Port mirror (span): Difference between revisions
Line 4: | Line 4: | ||
I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast. | I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast. | ||
'''FIX''' use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces | '''FIX''' use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces (act as a hub) | ||
<source> | <source> | ||
#Bridge Interface: br2 | #Bridge Interface: br2 | ||
brctl setageing br2 0 | brctl setageing br2 0 | ||
brctl setfd br2 0 | brctl setfd br2 0 | ||
</source> | </source> | ||
* Sadly you cannot set these in the ifcfg-br# configs. | * Sadly you cannot set these in the ifcfg-br# configs. | ||
https://bugzilla.redhat.com/show_bug.cgi?id=662617 | : https://bugzilla.redhat.com/show_bug.cgi?id=662617 | ||
: http://bugs.centos.org/view.php?id=4675 | |||
=== persistence === | |||
* run a startup script automatically after a network interface is up on CentOS | |||
* This is the '''/sbin/ifup-local''' method | |||
Everytime a device goes up or down a script will be run if it exists and is executable | |||
#/etc/sysconfig/network-scripts/ifup-aliases: | |||
if [ -x /sbin/ifup-local ]; then | |||
/sbin/ifup-local ${DEVICE} | |||
#/etc/sysconfig/network-scripts/ifup-post: | |||
if [ -x /sbin/ifup-local ]; then | |||
/sbin/ifup-local ${DEVICE} | |||
#/etc/sysconfig/network-scripts/ifdown-post | |||
if [ -x /sbin/ifdown-local ]; then | |||
/sbin/ifdown-local ${DEVICE} | |||
<source> | |||
sudo emacs /sbin/ifup-local | |||
</source> | |||
<source> | |||
if [[ "$1" == "br0" ]] | |||
then | |||
brctl setageing br2 0 | |||
## or you can use the variable. I'm just paranoid and only want br2 to use this setting | |||
# brctl setageing $1 0 | |||
# add any other commands here.. | |||
else | |||
# do nothing.. or something? | |||
fi | |||
</source> | |||
<source> | |||
sudo chmod +x /sbin/ifup-local | |||
</source> |
Revision as of 00:55, 25 April 2013
To a VIRT (KVM)
I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast.
FIX use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces (act as a hub)
<source>
#Bridge Interface: br2 brctl setageing br2 0 brctl setfd br2 0
</source>
- Sadly you cannot set these in the ifcfg-br# configs.
persistence
* run a startup script automatically after a network interface is up on CentOS * This is the /sbin/ifup-local method
Everytime a device goes up or down a script will be run if it exists and is executable
- /etc/sysconfig/network-scripts/ifup-aliases:
if [ -x /sbin/ifup-local ]; then /sbin/ifup-local ${DEVICE}
- /etc/sysconfig/network-scripts/ifup-post:
if [ -x /sbin/ifup-local ]; then /sbin/ifup-local ${DEVICE}
- /etc/sysconfig/network-scripts/ifdown-post
if [ -x /sbin/ifdown-local ]; then /sbin/ifdown-local ${DEVICE}
<source>
sudo emacs /sbin/ifup-local
</source> <source> if "$1" == "br0" then
brctl setageing br2 0 ## or you can use the variable. I'm just paranoid and only want br2 to use this setting # brctl setageing $1 0 # add any other commands here..
else
# do nothing.. or something?
fi </source> <source>
sudo chmod +x /sbin/ifup-local
</source>