[ovs-discuss] openvswitch mirror output to kvm vm interface - loose access to vm

Maverick Fri, 02 Sep 2022 08:17:14 -0700

Hi,





 I'm experiencing an issue with port mirror with openvswich and kvm/libvirt.

I want to mirror the traffic of the host and some VMs to PFSENSE VMwhere i will run suricata.

After creating the mirror and setting the PFSENSE VM lan vnet portas output port of the mirror i loose access to the VM.




 ---------------------



 ovs-vsctl show

 5d07c0d4-e067-4155-beb9-7e4cad501bbe

     Bridge br0

         Port bond0

             Interface eno2

                 type: system

             Interface eno1

                 type: system

         Port vnet4

             trunks: [2, 3, 4]

             Interface vnet4

         Port vnet8

             Interface vnet8

         Port vlan3

             tag: 3

             Interface vlan3

                 type: internal

         Port vnet7

             tag: 3

             Interface vnet7

         Port vlan2

             tag: 2

             Interface vlan2

                 type: internal

         Port vnet5

             trunks: [2, 3, 4]

             Interface vnet5

         Port br0

             Interface br0

                 type: internal

         Port vnet0

             Interface vnet0

         Port vlan4

             tag: 4

             Interface vlan4

                 type: internal

         Port vnet6

             Interface vnet6

     ovs_version: "2.17.0"



 ----------------



 HOST - OS: Fedora 36 (x86_64)

 HOST - lan interface/port: bond0

 PFSENSE VM - lan interface/port: vnet6

 OTHER VM - lan interface/port: vnet0



 -----------------



 CREATE MIRROR:

ovs-vsctl -- set Bridge br0 mirrors=@m -- --id=@bond0 get Port bond0-- --id=@vnet0 get Port vnet0 -- --id=@vnet6 get Port vnet6 ----id=@m create Mirror name=pfsmirror select-dst-port=@vnet0,@bond0select-src-port=@vnet0,@bond0 output-port=@vnet6


 e0b2ffe3-ccec-4992-b3df-3d43d2f99bd4



 ovs-vsctl list mirror

 _uuid               : e0b2ffe3-ccec-4992-b3df-3d43d2f99bd4

 external_ids        : {}

 name                : pfsmirror

 output_port         : ee1285e9-2fa8-49da-aa4d-b94fe3fe486d

 output_vlan         : []

 select_all          : false

select_dst_port : [2dd135eb-a9e4-4ecb-8c9b-3e68b779b490,c52564b9-0511-44ff-9315-c4b2ecbd3d6b]

select_src_port : [2dd135eb-a9e4-4ecb-8c9b-3e68b779b490,c52564b9-0511-44ff-9315-c4b2ecbd3d6b]


 select_vlan         : []

 snaplen             : []

 statistics          : {tx_bytes=505861, tx_packets=3538}



 -----------------

Anyone has any idea what might be wrong? Not sure if problem onopenvswitch or qemu/libvirt.

I tried also setting a 2nd interface on the PFSENSE VM and use that2nd interface as output of the mirror, so like this i don't looseaccess to the PFSENSE VM, but when i run a tcpdump inside PFSENSE onthat interface i don't see any traffic.

Though if i run tcpdump on the mirror output interface but on thekvm host, i can see the traffic from other VM.




 Best regards.

_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] openvswitch mirror output to kvm vm interface - loose access to vm

Reply via email to