Port mirror (span): Difference between revisions
Jump to navigation
Jump to search
| (3 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast. | I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast. | ||
'''FIX''' use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces | '''FIX''': use '''brctl setageingtime 0''' to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces (act as a hub) | ||
<source> | <source> | ||
#Bridge Interface: br2 | #Bridge Interface: br2 | ||
brctl setageing br2 0 | brctl setageing br2 0 | ||
brctl setfd br2 0 | brctl setfd br2 0 | ||
</source> | </source> | ||
* Sadly you cannot set these in the ifcfg-br# configs. | * Sadly you cannot set these in the ifcfg-br# configs. | ||
https://bugzilla.redhat.com/show_bug.cgi?id=662617 | : https://bugzilla.redhat.com/show_bug.cgi?id=662617 | ||
: http://bugs.centos.org/view.php?id=4675 | |||
=== persistence === | |||
* run a startup script automatically after a network interface is up on CentOS | |||
* This is the '''/sbin/ifup-local''' method | |||
Everytime a device goes up or down a script will be run if it exists and is executable | |||
* this is how the script is called... | |||
#/etc/sysconfig/network-scripts/ifup-aliases: | |||
if [ -x /sbin/ifup-local ]; then | |||
/sbin/ifup-local ${DEVICE} | |||
#/etc/sysconfig/network-scripts/ifup-post: | |||
if [ -x /sbin/ifup-local ]; then | |||
/sbin/ifup-local ${DEVICE} | |||
#/etc/sysconfig/network-scripts/ifdown-post | |||
if [ -x /sbin/ifdown-local ]; then | |||
/sbin/ifdown-local ${DEVICE} | |||
; Create your script | |||
<source> | |||
sudo emacs /sbin/ifup-local | |||
</source> | |||
<source> | |||
if [[ "$1" == "br0" ]] | |||
then | |||
brctl setageing br2 0 | |||
## or you can use the variable. I'm just paranoid and only want br2 to use this setting | |||
# brctl setageing $1 0 | |||
# add any other commands here.. | |||
else | |||
# do nothing.. or something? | |||
fi | |||
</source> | |||
<source> | |||
sudo chmod +x /sbin/ifup-local | |||
</source> | |||
Latest revision as of 00:59, 25 April 2013
To a VIRT (KVM)[edit]
I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast.
FIX: use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces (act as a hub)
<source>
#Bridge Interface: br2 brctl setageing br2 0 brctl setfd br2 0
</source>
- Sadly you cannot set these in the ifcfg-br# configs.
persistence[edit]
* run a startup script automatically after a network interface is up on CentOS * This is the /sbin/ifup-local method
Everytime a device goes up or down a script will be run if it exists and is executable
- this is how the script is called...
#/etc/sysconfig/network-scripts/ifup-aliases:
if [ -x /sbin/ifup-local ]; then
/sbin/ifup-local ${DEVICE}
#/etc/sysconfig/network-scripts/ifup-post:
if [ -x /sbin/ifup-local ]; then
/sbin/ifup-local ${DEVICE}
#/etc/sysconfig/network-scripts/ifdown-post
if [ -x /sbin/ifdown-local ]; then
/sbin/ifdown-local ${DEVICE}
- Create your script
<source>
sudo emacs /sbin/ifup-local
</source> <source> if "$1" == "br0" then
brctl setageing br2 0 ## or you can use the variable. I'm just paranoid and only want br2 to use this setting # brctl setageing $1 0 # add any other commands here..
else
# do nothing.. or something?
fi </source> <source>
sudo chmod +x /sbin/ifup-local
</source>