端口镜像

时间:2020-05-22
本文章向大家介绍端口镜像,主要包括端口镜像使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

 

 

ovs-vsctl add-port br0 tap1 -- set interface tap1 type=internal
ovs-vsctl add-port br0 tap2 -- set interface tap2 type=internal
ovs-vsctl add-port br0 tap3 -- set interface tap3 type=internal
ip netns add ns1
ip netns add ns2
ip netns add ns3
ip link set dev tap1 netns ns1
ip link set dev tap2 netns ns2
ip link set dev tap3 netns ns3
ip netns exec ns1 ip addr add 10.10.10.11/24 dev tap1
ip netns exec ns1 ip link set up tap1
ip netns exec ns2 ip addr add 10.10.10.12/24 dev tap2
ip netns exec ns2 ip link set up tap2
ip netns exec ns3 ip link set up tap3
ovs-vsctl -- --id=@tap1 get port tap1  \
          -- --id=@tap3 get port tap3  \
          -- --id=@m create mirror name=m0 select_dst_port=@tap1 output_port=@tap3 \
          -- set bridge br0 mirrors=@m

 

[root@bogon ~]# ip netns exec ns1 ping 10.10.10.12 -c 2
PING 10.10.10.12 (10.10.10.12) 56(84) bytes of data.
64 bytes from 10.10.10.12: icmp_seq=1 ttl=64 time=0.702 ms
64 bytes from 10.10.10.12: icmp_seq=2 ttl=64 time=0.070 ms

--- 10.10.10.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1028ms
rtt min/avg/max/mdev = 0.070/0.386/0.702/0.316 ms
[root@bogon ~]# 
[root@bogon ~]# ip netns exec ns3 tcpdump -i tap3 -e -nn icmp or arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap3, link-type EN10MB (Ethernet), capture size 262144 bytes
17:39:57.346895 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype ARP (0x0806), length 42: Reply 10.10.10.12 is-at 2e:c2:ed:62:84:34, length 28
17:39:57.347178 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype IPv4 (0x0800), length 98: 10.10.10.12 > 10.10.10.11: ICMP echo reply, id 10779, seq 1, length 64
17:39:58.384556 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype IPv4 (0x0800), length 98: 10.10.10.12 > 10.10.10.11: ICMP echo reply, id 10779, seq 2, length 64
17:40:02.384860 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype ARP (0x0806), length 42: Request who-has 10.10.10.11 tell 10.10.10.12, length 28
17:45:02.966908 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype IPv4 (0x0800), length 98: 10.10.10.12 > 10.10.10.11: ICMP echo reply, id 13276, seq 1, length 64
17:45:03.994538 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype IPv4 (0x0800), length 98: 10.10.10.12 > 10.10.10.11: ICMP echo reply, id 13276, seq 2, length 64
17:45:07.984762 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype ARP (0x0806), length 42: Request who-has 10.10.10.11 tell 10.10.10.12, length 28
17:45:07.984781 2e:c2:ed:62:84:34 > 9a:8f:47:8a:7d:76, ethertype ARP (0x0806), length 42: Reply 10.10.10.12 is-at 2e:c2:ed:62:84:34, length 28

 

$flag 上一页 下一页