[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Port mirroring and promiscuous mode


  • To: xen-users@xxxxxxxxxxxxx
  • From: "Austin S. Hemmelgarn" <ahferroin7@xxxxxxxxx>
  • Date: Tue, 19 Apr 2016 07:05:23 -0400
  • Delivery-date: Tue, 19 Apr 2016 11:06:56 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

On 2016-04-18 17:51, Simon Hobson wrote:
Austin S. Hemmelgarn <ahferroin7@xxxxxxxxx> wrote:

I can't help much with the OpenVSwitch stuff

Ditto. It's one of those things I keep remembering I want to try out - but only 
remembering when I don't have any time to spend on it :-(

but I can definitely try to help with the explanation of port mirroring versus 
promiscuous mode and the VIF ID bits.

Port mirroring usually refers to monitoring specific ports, and more 
importantly, is done at a relatively high level in the network stack.

I think you have the wrong port there (pun intended).

In this case, it refers to the physical switch port - or virtualised version of 
it in virtual switch. It's done at the lowest level of the network stack (not 
sure if it's layer 1 or 2- definitely below layer 3).
It goes hand in hand with promiscuous mode, as the means to get all those 
network packets to the virtual NIC in the first place.

So typically it goes like this.

You designate a port on the switch as the monitoring port, and connect it to 
the NIC to be used for monitoring. You then configure which other port(s) on 
the switch are to be monitored (the monitored port(s)). All traffic then 
passing through a monitored port is copied out (mirrored) to the monitoring 
port. You now have a network port on the switch which spits out a copy of all 
traffic on the port(s) of interest.

As you correctly say, putting the (virtual) NIC into promiscuous mode allows it 
to receive ethernet frames that weren't directed to it - thus allowing sniffing 
of traffic that wouldn't otherwise ever be sent to that device, or accepted by 
it into the network stack if it were received.

The two go hand in hand - port mirroring is needed to get the packets to the 
NIC, promiscuous mode is needed for the NIC to accept them.
You're right, I misunderstood. I usually deal more with the higher level networking stuff, so the first thing to come to mind for me was replicating traffic to multiple interfaces or targets using firewall rules.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.