Port mirror (span): Difference between revisions
Line 23: | Line 23: | ||
Everytime a device goes up or down a script will be run if it exists and is executable | Everytime a device goes up or down a script will be run if it exists and is executable | ||
#/etc/sysconfig/network-scripts/ifup-aliases: | #/etc/sysconfig/network-scripts/ifup-aliases: | ||
if [ -x /sbin/ifup-local ]; then | if [ -x /sbin/ifup-local ]; then | ||
/sbin/ifup-local ${DEVICE} | /sbin/ifup-local ${DEVICE} | ||
#/etc/sysconfig/network-scripts/ifup-post: | #/etc/sysconfig/network-scripts/ifup-post: | ||
if [ -x /sbin/ifup-local ]; then | if [ -x /sbin/ifup-local ]; then | ||
/sbin/ifup-local ${DEVICE} | /sbin/ifup-local ${DEVICE} | ||
#/etc/sysconfig/network-scripts/ifdown-post | #/etc/sysconfig/network-scripts/ifdown-post | ||
if [ -x /sbin/ifdown-local ]; then | if [ -x /sbin/ifdown-local ]; then | ||
/sbin/ifdown-local ${DEVICE} | /sbin/ifdown-local ${DEVICE} |
Revision as of 00:55, 25 April 2013
To a VIRT (KVM)
I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast.
FIX use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces (act as a hub)
<source>
#Bridge Interface: br2 brctl setageing br2 0 brctl setfd br2 0
</source>
- Sadly you cannot set these in the ifcfg-br# configs.
persistence
* run a startup script automatically after a network interface is up on CentOS * This is the /sbin/ifup-local method
Everytime a device goes up or down a script will be run if it exists and is executable
#/etc/sysconfig/network-scripts/ifup-aliases: if [ -x /sbin/ifup-local ]; then /sbin/ifup-local ${DEVICE}
#/etc/sysconfig/network-scripts/ifup-post: if [ -x /sbin/ifup-local ]; then /sbin/ifup-local ${DEVICE}
#/etc/sysconfig/network-scripts/ifdown-post if [ -x /sbin/ifdown-local ]; then /sbin/ifdown-local ${DEVICE}
<source>
sudo emacs /sbin/ifup-local
</source> <source> if "$1" == "br0" then
brctl setageing br2 0 ## or you can use the variable. I'm just paranoid and only want br2 to use this setting # brctl setageing $1 0 # add any other commands here..
else
# do nothing.. or something?
fi </source> <source>
sudo chmod +x /sbin/ifup-local
</source>