Hi Justin, thank you for replying!
> I'm not familiar with pmacct, but a quick look at the documentation makes it look like by default it captures 4KB per packet. It could also be dropping packets. There are a lot of variables here. You may want to check the > interface statistics in both the guest and dom0 to make sure those are right. pmacct itself is not the problem. Both pmacct configuration (the one in the VM and the one on the XenServer host) are the same. Just one of them (the on in the VM) seems not to get all traffic data. I tried to do some more analysis. Doing a tcpdump for the same time for around 15 seconds on the VM and the xenserver host gives very different results: +++ VM: [root@xen04 ~]# tcpdump -i eth1 -n not port 22 (...) 1374 packets captured 1637 packets received by filter 0 packets dropped by kernel +++ +++ XenServer Host: root@trafficmirror:~# tcpdump -i eth1 -n not port 22 (...) 68272 packets captured 81960 packets received by filter 13663 packets dropped by kernel +++ As we can see the VM only has a small amount of packets which arrive on eth1 interface in total. Could this have to do with VLAN tagging? When reviewing the tcpdump it looks like that I only see traffic inside that VLAN in which the VM is hosted in. Traffic outside this VLAN is not available, although eth1/vif1.1 is not in a VLAN. Only vif1.0 (the VM's network interface to connect to the server) is inside a VLAN. How can I get the rest of all the other VLAN traffic to my vif1.1? Thank you, Jerome -----Ursprüngliche Nachricht----- Von: Justin Pettit [mailto:jpet...@ovn.org] Gesendet: Dienstag, 9. August 2016 07:05 An: Jerome Eichler Cc: discuss@openvswitch.org Betreff: Re: [ovs-discuss] Port Mirroring on XenCenter 7 > On Aug 8, 2016, at 4:45 AM, Jerome Eichler <jer...@eichler.org> wrote: > > Dear all, > > although there are few blogs on the web regarding this matter my problem cannot be resolved following them. > > My setup: > XenServer 7.0 with 2 NICs onboard. NIC1 (eth1) is connected to my Juniper switch (EX-4200-48T). At this Juniper-Port all traffic in my network is being mirrored to. > > What I want to do: > Forward all that traffic from eth1 to my VM's interface. I assigned the interface eth1 to the vm as secondary interface. > > In XenServer itself I also put all the network interfaces (physical ones as well as the virtual ones) to promisc mode. > Following this blog article: http://blog.manula.org/2014/02/port-mirroring-with-openvswitch.html I configured OVS to mirror all that traffic from eth1 to vif1.1 (which is the virtual interface of the physical interface eth1 inside the VM) > > +++ > ovs-vsctl -- set Bridge xenbr1 mirrors=@m -- --id=@eth1 get Port eth1 -- --id=@vif1.1 get Port vif1.1 -- --id=@m create Mirror name=mirror1 select-dst-port=@eth1 select-src-port=@eth1 output-port=@vif1.1 > +++ > > Then I am able to see some traffic on eth1 in my VM. But it seems to be not all traffic. > I am using pmacct to collect data, this data is being stored to a mysql database and from there being handled further by own scripts. > > I did a download of a 10GB file. So I should see 10GB downloaded, but I only see around 400MB. > > When starting pmacct on the xenserver host itself, I see the whole 10GB thing. So I assume that not all traffic is forwarded from eth1 to vif1.1? What am I doing wrong? Anybody here that can help? I'm not familiar with pmacct, but a quick look at the documentation makes it look like by default it captures 4KB per packet. It could also be dropping packets. There are a lot of variables here. You may want to check the interface statistics in both the guest and dom0 to make sure those are right. --Justin _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
