On Jan 7, 2011, at 10:31 AM, Daniel Tiron wrote:
> Yes, I have to get the packets into the userspace. But I have to do this
> anyway because I need to process the data with a monitoring tool called
> vermont [1].
>
> [1] http://vermont.berlios.de/
>
In addition to span port monitoring, there are a couple of additional options
that might be worth considering:
1. It looks like Vermont understands packet sampling. One idea would be to
extend Vermont to accept sFlow as an input. sflowtool can convert sFlow to
PCAP format. You could incorporate code from sFlowTool in order to build native
sFlow support into Vermont:
http://openvswitch.org/?page_id=215
http://www.inmon.com/technology/sflowTools.php
Since packet sampling is performed in the kernel by OVS, this solution is
extremely efficient. You also get ingress/egress ifIndex, VLAN, priority
information that helps populate fields when Vermont constructs IPFIX/NetFlow
based on the sampled data.
2. Vermont also accepts NetFlow as an input. You could could configure OVS to
send NetFlow to Vermont. Since the flow cache is maintained in the kernel this
offers a more efficient solution than mirroring packets and building the cache
in Vermont.
Peter
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
