Configuring external network traffic with Open vSwitch (RSPAN)

Views:

Configure external network traffic with the Open vSwitch using RSPAN to allow Virtual Network Sensor to monitor data.

Note

The following instructions are valid as of October 2023.

Before you begin, make sure you have prepared a vSwitch.

Procedure

Access Terminal on the host machine.
Verify the name of the network interface you want to configure as the SPAN destination and source.
1. List virtual machines.
  
  virsh list --all
2. Check the name of the network interface for the virtual machines.
  
  virsh domiflist VM-1
3. Repeat for all other virtual machines (VM-2, VM-3, etc.).
Clear mirror settings.

ovs-vsctl clear bridge ovsbr mirrors

Configure SPAN settings.

ovs-vsctl \
     -- set bridge ovsbr mirrors=@m \
     -- --id=@s1 get port eth1 \
     -- --id=@d get port vnet0 \
     -- --id=@m create mirror name=m0 select-dst-port=@s1 select-src-port=@s1 output-port=@d select-all=true select-vlan=17

Note

The example code uses vnet0 as the destination and the physical port eth1 as the source. You can change the port names to suit the needs of your deployment.

Verify mirror settings.

ovs-vsctl -- list bridge

ovs-vsctl -- list mirror