Port mirroring on FreeBSD

[Adrian Chadd]

On 18 January 2014 08:29, Luigi Rizzo <rizzo at iet.unipi.it> wrote:
> On Fri, Jan 17, 2014 at 10:58 PM, hiren panchasara <
> hiren.panchasara at gmail.com> wrote:
>
>> I have this weird requirement that I am juggling right now and I
>> wanted to reach out to larger audience:
>>
>> In this box I have 2 dualport ixgbe 10G cards. On ingress, I want to
>> get data off of 2 ports of first 10G card and lagg/lacp them into 1
>> stream of data. But for outgoing, I want to have 2 identical streams
>> of data going out on 2 ports of the second 10G card. (not
>> load-balancing but more of a mirroring).
>>
>> The reason for this is, I need to be able to provide same data to 2
>> different application hosts downstream for monitoring. Something like:
>>
>> http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-mirroring-ex-series.html
>>
>> I believe a regular switch might be perfect but for I could not find
>> anything simple in FreeBSD to do that.
>>
>> Luigi: Can netmap/vale be helpful here?
>>
>
> for this and other custom applications what I would
> do is build a userspace application that puts the nics in
> netmap mode and does the necessary juggling.
>
> Note that since the host is going to be the performance bottleneck,
> you can probably do the same with just bpf without too much
> impact on performance (and some advantage since you do not
> need to handle the input traffic; at least, if i understand
> your description the monitor does not need to see a
> replica of the incoming traffic).
>
> Some time ago the answer to this type of questions used to be
> "use netgraph". Maybe it is also a valid option but i do not
> know if there are modules that suit your need.

part of me wonders whether having a netgraph style system for gluing
together netmap things but in userland would be useful.


-a