hi all: I want to detect internal network flow by a physical IDS(Intrustion detection system) device, so a possible approach is switch span.
first, I create a mirror with the openvswitch and redirect all data to an pysical interface eth1 ovs-vsctl -- --id=@m create mirror name=mirror0 -- add bridge br-int mirrors @m ovs-vsctl set mirror mirror0 output_port=4d5ed382-a0c3-4453-ab3c-58e1e7f603b0(uuid of eth1) ovs-vsctl set mirror mirror0 select_src_port=d624f5b1-f5e3-4f85-a907-bd209b5463aa(uuid of br-int) ovs-vsctl set mirror mirror0 select_dst_port=d624f5b1-f5e3-4f85-a907-bd209b5463aa(uuid of br-int) so that the internal transfered data is copied to the eth1, if the eth1 and the IDS device are in the same vlan, the IDS can detect internal flow of the openvswitch. But the problem is that: all compute node should have an extra physical interface, so that the internal data inside the compute node can be detected, it is a really waste. So I wonder is it possible to mirror the data to a vlan,rather than a port(i.e output_vlan instead of output_port), but I find that there are few documents about the output_vlan argument. After I create a vlan tags 998 on both a compute node and a network node, I find that the system halts and I can not ssh to the nodes. So can any one tell how to mirror the data to a vlan, please?
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp