OpenVswitch端口流量镜像

作者: 圣地亚哥_SVIP | 来源:发表于2019-12-11 14:30 被阅读0次

ovs中无法直接抓包分析，可以通过端口流量镜像的方式进行抓包

端口流量镜像主要分为两步：

创建mirror，指定mirror中的源端口，目的端口
绑定mirror至bridge

创建mirror

指定mirror名称，name={name}
指定流量：
select-all: true，表示此bridge上的所有流量;
select-dst-port: 镜像从此port离开的流量;
select-src-port: 镜像从此port进入的流量;
select-vlan: 镜像此VLAN下的数据流量。
指定镜像目的端口:
output-port: 流量镜像至此端口;
output-vlan: 流量镜像至指定vlan，镜像至指定VLAN时，原始tag会被剥离。

设置mirror作用于指定bridge

#ovs-vsctl set bridge {bridge} mirrors={mirror_name}

清除mirror

#ovs-vsctl -- --id=@rec get Mirror {mirror_name} \
-- remove Bridge br0 mirrors @rec
或
#ovs-vsctl clear bridge {bridge} mirrors

测试结构

#ovs-vsctl add-br mtest

#ip netns add test1
#ip netns add test2
#ip netns add test3

#ovs-vsctl add-port mtest p1 -- set interface p1 type=internal
#ovs-vsctl add-port mtest p2 -- set interface p2 type=internal
#ovs-vsctl add-port mtest p3 -- set interface p3 type=internal

#ip link set dev p1 netns test1
#ip link set dev p2 netns test2
#ip link set dev p3 netns test3

#ip netns exec test1 ip addr add 192.168.10.11/24 dev p1
#ip netns exec test2 ip addr add 192.168.10.12/24 dev p2

#ip netns exec test1 ip link set up p1
#ip netns exec test2 ip link set up p2
#ip netns exec test3 ip link set up p3

ovs-vsctl set port p1 tag=10
ovs-vsctl set port p2 tag=10

场景1

拓扑模型如下：

mirror_span.png

p1 ping p2，镜像目的端口为p2的流量至p3。

镜像：

#ovs-vsctl -- --id=@p2 get port p2 \
-- --id=@p3 get port p3 \
-- --id=@m create mirror name=m0 select-dst-port=@p2 output-port=@p3 \
-- set bridge mtest mirrors=@m

# ovs-vsctl list mirror
_uuid               : 6ab7af81-ffb6-4191-8310-fa03b21874ac
external_ids        : {}
name                : "m0"
output_port         : a68d1a6e-5cc8-4560-9131-8cae6104a858
output_vlan         : []
select_all          : false
select_dst_port     : [c4516976-e1c5-4af2-80a8-7388d28635ff]
select_src_port     : []
select_vlan         : []
statistics          : {tx_bytes=0, tx_packets=0}

ping:

#ip netns exec test1 ping 192.168.10.12

tcpdump:

# ip netns exec test3 tcpdump -ni p3 -v -e  
tcpdump: WARNING: p3: no IPv4 address assigned
tcpdump: listening on p3, link-type EN10MB (Ethernet), capture size 65535 bytes
15:08:33.265759 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 20468, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 5034, seq 5, length 64
15:08:34.265730 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 20469, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 5034, seq 6, length 64
15:08:34.276974 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.11 is-at 06:7c:a0:69:97:f2, length 28
15:08:35.265745 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 20470, offset 0, flags [DF], proto ICMP (1), length 84)

场景2，镜像VLAN流量

清理mirror:

#ovs-vsctl clear bridge mtest mirror

设置mirror：

#ovs-vsctl -- --id=@p3 get port p3 \
-- --id=@m create mirror name=m0 select-all=true select-vlan=10 output-port=@p3 \
-- set bridge mtest mirrors=@m

# ip netns exec test3 tcpdump -ni p3 -v -e  icmp or arp
tcpdump: WARNING: p3: no IPv4 address assigned
tcpdump: listening on p3, link-type EN10MB (Ethernet), capture size 65535 bytes
15:11:13.122744 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 20498, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 5089, seq 23, length 64
15:11:13.122769 c6:94:59:4b:7a:34 > 06:7c:a0:69:97:f2, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 50262, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.12 > 192.168.10.11: ICMP echo reply, id 5089, seq 23, length 64
15:11:14.122704 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 20499, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 5089, seq 24, length 64
15:11:14.122741 c6:94:59:4b:7a:34 > 06:7c:a0:69:97:f2, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 50263, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.12 > 192.168.10.11: ICMP echo reply, id 5089, seq 24, length 64

场景3，RSPAN(远程端口镜像)

拓扑模型如下：

mirror_rspan.png

添加ovs bridge：

#ovs-vsctl add-br mspan
#ip netns add test4
#ovs-vsctl add-port mspan p4 -- set interface p4 type=internal -- set port p4 tag=200
#ip link set dev p4 netns test4
#ip netns exec test4 ip link set up p4

patch口：

#ovs-vsctl \
-- add-port mtest mpatch0 \
-- set interface mpatch0 type=patch options:peer=mpatch1 \
-- add-port mspan mpatch1 \
-- set interface mpatch1 type=patch options:peer=mpatch0

设置mirror:

需要将p1或p2口的数据，镜像至vlan 20

#ovs-vsctl -- --id=@p1 get port p1 \
-- --id=@m create mirror name=m0 select-src-port=@p1 output-vlan=200 \
-- set bridge mtest mirrors=@m

在mspan上，将VLAN 22的流量镜像至p4口

#ovs-vsctl -- --id=@p4 get port p4 \
-- --id=@m create mirror name=m1 select-all=true select-vlan=200 output-port=@p4 \
-- set bridge mspan mirrors=@m


# ovs-vsctl list mirror
_uuid               : 46ef8c49-a242-4558-8035-fd7aae88f3e3
external_ids        : {}
name                : "m0"
output_port         : []
output_vlan         : 200
select_all          : false
select_dst_port     : []
select_src_port     : [985b0e1d-8cf6-486c-b7ab-3336cffe0e7a]
select_vlan         : []
statistics          : {tx_bytes=7658, tx_packets=81}

_uuid               : 3a86586a-8fe2-4409-bbd0-31017d1ff564
external_ids        : {}
name                : "m1"
output_port         : []
output_vlan         : []
select_all          : true
select_dst_port     : []
select_src_port     : []
select_vlan         : [200]
statistics          : {tx_bytes=0, tx_packets=0}

抓包测试：

# ip netns exec test1 ping 192.168.10.12
PING 192.168.10.12 (192.168.10.12) 56(84) bytes of data.
64 bytes from 192.168.10.12: icmp_seq=1 ttl=64 time=0.442 ms
64 bytes from 192.168.10.12: icmp_seq=2 ttl=64 time=0.051 ms

# ip netns exec test4 tcpdump -ni p4 -v -e  icmp or arp
tcpdump: WARNING: p4: no IPv4 address assigned
tcpdump: listening on p4, link-type EN10MB (Ethernet), capture size 65535 bytes
16:30:40.649825 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 20855, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 6512, seq 1, length 64
16:30:41.649750 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 20856, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 6512, seq 2, length 64
16:30:42.649747 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 20857, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 6512, seq 3, length 64
16:30:43.649736 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 20858, offset 0, flags [DF], proto ICMP (1), length 84)

场景4, ERSPAN

封装远程端口镜像，ovs中，利用gre隧道路由镜像流量。

HOST1： 172.21.12.8
HOST2： 712.21.12.163

拓扑模型如下：

mirror_erspan.png

HOST1:

#ovs-vsctl add-port mtest lgre0 -- set interface lgre0 type=gre options:remote_ip=172.21.12.163 options:key=0x0010

HOST2:

#ovs-vsctl add-br mtest
#ovs-vsctl add-port mtest ml -- set interface ml type=internal
#ip netns add rmon
#ip link set ml netns rmon
#ip netns exec rmon ip link set up ml
添加vxlan端口：
#ovs-vsctl add-port mtest rgre0 -- set interface rgre0 type=gre options:remote_ip=172.21.12.8 options:key=0x0010

HOST1，添加mirror：

#ovs-vsctl -- --id=@p1 get port p1 \
-- --id=@lgre0 get port lgre0 \
-- --id=@m create mirror name=m0 select-src-port=@p1 output-port=@lgre0 \
-- set bridge mtest mirrors=@m

HOST2，测试：

# ip netns exec rmon tcpdump -ni ml -v -e icmp or arp 
tcpdump: listening on ml, link-type EN10MB (Ethernet), capture size 65535 bytes
15:55:31.571555 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 17776, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 26594, seq 1, length 64
15:55:32.571376 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 17777, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 26594, seq 2, length 64
15:55:33.571340 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 17778, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 26594, seq 3, length 64
15:55:34.571304 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 17779, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.11 > 192.168.10.12: ICMP echo request, id 26594, seq 4, length 64
15:55:35.571292 06:7c:a0:69:97:f2 > c6:94:59:4b:7a:34, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 17780, offset 0, flags [DF], proto ICMP (1), length 84)

OpenVswitch端口流量镜像

测试结构

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读