Hello! I've just started experimenting with OpenVSwitch on Xen, and so far I like it, but I'm running into an issue setting up port mirroring and promiscuous mode.
I'm trying to get all traffic on a network within my Xen server to be mirrored to a specific VM so I can practice with an IDS. I've determined that the VM I want my IDS on is connected via vif104.1, and I think I should run this command to create a mirror over the whole network: ovs-vsctl --set Bridge xenbr1 mirrors=@m -- -- id=@vif93.0 get Port vif93.0 -- --id=@vif78.3 get Port vif78.3 -- --id=@vif72.0 get Port vif72.0 -- --id=@79.1 get Port vif79.1 -- --id=@tap93.0 get Port tap93.0 -- --id=@xenbr1 get Port xenbr1 -- --id=@vif62.3 get Port vif62.3 -- --id=@tap62.3 get Port tap62.3 -- --id=@eth1 get Port eth1 -- --id=@vif104.1 get Port vif104.1 -- -- --id=@m create Mirror name=xenbr1-everything-mirror select-dst-port=@vif93.0,@vif78.3,@vif72.0,@vif79.1,@tap93.0,@xenbr1,@vif62.3,@vif103.1,@tap62.3,@eth1 select-src-port=@vif93.0,@vif78.3,@vif72.0,@vif79.1,@tap93.0,@xenbr1,@vif62.3,@vif103.1,@tap62.3,@eth1 output-port=@vif104.1 After running that, I should set the vif of that network on my IDS (vif104.1) into promiscuous mode with: xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true" Unfortunately, when I try running the ovs-vsctl command I get: ovs-vsctl: unrecognized option `--set' I think this is because I'm specifying multiple dst-ports and src-ports but I'm not sure. My problem appears to be in the syntax. I feel like there should be a way to mirror all interfaces on the xenbr1 network to a specified interface without having to list all of them as src-ports and dst-ports, but I haven't been able to find anything online. I asked in the Xen mailing list first, but it seems like most people there weren't familiar with the intricacies of OpenVSwitch so I figured I'd ask directly here as well. Also, VM's get a new VIF each time they're rebooted, so any mirror I create will need to be recreated after each power cycle. Is there a way to make this persistent? ________________________________ Thanks, Jake Tarren
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
