Port mirroring outside traffic into a VM?
I have a network traffic monitor that is on a physical machine right now. It has two network interfaces: one with an IP on a regular switch port, and one without an IP on a switch port that is the target of a port mirror/monitor session for the desired VLAN. I'd like to move this system to an oVirt VM (I'm running 3.5.1). Is this the right way to go about it (and still have the VM migratable)? - I have several hosts with extra network interfaces; pick at least a couple, connect them to switch ports that are configured for mirror/monitor session. - In oVirt admin console, choose the Networks tab, click New. Give the network a name (like "monitor"), leave VLAN tagging de-selected and VM Network selected. Under the Cluster section, de-select Required (because the mirror won't go to all hosts). Click OK to create. - Click on the network, select the vNIC Profiles tab, edit the default profile and select Port Mirroring. - Go to the Hosts tab. For each host with a port mirror, click on the host, then choose the Network Interfaces tab and Setup Host Networks. Drag the new network to its attached port, click the pencil, and set Boot Protocol to None. - Go to the Virtual Machines tab. Click on the VM, choose the Network Interfaces tab, and click New. Choose the monitor network in the Profile. -- Chris Adams <cma@cmadams.net>
Hi Chris, If I understand you correctly you are trying to replace the physical device mirroring with VM? If this is the case I don't think it's possible to do it with port mirroring oVIRT feature. The existing oVIRT port mirroing feature is for mirroring traffic between VM devices for specific Network. So if you have 3 VMs with network <X> you can monitor on 1 VM that specific network that is used between 2 other VMs. Thanks, Genadi ----- Original Message ----- From: "Chris Adams" <cma@cmadams.net> To: users@ovirt.org Sent: Friday, February 13, 2015 10:14:20 PM Subject: [ovirt-users] Port mirroring outside traffic into a VM? I have a network traffic monitor that is on a physical machine right now. It has two network interfaces: one with an IP on a regular switch port, and one without an IP on a switch port that is the target of a port mirror/monitor session for the desired VLAN. I'd like to move this system to an oVirt VM (I'm running 3.5.1). Is this the right way to go about it (and still have the VM migratable)? - I have several hosts with extra network interfaces; pick at least a couple, connect them to switch ports that are configured for mirror/monitor session. - In oVirt admin console, choose the Networks tab, click New. Give the network a name (like "monitor"), leave VLAN tagging de-selected and VM Network selected. Under the Cluster section, de-select Required (because the mirror won't go to all hosts). Click OK to create. - Click on the network, select the vNIC Profiles tab, edit the default profile and select Port Mirroring. - Go to the Hosts tab. For each host with a port mirror, click on the host, then choose the Network Interfaces tab and Setup Host Networks. Drag the new network to its attached port, click the pencil, and set Boot Protocol to None. - Go to the Virtual Machines tab. Click on the VM, choose the Network Interfaces tab, and click New. Choose the monitor network in the Profile. -- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Once upon a time, Genadi Chereshnya <gcheresh@redhat.com> said:
If I understand you correctly you are trying to replace the physical device mirroring with VM?
Yes, that is correct.
If this is the case I don't think it's possible to do it with port mirroring oVIRT feature. The existing oVIRT port mirroing feature is for mirroring traffic between VM devices for specific Network. So if you have 3 VMs with network <X> you can monitor on 1 VM that specific network that is used between 2 other VMs.
Ah, I see. Is there a way to get an external network interface (that happens to be a target of an external switch's port mirror/monitor session) to pass through to a VM? A way that still allows for live migration would be best of course, but even without that would be a start. Thanks. -- Chris Adams <cma@cmadams.net>
On Sun, Feb 15, 2015 at 01:11:20PM -0600, Chris Adams wrote:
Once upon a time, Genadi Chereshnya <gcheresh@redhat.com> said:
If I understand you correctly you are trying to replace the physical device mirroring with VM?
Yes, that is correct.
If this is the case I don't think it's possible to do it with port mirroring oVIRT feature. The existing oVIRT port mirroing feature is for mirroring traffic between VM devices for specific Network. So if you have 3 VMs with network <X> you can monitor on 1 VM that specific network that is used between 2 other VMs.
Ah, I see.
Is there a way to get an external network interface (that happens to be a target of an external switch's port mirror/monitor session) to pass through to a VM? A way that still allows for live migration would be best of course, but even without that would be a start.
We plan to support passthrough natively in ovirt-3.6. Until then, you need to do this yourself, with the help of vdsm hooks. http://libvirt.org/formatdomain.html#elementsNICS
participants (3)
-
Chris Adams -
Dan Kenigsberg -
Genadi Chereshnya