Hello,
it is me again, sorry. This time I found an issue with OVS Port Mirroring with OVS Version 2.5.0 (running together with OpenStack Mitaka and Ubuntu 14.04 LTS Releases).
In order to be able to trace internal OVS Traffic I configured Port Mirroring on OVS with following concept:
> On Host OS (Ubuntu) (creating device which can be used later for tcpdump):
# ip link add name tap-test type dummy
# ip link set tap-test promisc on
# ip link set tap-test mtu 1554
# ip link set dev tap-test up
# ip link set dev tap-test up
> Check the tap port settings
root@controller01:~# netstat -i | grep tap-test
tap-test 1554 0 0 0 0 0 3 0 0 0 BPORU
root@controller01:~#
tap-test 1554 0 0 0 0 0 3 0 0 0 BPORU
root@controller01:~#
> Adding the port for the Bridge which is under interests (e.g. br-ex)
# ovs-vsctl add-port br-ex tap-test
# ovs-vsctl add-port br-ex tap-test
> Check via ovs-ofctl show br-ex
root@controller01:~# ovs-ofctl show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:000008002754cb58
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth4): addr:08:00:27:54:cb:58
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
2(phy-br-ex): addr:82:b4:db:82:47:5a
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
3(qg-9622c415-06): addr:00:00:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
5(tap-test): addr:ca:00:4a:85:91:2c
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-ex): addr:08:00:27:54:cb:58
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
root@controller01:~#
OFPT_FEATURES_REPLY (xid=0x2): dpid:000008002754cb58
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth4): addr:08:00:27:54:cb:58
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
2(phy-br-ex): addr:82:b4:db:82:47:5a
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
3(qg-9622c415-06): addr:00:00:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
5(tap-test): addr:ca:00:4a:85:91:2c
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-ex): addr:08:00:27:54:cb:58
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
root@controller01:~#
root@controller01:~# ovs-vsctl show
406a827e-e8a1-42e1-8976-727a923f7bfc
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port tap-test
Interface tap-test
Port "qg-9622c415-06"
Interface "qg-9622c415-06"
type: internal
Port "eth4"
Interface "eth4"
Port br-ex
Interface br-ex
type: internal
406a827e-e8a1-42e1-8976-727a923f7bfc
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port tap-test
Interface tap-test
Port "qg-9622c415-06"
Interface "qg-9622c415-06"
type: internal
Port "eth4"
Interface "eth4"
Port br-ex
Interface br-ex
type: internal
............................
> Activating Port Mirroring from e.g. from port phy-br-ex -> tap-test
# ovs-vsctl -- set bridge br-ex mirrors=@m -- --id=@phy-br-ex get port phy-br-ex -- --id=@tap-test get port tap-test -- --id=@m create mirror name=mirror0 select-dst-port=@phy-br-ex select-src-port=@phy-br-ex output-port=@tap-test
root@controller01:~# ovs-vsctl -- set bridge br-ex mirrors=@m -- --id=@phy-br-ex get port phy-br-ex -- --id=@tap-test get port tap-test -- --id=@m create mirror name=mirror0 select-dst-port=@phy-br-ex select-src-port=@phy-br-ex output-port=@tap-test
3682385b-3b36-4a27-98c1-a689a7df067b
root@controller01:~#
3682385b-3b36-4a27-98c1-a689a7df067b
root@controller01:~#
> Check the active mirrors on the Bridge
root@controller01:~# ovs-vsctl list bridge br-ex
_uuid : 0a1b775a-669b-4bd2-aa79-8b3f2570f834
auto_attach : []
controller : []
datapath_id : "000008002754cb58"
datapath_type : system
datapath_version : "<unknown>"
external_ids : {}
fail_mode : []
flood_vlans : []
flow_tables : {}
ipfix : []
mcast_snooping_enable: false
mirrors : [3682385b-3b36-4a27-98c1-a689a7df067b]
name : br-ex
netflow : []
other_config : {}
ports : [26bacfad-2cfd-4708-ac79-5e6383c05178, 72bfb057-132b-4cf7-89fd-897fc84db40e, f005cb9b-a533-4626-b644-8825e3d90391, f2ab189f-5751-4741-8557-190282bded45, fa0c4240-1218-4059-bc58-32f48add3b1e]
protocols : ["OpenFlow10"]
rstp_enable : false
rstp_status : {}
sflow : []
status : {}
stp_enable : false
root@controller01:~#
_uuid : 0a1b775a-669b-4bd2-aa79-8b3f2570f834
auto_attach : []
controller : []
datapath_id : "000008002754cb58"
datapath_type : system
datapath_version : "<unknown>"
external_ids : {}
fail_mode : []
flood_vlans : []
flow_tables : {}
ipfix : []
mcast_snooping_enable: false
mirrors : [3682385b-3b36-4a27-98c1-a689a7df067b]
name : br-ex
netflow : []
other_config : {}
ports : [26bacfad-2cfd-4708-ac79-5e6383c05178, 72bfb057-132b-4cf7-89fd-897fc84db40e, f005cb9b-a533-4626-b644-8825e3d90391, f2ab189f-5751-4741-8557-190282bded45, fa0c4240-1218-4059-bc58-32f48add3b1e]
protocols : ["OpenFlow10"]
rstp_enable : false
rstp_status : {}
sflow : []
status : {}
stp_enable : false
root@controller01:~#
> Start tcpdump on tap-test:
# tcpdump -i tap-test
> Initiating traffic over the internal patch port phy-br-ex (regular icmp traffic). The traffic is sent from outside the system and it is sure, that the icmp packets needs to traverse
over the internal patch port from the Bridge br-ex to another OVS Bridge br-int.
> Stop tcpdump
root@controller01:~# tcpdump -i tap-test
tcpdump: WARNING: tap-test: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap-test, link-type EN10MB (Ethernet), capture size 65535 bytes
tcpdump: WARNING: tap-test: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap-test, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
root@controller01:~#
0 packets captured
0 packets received by filter
0 packets dropped by kernel
root@controller01:~#
Problem: The packets are not visible in the output of tcpdump :-(
When I perform port mirroring instead of using the patch port phy-br-ex another port e.g. qg-9622c415-06 of the same bridge the port morring is working as expected.
(Port mirroring from port qg-9622c415-06 to tap-test)
Questions:
------------
1.) Do you have any experience with port monitoring of patch ports in an OVS + OpenStack environment (e.g. between br-ex <-> br-int, or between br-int <-> br-vlan, or br-int<->br-tun)
My tests show here that with OVS 2.5.0 and OpenStack Mitaka (running on Ubuntu 14.04) it is not working. Same tests I have executed with OpenStack Liberty and OVS 2.4.0. In the older
environment port mirroring on such patch ports looks better, but only 1 direction mirrored (e.g. I see ICMP Req. but no ICMP response), and on some other patch ports I see ICMP Resp. but no ICMP Req.
Any recommendation how to follow up this issues? or how to perform port mirroring on patch ports correctly? Any workaround?
(I am aware that there are many discussions in this section, and I wonder that in newest OVS Release together with new OpenStack Mitaka still some issues are available in this basic area)
2.) Any recommendation how to perform correctly port mirroring on a Bridge Port using VXLAN encapsulation (VXLAN Tunneling). Shall this work? Tests here show, that it is not working
Greetings
Thomas
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
