Port mirror (span)
Jump to navigation
Jump to search
To a VIRT (KVM)
I wanted to test out some software (ntop, manageengine netflow, prtg, pmacct, etc) using a port mirror on a switch. This required I be able to use the one mirror destination with multiple virts (kvm guests). It was simple enough as configuring the nic on the host OS as a bridge and giving the virts a second ethernet device in that bridge group. The only issue I ran into was that fact I could not see any traffic other than broadcast/multicast.
FIX use brctl setageingtime 0 to ensure no addresses are learned and all packets not destined to the bridge host are forwarded across the interfaces.
<source>
- Bridge Interface: br2
brctl setageing br2 0 brctl setfd br2 0 </source>