Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Port Mirroring

  1. Configure VFs.

    For details, see Configuring Kernel-Mode SR-IOV.

  2. Start the OVS and configure the network.
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
    		 
    systemctl start openvswitch
ovs-vsctl add-br br-ovs
ovs-vsctl add-port br-ovs enp1s0f0_0
ovs-vsctl add-port br-ovs enp1s0f0_1
ovs-vsctl add-port br-ovs enp1s0f0_2
ovs-vsctl add-port br-ovs enp1s0f0_3
ovs-vsctl add-port br-ovs enp1s0f0_4
ovs-vsctl add-port br-ovs enp1s0f0_5
ovs-vsctl add-port br-ovs enp1s0f0_6
ovs-vsctl add-port br-ovs enp1s0f0_7
ovs-vsctl add-port br-ovs enp1s0f0
ip link set dev enp1s0f0 up
ip link set dev enp1s0f0_0 up
ip link set dev enp1s0f0_1 up
ip link set dev enp1s0f0_2 up
ip link set dev enp1s0f0_3 up
ip link set dev enp1s0f0_4 up
ip link set dev enp1s0f0_5 up
ip link set dev enp1s0f0_6 up
ip link set dev enp1s0f0_7 up
  3. Start the VMs.
    • Run the following command on host 1: 
      virsh start vm1
    • Run the following commands on host 2: 
      virsh start vm1
virsh start vm4
  4. Configure OVS Switched Port Analyzer (SPAN) port mirroring.
    1
    		 
    ovs-vsctl -- --id=@p get port enp1s0f0_3 -- --id=@q get port enp1s0f0_0 -- --id=@m create mirror name=m0 select_src_port=@q select_dst_port=@q output-port=@p -- set bridge br-ovs mirrors=@m

    In this command, configure port mirroring on br-ovs to mirror the incoming and outgoing traffic of port enp1s0f0_0 to port enp1s0f0_3.

    • -- --id=@p get port enp1s0f0_3: Create an alias of port enp1s0f0_3.
    • -- --id=@m create mirror name=m0: Create a port mirror.
    • select_src_port=@q select_dst_port=@q output-port=@p: Set a port mirroring rule. Among the parameters, select_src_port indicates that the traffic entering this port is mirrored, select_dst_port indicates that the traffic leaving this port is mirrored, and output-port indicates that the mirrored traffic is output to the designated port.
    • -- set bridge br-ovs mirrors=@m: Specify the port mirroring rule of the bridge.
  5. Log in to a VM.
    Run the following command on host 2: 
    virsh console vm4
  6. Capture packets on the port mirror. Send packets from host 1 to VM 1 (enp1s0f0_0) of host 2, and capture packets on VM 4 (enp1s0f0_3) of host 2.

    Run the following command on VM 4 of host 2:

    1
    		 
    tcpdump -i enp1s0
  7. Send packets on the VMs and check the captured packets.
    • Run the following command on VM 1 of host 2: 
      1
      		 
      iperf3 -s
    • Run the following command on VM 1 of host 1: 
      1
      		 
      iperf3 -c <Host2vm1_ip> -t 0

    Captured data packets:

  8. Press Ctrl+] to exit from the VMs and view the flow table offloading.
    1
    		 
    watch -n 1 -d ovs-appctl dpctl/dump-flows type=offloaded

    Offloading status:

  9. Clear port mirrors.
    1
    		 
    ovs-vsctl clear bridge br-ovs mirrors
  10. Configure OVS Remote Switched Port Analyzer (RSPAN) port mirroring.
    1
2
    		 
    ovs-vsctl set bridge br-ovs flood_vlans=111
ovs-vsctl -- --id=@q get port enp1s0f0_0 -- --id=@m create mirror name=m0 select_src_port=@q select_dst_port=@q output_vlan=111 -- set bridge br-ovs mirrors=@m
  11. Repeat 5 to 8 to check the packet capturing and offloading.

    Run the following command on VM 4 of host 2 to capture data packets:

    1
    		 
    tcpdump -i enp1s0 -ne

    Captured data packets:

    Offloading status:

Verification Result

Port mirroring in SPAN mode supports packet capturing and flow table offloading. Port mirroring in other modes supports only packet capturing.