实验一: 一对多实验
将1个10G端口的流量镜像至5个端口的配置如下。同样配置方法可应用于更多的端口。
注:Pica8交换机同时支持传统的2-3层协议和OpenFlow协议,本实验中交换机均配置为OpenFlow模式;
首先我们创建一个新的Bridge br0,并将端口1-6添加到br0;
# Add Bridge br0 - for PCAP Replication - 1st Port ############################## # te-1/1/1 is input te-1/1/2, te-1/1/3, te-1/1/4, te-1/1/5, te-1/1/6 are output #------------------------------------------------------------------------------------- $VSCTL add-br br0 -- set bridge br0 datapath_type=pica8 other-config=datapath-id=100 $VSCTL add-port br0 te-1/1/1 -- set interface te-1/1/1 type=pica8 $VSCTL add-port br0 te-1/1/2 -- set interface te-1/1/2 type=pica8 $VSCTL add-port br0 te-1/1/3 -- set interface te-1/1/3 type=pica8 $VSCTL add-port br0 te-1/1/4 -- set interface te-1/1/4 type=pica8 $VSCTL add-port br0 te-1/1/5 -- set interface te-1/1/5 type=pica8 $VSCTL add-port br0 te-1/1/6 -- set interface te-1/1/6 type=pica8
然后我们移除默认的流保证各端口按照新的指令工作;最后我们将镜像流量出端口的ingress流量全部丢弃;
# Remove Default Flow (not treating this as HUB!) ovs-ofctl del-flows br0 # Add replication flow 1 -> 2,3,4,5,6 ovs-ofctl add-flow br0 in_port=1,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=output:2,3,4,5,6
最后我们将镜像流量出端口的ingress流量全部丢弃;
# Drop ingress traffic from mirror ports ovs-ofctl add-flow br0 in_port=2,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br0 in_port=3,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br0 in_port=4,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br0 in_port=5,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br0 in_port=6,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop
实验二:Tap Aggregation实验
在实验一的基础上我们将四个端口的流量bridge到一起,并且mirror至其他端口;
idge br20 - for TAP Span - 1st Port ####################################################################################### # Bridged : te-1/1/21, te-1/1/22, te-1/1/23, te-1/1/24 # Output : te-1/1/25, te-1/1/26, te-1/1/27, te-1/1/28 #------------------------------------------------------------------------------------- $VSCTL add-br br20 -- set bridge br20 datapath_type=pica8 other-config=datapath-id=120 $VSCTL add-port br20 te-1/1/21 -- set interface te-1/1/21 type=pica8 $VSCTL add-port br20 te-1/1/22 -- set interface te-1/1/22 type=pica8 $VSCTL add-port br20 te-1/1/23 -- set interface te-1/1/23 type=pica8 $VSCTL add-port br20 te-1/1/24 -- set interface te-1/1/24 type=pica8 $VSCTL add-port br20 te-1/1/25 -- set interface te-1/1/25 type=pica8 $VSCTL add-port br20 te-1/1/26 -- set interface te-1/1/26 type=pica8 $VSCTL add-port br20 te-1/1/27 -- set interface te-1/1/27 type=pica8 $VSCTL add-port br20 te-1/1/28 -- set interface te-1/1/28 type=pica8 # Remove Default Flow (not treating this as HUB!) ovs-ofctl del-flows br20 # Add replication flow from each bridged port to each of the other ports in the group ovs-ofctl add-flow br20 in_port=21,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=output:22,23,24,25,26,27,28 ovs-ofctl add-flow br20 in_port=22,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=output:21,23,24,25,26,27,28 ovs-ofctl add-flow br20 in_port=23,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=output:21,22,24,25,26,27,28 ovs-ofctl add-flow br20 in_port=24,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=output:21,22,23,25,26,27,28 # Drop ingress traffic from mirror ports ovs-ofctl add-flow br20 in_port=25,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br20 in_port=26,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br20 in_port=27,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop ovs-ofctl add-flow br20 in_port=28,dl_dst="*",dl_src="*",dl_type="*",dl_vlan_pcp="*",dl_vlan="*",actions=drop