Re: Port Mirror Option in Cloudstack

Fri, 14 Jun 2024 02:45:30 -0700 

Hello,

I think there is no way to make this work from cloudstack.

However, in case you are using openvswitch on your hosts you could try to
create a mirror there for egress, ingress or both

Let's say the vm machine port is vnet10.

Something like this could work for you:

# Add an internal port on the bridge your VM resides
ovs-vsctl add-port BRIDGE0 VM1_MIRROR_OUTPUT -- set interface
VM1_MIRROR_OUTPUT type=internal

#Get UUID ofr the mirror port
ovs-vsctl get port  VM1_MIRROR_OUTPUT   _uuid

ovs-vsctl --id=@m create mirror name="VM1_MIRROR"
ovs-vsctl add bridge BRIDGE0 mirrors @m
ovs-vsctl --id=@port get port  VM1_MIRROR_OUTPUT
ovs-vsctl set mirror "VM1_MIRROR" output-port=@port

Get the UUID of the VM interface you want to mirror
e.g
export PORT_UUID=ovs-vsctl get port vnet10 _uuid
Finally set egress/igress or both

ovs-vsctl add Mirror "VM1_MIRROR" select_src_port $PORT_UUID    # EGRESS
ovs-vsctl add Mirror "VM1_MIRROR" select_dst_port $PORT_UUID    # IGRESS
ovs-vsctl add Mirror "VM1_MIRROR" select_src_port $PORT_UUID
select_dst_port $PORT_UUID #BOTH DIRECTIONS

If you don't use openvswitch you could try to do it with traditional linux
bridges

#source_if is bridge0
#dest_if is VM1_MIRROR0

# For ingress
tc qdisc add dev bridge0 ingress
tc filter add dev bridge0 parent ffff: \
      protocol all \
      u32 match u8 0 0 \
      action mirred egress mirror dev VM1_MIRROR0

# For egress
tc qdisc add dev bridge0 hande 1: root prio
tc filter add dev bridge0 parent 1: \
     protocol all \
     u32 match u8 0 0 \
     action mirred egress mirror dev VM1_MIRROR0








On Fri, Jun 14, 2024 at 9:52 AM Nixon Varghese K S <[email protected]>
wrote:

> Hello,
>
> Is there a way to mirror my packet to another VM in CloudStack. On VMware,
> we do have a port mirror option on vSwitch so that I can mirror my packet
> to another VM for some debug purposes. As my test and development are all
> running on the same cloudstack KVM, I won't be able to do a port mirror on
> my physical switch to send it to a VM running outside cloudstack.
>
> Is there any workaround for this scenario. It would be great if I could get
> any help on this.
>
> With Regards,
> Nixon Varghese
>


-- 
p4nd0ra - the curious

Reply via email to