I¹ve figured it out: ovs-vsctl -- --id=@p get port vif104.1 -- --id=@m create mirror name=m0 select-all=true output-port=@p -- set bridge xenbr1 mirrors=@m
I¹ll need to switch from using port vif104.1 to using vifname, but other than that this works perfectly. The best part is that it uses the xenbr1 network that xen manages, so I shouldn¹t have to adjust src-port or dst-port as other VMs reboot. On 4/18/16, 7:28 PM, "Ben Pfaff" <[email protected]> wrote: >On Mon, Apr 18, 2016 at 10:42:21PM +0000, Tarren, Jacob A. >(LARC-B703)[LITES II] wrote: >> Hello! >> >> I've just started experimenting with OpenVSwitch on Xen, and so far I >>like it, but I'm running into an issue setting up port mirroring and >>promiscuous mode. >> >> I'm trying to get all traffic on a network within my Xen server to be >>mirrored to a specific VM so I can practice with an IDS. I've >>determined that the VM I want my IDS on is connected via vif104.1, and I >>think I should run this command to create a mirror over the whole >>network: >> >> ovs-vsctl --set Bridge xenbr1 mirrors=@m -- -- [email protected] get Port >>vif93.0 -- [email protected] get Port vif78.3 -- [email protected] get Port >>vif72.0 -- [email protected] get Port vif79.1 -- [email protected] get Port tap93.0 >>-- --id=@xenbr1 get Port xenbr1 -- [email protected] get Port vif62.3 -- >>[email protected] get Port tap62.3 -- --id=@eth1 get Port eth1 -- >>[email protected] get Port vif104.1 -- -- --id=@m create Mirror >>name=xenbr1-everything-mirror >>[email protected],@vif78.3,@vif72.0,@vif79.1,@tap93.0,@xenbr1,@vif >>62.3,@vif103.1,@tap62.3,@eth1 >>[email protected],@vif78.3,@vif72.0,@vif79.1,@tap93.0,@xenbr1,@vif >>62.3,@vif103.1,@tap62.3,@eth1 [email protected] >> >> After running that, I should set the vif of that network on my IDS >>(vif104.1) into promiscuous mode with: >> xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true" >> >> Unfortunately, when I try running the ovs-vsctl command I get: >> ovs-vsctl: unrecognized option `--set' >> I think this is because I'm specifying multiple dst-ports and src-ports >>but I'm not sure. > >"set" is a command, not an option, so there's no --. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
