玩转Openvwitch第四站：Bridge和Mirror

以下内容已屏蔽图片优化访问速度
Mirror的数据表结构如下： [IMG] Mirror就是配置一个bridge，将某些包发给指定的mirrored ports 对于包的选择： select_all，所有的包 select_dst_port select_src_port select_vlan 对于指定的目的： output_port (SPAN Switched Port ANalyzer) output_vlan (RSPAN Remote Switched Port ANalyzer) SPAN Source (SPAN) port -A port that is monitored with use of the SPAN feature. Destination (SPAN) port -A port that monitors source ports, usually where a network analyzer is connected. [IMG] RSPAN 被监控的流量不是发送到一个指定的端口，而是Flood给指定的VLAN 监听的端口不一定要在本地switch上，可以在指定的VLAN的任意switch上 S1 is a source switch S2 and S3 are intermediate switches S4 and S5 are destination switches. learning is disabled to enable flooding [IMG] 我们来测试Mirror的SPAN和RSPAN [IMG] [IMG] 创建拓扑结构 ovs-vsctl add-br helloworld ip link add first_br type veth peer name first_if ip link add second_br type veth peer name second_if ip link add third_br type veth peer name third_if ovs-vsctl add-port ubuntu_br first_br ovs-vsctl add-port ubuntu_br second_br -- set Port second_br tag=110 ovs-vsctl add-port helloworld second_if -- set Port second_if tag=110 ovs-vsctl add-port helloworld third_br -- set Port third_br tag=110 [IMG] 在first_br上面mirror所有进出vnet0的包 ovs-vsctl -- set bridge ubuntu_br mirrors=@m -- --id=@vnet0 get Port vnet0 -- --id=@first_br get Port first_br -- --id=@m create Mirror name=mirrorvnet0 select-dst-port=@vnet0 select-src-port=@vnet0 output-port=@first_br 监听first_if，并且从instance01里面ping 192.168.100.102 [IMG] 对进入vnet1的所有进出包，然而ouput到一个vlan 110 ovs-vsctl -- set bridge ubuntu_br mirrors=@m -- --id=@vnet1 get Port vnet1 -- --id=@m create Mirror name=mirrorvnet1 select-dst-port=@vnet1 select-src-port=@vnet1 output-vlan=110 在helloworld中也要配置从110来的，都output到vlan 110 ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@m create Mirror name=mirrorvlan select-vlan=110 output-vlan=110 Disable mac address learning for vlan 110 ovs-vsctl set bridge ubuntu_br flood-vlans=110 ovs-vsctl set bridge helloworld flood-vlans=110 监听third_if，并且从instance02里面ping 192.168.100.102 [IMG] 删除Mirror 查看ubuntu_br ovs-vsctl list bridge ubuntu_br 清除里面的mirrors ovs-vsctl clear Bridge ubuntu_br mirrors 清除flood_vlans ovs-vsctl clear Bridge ubuntu_br flood_vlans 查看所有的Mirror ovs-vsctl list Mirror ovs-vsctl clear Bridge helloworld mirrors ovs-vsctl clear Bridge helloworld flood_vlans

以下内容已屏蔽图片优化访问速度

Mirror的数据表结构如下：

[IMG]

Mirror就是配置一个bridge，将某些包发给指定的mirrored ports

对于包的选择：
select_all，所有的包
select_dst_port
select_src_port
select_vlan

对于指定的目的：
output_port (SPAN Switched Port ANalyzer)
output_vlan (RSPAN Remote Switched Port ANalyzer)

SPAN
Source (SPAN) port -A port that is monitored with use of the SPAN feature.
Destination (SPAN) port -A port that monitors source ports, usually where a network analyzer is connected.

[IMG]

RSPAN
被监控的流量不是发送到一个指定的端口，而是Flood给指定的VLAN
监听的端口不一定要在本地switch上，可以在指定的VLAN的任意switch上
S1 is a source switch
S2 and S3 are intermediate switches
S4 and S5 are destination switches.
learning is disabled to enable flooding

[IMG]

我们来测试Mirror的SPAN和RSPAN

[IMG]

[IMG]

创建拓扑结构

ovs-vsctl add-br helloworld

ip link add first_br type veth peer name first_if
ip link add second_br type veth peer name second_if
ip link add third_br type veth peer name third_if

ovs-vsctl add-port ubuntu_br first_br
ovs-vsctl add-port ubuntu_br second_br -- set Port second_br tag=110
ovs-vsctl add-port helloworld second_if -- set Port second_if tag=110
ovs-vsctl add-port helloworld third_br -- set Port third_br tag=110

[IMG]

在first_br上面mirror所有进出vnet0的包

ovs-vsctl -- set bridge ubuntu_br mirrors=@m -- --id=@vnet0 get Port vnet0 -- --id=@first_br get Port first_br -- --id=@m create Mirror name=mirrorvnet0 select-dst-port=@vnet0 select-src-port=@vnet0 output-port=@first_br

监听first_if，并且从instance01里面ping 192.168.100.102

[IMG]

对进入vnet1的所有进出包，然而ouput到一个vlan 110

ovs-vsctl -- set bridge ubuntu_br mirrors=@m -- --id=@vnet1 get Port vnet1 -- --id=@m create Mirror name=mirrorvnet1 select-dst-port=@vnet1 select-src-port=@vnet1 output-vlan=110

在helloworld中也要配置从110来的，都output到vlan 110

ovs-vsctl -- set bridge helloworld mirrors=@m -- --id=@m create Mirror name=mirrorvlan select-vlan=110 output-vlan=110

Disable mac address learning for vlan 110

ovs-vsctl set bridge ubuntu_br flood-vlans=110
ovs-vsctl set bridge helloworld flood-vlans=110

监听third_if，并且从instance02里面ping 192.168.100.102

[IMG]

删除Mirror

查看ubuntu_br
ovs-vsctl list bridge ubuntu_br
清除里面的mirrors
ovs-vsctl clear Bridge ubuntu_br mirrors
清除flood_vlans
ovs-vsctl clear Bridge ubuntu_br flood_vlans
查看所有的Mirror
ovs-vsctl list Mirror
ovs-vsctl clear Bridge helloworld mirrors
ovs-vsctl clear Bridge helloworld flood_vlans

分类推荐
金错刀X诺贝尔奖得主X巴勒斯坦首富X犹太教领袖X创业教父9天8夜考察以色列“二十”大爆品，探索犹太商道的逻辑	金立最大危机，不是创始人沉迷赌博，是人格破产！	他纵横华尔街42年，总结4条致命铁律：99%人看不懂第3条，99%公司毁在第4条	面试时这样介绍自己的项目经验，成功率能达到98.99%	最近很火的一张图：