can find it useful to prune this VLAN on such S1-S2 links.
  • In order to achieve the flooding, learning is disabled on the RSPAN VLAN.
  • In order to prevent loops, the STP has been maintained on the RSPAN VLAN. Therefore, RSPAN cannot monitor Bridge Protocol Data Units (BPDUs).

我们先来测试SPAN

我们按照下面的拓扑结构创建vswitch

$ sudo ovs-vsctl add-port helloworld first_br
$ sudo ovs-vsctl add-port helloworld second_br -- set Port second_br tag=110      
$ sudo ovs-vsctl add-br helloworld1
$ sudo ovs-vsctl add-port helloworld1 second_if -- set Port second_if tag=110
$ sudo ovs-vsctl add-port helloworld1 third_br -- set Port third_br tag=110         
$ sudo ovs-vsctl show
c24322e6-8453-402a-afaf-64757ef231e9
    Bridge helloworld
        Controller "tcp:16.158.165.102:6633"
            is_connected: true
        Port "vnet8"
            Interface "vnet8"
        Port first_br
            Interface first_br
        Port second_br
            tag: 110
            Interface second_br
        Port "vnet10"
            Interface "vnet10"
        Port helloworld
            Interface helloworld
                type: internal
        Port "vnet9"
            Interface "vnet9"
    Bridge "helloworld1"
        Port second_if
            tag: 110
            Interface second_if
        Port "helloworld1"
            Interface "helloworld1"
                type: internal
        Port third_br
            tag: 110
            Interface third_br
    ovs_version: "2.0.1"

然后我们在first_br上面mirror所有进出vnet8的包

$ sudo ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@vnet8 get Port vnet8 -- --id=@first_br get Port first_br -- --id=@m create Mirror name=mirrorvnet8 select-dst-port=@vnet8 select-src-port=@vnet8 output-port=@first_br
19ed2f51-3245-4d5b-8e6c-67ccbb7c7ebd

这时候我们监听first_if,并且从instance01里面ping 10.10.10.3,可以看到下面的效果

$ sudo tcpdump  -n -i first_if icmp
tcpdump: WARNING: first_if: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on first_if, link-type EN10MB (Ethernet), capture size 65535 bytes
23:58:02.310198 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 1, length 64
23:58:02.312447 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 1, length 64
23:58:02.314314 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 1, length 64
23:58:03.311894 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 2, length 64
23:58:03.312266 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 2, length 64
23:58:04.313522 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 3, length 64
23:58:04.313739 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 3, length 64
23:58:05.314827 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 4, length 64
23:58:05.314979 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 4, length 64
23:58:06.316870 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 5, length 64
23:58:06.317156 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 5, length 64
23:58:07.318242 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 6, length 64
23:58:07.318481 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 6, length 64
23:58:08.319579 IP 10.10.10.1 > 10.10.10.3: ICMP echo request, id 3200, seq 7, length 64
23:58:08.319802 IP 10.10.10.3 > 10.10.10.1: ICMP echo reply, id 3200, seq 7, length 64

然后我们来配置RSPAN

我们对进入vnet9的所有进出包,然而ouput到一个vlan 110

$ sudo ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@vnet9 get Port vnet9 -- --id=@m create Mirror name=mirrorvnet9 select-dst-port=@vnet9 select-src-port=@vnet9 output-vlan=110
cb361fa2-914d-494b-94ef-c625d194247c

在helloworld1中也要配置从110来的,都output到vlan 110

$ sudo ovs-vsctl -- set bridge helloworld1 mirrors=@m -- --id=@m create Mirror name=mirrorvlan select-vlan=110 output-vlan=110
cef13445-c6ea-45e7-bb9d-1a267b24c91c

disable mac address learning for vlan 110

$ sudo ovs-vsctl set bridge helloworld flood-vlans=110
$ sudo ovs-vsctl set bridge helloworld1 flood-vlans=110

这时候我们监听third_if,并且从instance02里面ping 10.10.10.3,可以看到下面的效果

$ sudo tcpdump  -n -i third_if icmp                   
tcpdump: WARNING: third_if: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on third_if, link-type EN10MB (Ethernet), capture size 65535 bytes
00:24:38.089192 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 1, length 64
00:24:38.090844 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 1, length 64
00:24:38.093228 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 1, length 64
00:24:39.090506 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 2, length 64
00:24:39.091024 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 2, length 64
00:24:40.091945 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 3, length 64
00:24:40.092202 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 3, length 64
00:24:41.093826 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 4, length 64
00:24:41.093917 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 4, length 64
00:24:42.095681 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 5, length 64
00:24:42.095915 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 5, length 64
00:24:43.097414 IP 10.10.10.2 > 10.10.10.3: ICMP echo request, id 2999, seq 6, length 64
00:24:43.097586 IP 10.10.10.3 > 10.10.10.2: ICMP echo reply, id 2999, seq 6, length 64

Openvswitch手册(4): Mirror的更多相关文章

  1. Openvswitch手册(1): 架构,SSL, Manager, Bridge

    Openvswitch是一个virutal swtich, 支持Open Flow协议,当然也有一些硬件Switch也支持Open Flow协议,他们都可以被统一的Controller管理,从而实现物 ...

  2. Openvswitch手册(2): OpenFlow Controller

         我们这一节主要来看Controller Controller有两种: Primary Controller: 真正控制vswitch的flow table,vswitch会保持和contro ...

  3. Openvswitch手册(5): VLAN and Bonding

    我们这一节来看Port 一般来说一个Port就是一个Interface,当然也有一个Port对应多个Interface的情况,成为Bond VLAN Configuration Port的一个重要的方 ...

  4. Openvswitch手册(3): sFlow, netFlow

    这一节,我们重点看sFlow 采样流sFlow(Sampled Flow)是一种基于报文采样的网络流量监控技术,主要用于对网络流量进行统计分析. sFlow系统包含一个嵌入在设备中的sFlow Age ...

  5. Openvswitch手册(6): QoS

    这一节我们看QoS,Qos的设置往往是和flow中的policy一起使用的 Open vSwitch QoS capabilities 1 Interface rate limiting 2 Port ...

  6. Openvswitch手册(7): Interfaces

    我们来看Interfaces ofport: OpenFlow port number for this interface. type: system: An ordinary network de ...

  7. Openvswitch手册(8): ovs-vsctl的DB的操作

    ovs-vsctl的DB的操作 如果你在命令行里面找不到相应的命令创建和删除对象,则可以直接删除数据库 [−−if−exists] [−−columns=column[,column]...] lis ...

  8. Openvswitch手册(9): Flow

    这一节我们将flow table flow table主要由ovs-ofctl命令操作 ovs-ofctl可以走和openflow controller一样的协议: ssl:ip[:port]: Th ...

  9. Ceph相关博客、网站(256篇OpenStack博客)

    官网文档: http://docs.ceph.com/docs/master/cephfs/ http://docs.ceph.com/docs/master/cephfs/createfs/   ( ...

随机推荐

  1. Python基础-文件操作(七)

    一.文件基本操作 1.open 打开模式: w模式 写模式write 文件不存在时会创建文件,如果文件已存在则会清空文件 r模式 读模式read 文件不存在就报错,存在则准备读取文件 a模式 追加模式 ...

  2. 获取网页title(还有一坑未填)

    def getTitle(self,url): #get title title = 'time out' try: self.res = requests.get(url,timeout=5) so ...

  3. Saliency Detection: A Spectral Residual Approach

    Saliency Detection: A Spectral Residual Approach 题目:Saliency Detection: A Spectral Residual Approach ...

  4. docker--在centos镜像安装mysql

    一.安装centos镜像 1.拉取最新版本centos镜像(拉取centos7 则使用centos:7即可) docker pull centos:lasted 2.查看已有镜像 docker ima ...

  5. 面试简单整理之mybatis

    125.mybatis 中 #{}和 ${}的区别是什么? 1. #将传入的数据都当成一个字符串,会对自动传入的数据加一个双引号.如:order by #user_id#,如果传入的值是111,那么解 ...

  6. mysql 数据库的备份和还原

    1. 逻辑备份 (和存储引擎无关) mysqldump -uroot -p schoolDB TSubject > /mysqlbackup/schoolDB.TSubject.sql  (备份 ...

  7. playframework 一步一步来 之 日志 (三)

    在paly中自定义配置logback,也很简单,只需在conf folder下添一个application-logger.xml或者logger.xml就行了.(出处:"If you cre ...

  8. Node.js server-side javascript cpu占用高

    也不知道微软咋想的,不搞死我们的电脑不罢休 https://developercommunity.visualstudio.com/content/problem/27033/nodejs-serve ...

  9. remove集合的用法

    循环集合的方法有三种: 简单for循环 iterator循环 增强for循环 例子如下: List<Long> fList = new ArrayList<Long>(); f ...

  10. 批处理-Java JDK环境变量配置

    setx /M JAVA_HOME "C:\Program Files\Java\jdk1.8.0_131" setx /M CLASSPATH ".;%%JAVA_HO ...