Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

Chips mirror actions:

PRONTO3290 PRONTO3296 PRONTO3295(TR2)(egress mirror=true)
PRONTO3780 PRONTO3920 PRONTO3922 PRONTO3930 PRONTO3960 PRONTO3965 PRONTO3980 PRONTO3920 PRONTO3924(TD)
 
ES4654 AS4610_54P AS4610_54T AS4610_30P AS4610_30T(Helix4)(egress mirror=true)
 PRONTO5101 PRONTO5401 AS6701_32X N2632XL N2948_6XL AS6712_32X AS5712_54X S4048 ARCTICA4806XP(TD2)
 
AS5812_54T AS5812_54X(TD2P)
 DCS7032Q28 AS7712_32X Z9100 (TH)

Note:egress mirror 只有在egress mirror=true 的机器上才能保证所有的出端口的报文都能mirror正确(也就是说3290(Firebolt3),3296(Triumph2),还有4610这类helix4芯片上支持egress mirror),在其他的机器上的mirror端口的出方向的流量,行为不确定

以下是各类芯片的测试结果:

p3290(Firebolt3):

module    name

 mirror dst traffic test result

multitable

pass

udf/ttp multicast 

pass

push mpls/pop mpls

failed(3290不支持mpls)

egress mode

pass

flow control

pass

l2mpls

failed(3290不支持mpls)

p3297(trumph2):

module    name

 mirror dst traffic test result

multitable 

pass

ttp multicast 

pass

udf/push mpls/pop mpls

pass

egress mode 

pass

flow control 

mirror test pass

l2mpls

pass

as5812_54t(trident2plus):

module    name

 mirror dst traffic test result

multitable 

pass

ttp multicast 

failed

udf/push mpls/pop mpls

pass

egress mode 

pass

flow control 

mirror test pass

l2mpls

failed(mirror口出去的包多了一个vlan4095

vxlan/l2gre/NAT

pass

p6701(trident2):

module    name

 mirror dst traffic test result

multitable 

pass

ttp multicast 

failed

udf/push mpls/pop mpls

pass

egress mode 

pass

flow control 

pass

l2mpls/nat

pass

vxlan/l2gre

failed

p3920(trident+):

module    name

 mirror dst traffic test result

multitable 

pass

ttp multicast 

failed

udf/push mpls/pop mpls

pass

egress mode 

pass

flow control 

pass

l2mpls

pass



4610_54t_b(helix4):

module    name

 mirror dst traffic test result

multitable 

pass

ttp multicast /udf

pass

push mpls/pop mpls

failed(4610不支持mpls)

egress mode 

pass

flow control 

pass

l2mpls

failed(4610不支持l2mpls)

as7712_32x(tomhark):

module    name

 mirror dst traffic test result

multitable 

pass

ttp multicast 

failed

pop mpls/udf

failed(不支持mpls)

egress mode 

pass

flow control /l2mpls/nat/push mpls(ip报文)

pass

vxlan/l2gre

failed

Create One Mirror

ovs-vsctl [--OPTION] -- set bridge <bridge> mirrors=@m -- --id=@<port1> get Port <port1> -- --id=@<port2> get Port <port2> [-- --id=@<port3> get Port <port3>]-- --id=@m create Mirror name=<mirror-name> select-src-port=@<port1>[,@<port3>] select-dst-port=@<port1>[,@<port3>] output-port=@<port2>

PicOS OVS supports mirroring, select-src-port and select-dst-port represent the source ports of mirroring, select-dst-port means some packets (in switch chip) will go-out from the specified port (egress); select-src-port means some packets will enter the specified port (ingress); output_port means the monitor port. PicOS OVS supports up to 4 mirrors.

Before PicOS2.10 ovs only support configure physical port as output_port, from PicOS2.10 ovs also support lag interface as output_port.


Example1:
Add port ge-1/1/1, ge-1/1/2 and ge-1/1/3 to mirror, ge-1/1/1 and ge-1/1/2 as ingress and egress, the output port is ge-1/1/3.

root@PicOS-OVS$ovs-vsctl set bridge br0 mirrors=@m -- --id=@ge-1/1/1 get Port ge-1/1/1 -- --id=@ge-1/1/2 get Port ge-1/1/2 -- --id=@ge-1/1/3 get Port ge-1/1/3 -- --id=@m create Mirror name=mymirror select-src-port=@ge-1/1/1,@ge-1/1/2 select-dst-port=@ge-1/1/1,@ge-1/1/2 output-port=@ge-1/1/3

Example2:
Add port ge-1/1/1, ge-1/1/2 and ae1 to mirror, ge-1/1/1 and ge-1/1/2 as ingress and egress, the output port is ae1.

root@PicOS-OVS$ovs-vsctl set bridge br0 mirrors=@m -- --id=@ge-1/1/1 get Port ge-1/1/1 -- --id=@ge-1/1/2 get Port ge-1/1/2 -- --id=@ae1 get Port ae1 -- --id=@m create Mirror name=mymirror select-src-port=@ge-1/1/1,@ge-1/1/2 select-dst-port=@ge-1/1/1,@ge-1/1/2 output-port=@ae1

 

ovs-vsctl [--OPTION] destroy <table> <record> – clear Bridge <bridge> mirrors

Example:


Delete a mirror named mymirror from mirror table in bridge br0.

admin@PicOS-OVS$ ovs-vsctl destroy Mirror mymirror -- clear Bridge br0 mirrors
or
admin@PicOS-OVS$ ovs-vsctl clear Bridge br0 mirrors

Create Two Mirrors


admin@PicOS-OVS$ovs-vsctl  -- set bridge br-s mirrors=@m,@m1 -- --id=@ge-1/1/1 get Port ge-1/1/1 -- --id=@ge-1/1/3 get Port ge-1/1/3 -- --id=@m create Mirror name=mymirror select-src-port=@ge-1/1/1 output-port=@ge-1/1/3 -- --id=@m1 create Mirror name=mirror1 select-src-port=@ge-1/1/3 output-port=@ge-1/1/1

Add one mirror and monitor port is lag

admin@PicOS-OVS$ovs-vsctl -- add bridge br-s mirrors @m -- --id=@te-1/1/1 get Port te-1/1/1 -- --id=@te-1/1/2 get Port te-1/1/2 -- --id=@ae1 get Port ae1 -- --id=@m create Mirror name=mymirror select-src-port=@te-1/1/1 select-src-port=@te-1/1/2 output-port=@ae1

Delete one mirror

 

 

admin@PicOS-OVS$ovs-vsctl remove bridge br0 mirrors 76fd4479-67e9-4c65-8edb-b99d8706d8f9
  • No labels