Hi Ben Thanks very much for your kind reply.
I have a question about the port mirror. I use the command line as below: I just want to implement the port mirror algorithm like this, on the same bridge, mirror ovs port 1 traffic to ovs port 10, and mirror ovs port 2 traffic to ovs port 11 .... and mirror ovs port x traffic to ovs port y. *But NOT* forwarding all ovs port to a SPAN port, which involves multiple ports but only within one policy. ovs-vsctl -- --id=@p get port tap519eb2f0-13 -- --id=@client1 get Port tapbe8770a1-6b -- set bridge br-int mirrors=@m -- --id=@m create mirror name=br-int select-dst-port=@client1 select-src-port=@client1 output-port=@p I mirror all traffic arrived or originated from the client 1 port, for example, the ovs port for VM1, and output port is the ovs port of a monitor device VM for VM1. What if I want to add additional port mirror on the same bridge ? Can I use the same CLI but different tap IP ? and I will use another port other than output port I previously used, will that work ? If, the above multi-port mirror policy works on the same bridge, *how can my OVS can find the output port existing on the different OVS* ? these bridges on multiple OVS are tunneled by connecting to a bridge call br-tun which has gre port on the tunnel. Thanks very much for your kind and timely reply. On Mon, Nov 11, 2013 at 2:07 PM, Ben Pfaff <b...@nicira.com> wrote: > On Mon, Nov 11, 2013 at 01:18:38PM -0800, terryxing wrote: > > Port mirroring is a good way and I did that. But, I can not create > multiple > > port mirroring on a single bridge. For example, H1 packet will be > > duplicated to H4 port, and H3 packet will be duplicated to H5 port. > Based > > on my understanding, port mirroring policy can not be set on a single > > bridge with multiple times. I tried and found the second policy will > flush > > and replace the first one. That means, I can only forward the packets > > Open vSwitch does have a fairly small limit on port mirroring > policies, but the limit is higher than 1. I think the limit is 32 or > 64. So, I think you must have a mistake in how you are configuring > it. > > > > What is more, sometime, I want the packet to be duplicated and forward to > > an VM on other host. That means a port on the other OVS. How OVS1 know, > for > > example, port x on OVS2 ? > > OK, yes, that requires some additional work. (You could use tunnels, > for example.) > > > In my openstack environment, all OVS brige (br-int) are connected > through a > > layer 2 gre tunnel. Thus, use mac is also working. do you have any idea > on > > how to implement that ? > > > > I know using the openflow controller can probably do that but if the ovs > > CLI can do that, that would be greatly awesome and save a lot of time. > > I haven't configured an OpenStack environment myself so I don't have > enough knowledge to give you a direct answer. Perhaps someone else > will step up. >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
