Port mirroring on FreeBSD
hiren panchasara
hiren.panchasara at gmail.com
Fri Jan 24 07:56:29 UTC 2014
On Sat, Jan 18, 2014 at 8:29 AM, Luigi Rizzo <rizzo at iet.unipi.it> wrote:
>
>
>
> On Fri, Jan 17, 2014 at 10:58 PM, hiren panchasara
> <hiren.panchasara at gmail.com> wrote:
>>
>> I have this weird requirement that I am juggling right now and I
>> wanted to reach out to larger audience:
>>
>> In this box I have 2 dualport ixgbe 10G cards. On ingress, I want to
>> get data off of 2 ports of first 10G card and lagg/lacp them into 1
>> stream of data. But for outgoing, I want to have 2 identical streams
>> of data going out on 2 ports of the second 10G card. (not
>> load-balancing but more of a mirroring).
>>
>> The reason for this is, I need to be able to provide same data to 2
>> different application hosts downstream for monitoring. Something like:
>>
>> http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-mirroring-ex-series.html
>>
>> I believe a regular switch might be perfect but for I could not find
>> anything simple in FreeBSD to do that.
>>
>> Luigi: Can netmap/vale be helpful here?
>
>
> for this and other custom applications what I would
> do is build a userspace application that puts the nics in
> netmap mode and does the necessary juggling.
What I am thinking right now is: open all 4 (2 ingress and 2 egress)
ports in netmap
and then copy each packet from both ingress ports to both of the
egress ports via netmap.
I see some packet move/copy code between 2 ports in tools bridge
example. I am thinking of
tweaking that right now.
Should that work?
Also, initially I thought of trunking 2 ingress ports via lagg(4) but
then I don't think I can
open that lagged interface into netmap so I dropped that idea.
cheers,
Hiren
>
> Note that since the host is going to be the performance bottleneck,
> you can probably do the same with just bpf without too much
> impact on performance (and some advantage since you do not
> need to handle the input traffic; at least, if i understand
> your description the monitor does not need to see a
> replica of the incoming traffic).
>
> Some time ago the answer to this type of questions used to be
> "use netgraph". Maybe it is also a valid option but i do not
> know if there are modules that suit your need.
>
> cheers
> luigi
More information about the freebsd-net
mailing list