David,
So I assume the customer is in an isolated network between the VR and their VMs? If so, just SPAN that vlan to another port on your switch and tap it there. ________________________________ From: David Merrill <[email protected]> Sent: Friday, September 28, 2018 2:01 PM To: [email protected] Subject: Re: TAP/SPAN... XenServer 6.5 Thanks, David David Merrill Senior Systems Engineer, Managed and Private/Hybrid Cloud Services OTELCO 92 Oak Street, Portland ME 04101 office 207.772.5678 <callto:207.772.5678> www.otelco.com<http://www.otelco.com> <http://www.otelco.com>/business/managed-services Confidentiality Message The information contained in this e-mail transmission may be confidential and legally privileged. If you are not the intended recipient, you are notified that any dissemination, distribution, copying or other use of this information, including attachments, is prohibited. If you received this message in error, please call me at 207.772.5678 <callto:207.772.5678> so this error can be corrected. On 9/28/18, 2:54 PM, "Simon Weller" <[email protected]> wrote: What hypervisor are you using? If you're using KVM, you could add a vlan VIF into the bridge in question and then dump that traffic somewhere via a replicated span on your switch. - Si ________________________________ From: David Merrill <[email protected]> Sent: Friday, September 28, 2018 1:47 PM To: [email protected] Subject: TAP/SPAN... We’ve got a client who would like to ship a copy of all packets that pass through their virtual router to an appliance (that we’d place on their VLAN). I’ve searched a bit (I’d hoped to see some mention of it in the users list) and haven’t found specific references to TAP/SPAN related to CloudStack, is there a convention for such things? I’m a (tiny) little out of my depth, is this the kind of thing that I might find (if it existed) here: * http://docs.cloudstack.apache.org/en/4.11.1.0/adminguide/networking.html?highlight=network%20service%20providers At the very least is something like this (a kind of roll-your-own SPAN) possible on the virtual router? * https://networkhop.wordpress.com/2016/04/27/port-mirroring-with-iptables/ I wish this had come up at the collab in Montreal (having JUST been there earlier this week), but so it goes. Thanks for any consideration/feedback, David David Merrill Senior Systems Engineer, Managed and Private/Hybrid Cloud Services OTELCO 92 Oak Street, Portland ME 04101 office 207.772.5678<callto:207.772.5678> www.otelco.com<http://www.otelco.com>/business/managed-services Confidentiality Message The information contained in this e-mail transmission may be confidential and legally privileged. If you are not the intended recipient, you are notified that any dissemination, distribution, copying or other use of this information, including attachments, is prohibited. If you received this message in error, please call me at 207.772.5678<callto:207.772.5678> so this error can be corrected.
