Hello- I'm trying to mirror traffic using a GRE tunnel between two OVS instances running on separate servers that are trunked via a managed physical switch, but doing so results in a network loop. My goal is to mirror traffic to/from VMs on one server to a target VM on the other server.
The two servers each have two NICs, eth0 and eth1. eth0 is connected to a separate switch that allows for cluster management, and has an IP address. eth1 is connected to a managed switch port configured for trunking, doesn't have an IP address assigned, and is added to the OVS bridge so OVS VLANs are extended across both servers via the trunk. I have two VMs, X and Y, running on server A, and one VM, Z, running on server B. I want to mirror packets between VMs X and Y to VM Z. The way I'm attempting to do this now is as follows: VMs X and Y have ports tapX and tapY on the OVS switch on Server A tagged with VLAN 101, and can ping each other. VM Z has port tapZ on the OVS switch on Server B tagged with VLAN 201. Server A and Server B have an addressed internal port on their OVS switch tagged with VLAN 301 so each host can talk to each other over the trunk. Server B has a GRE port and OpenFlow rule configured as follows: ovs-vsctl add-port br0 gre0 \ -- set interface gre0 type=gre options:remote_ip=flow options:key=1234567890 ovs-ofctl add-flow br0 "in_port=gre0 actions=tapZ" Server A has a GRE port and mirror configured as follows: ovs-vsctl add-port br0 gre0 \ -- set interface gre0 type=gre options:remote_ip=<Server B IP> options:key=1234567890 ovs-vsctl \ -- --id=@p0 get port tapX \ -- --id=@p1 get port tapY \ -- --id=@g0 get port gre0 \ -- --id=@m create mirror name=m0 select-dst-port@p0,@p1 output-port=@g0 \ -- set bridge br0 mirrors=@m The GRE tunnels can be up and no loop seems to be present because VMs X and Y can continue to ping each other. As soon as I create the mirror on Server A, I can see the pings via tcpdump on VM Z, so the mirror and OpenFlow configs are working, but the pings between VMs X and Y begin to degrade and eventually stop. As soon as I clear the mirror on Server A the pings start up again. My rationale behind using the OpenFlow rule on Server B was to try and avoid the mirrored packets coming in over the GRE tunnel from being flooded to all the ports on the bridge, especially the trunked eth1 port. My rationale for being selective about what source ports are mirrored on Server A was similar, in that I was trying to avoid any mirrored packets showing up on the trunked eth1 port from being sent into the GRE tunnel again. Any ideas why I'm still getting a network loop? I'm sure it's something obvious and I'm just being an idiot, but I'm currently at a loss. Please advise. Thanks in advance! -V/R, Bryan _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss