From owner-freebsd-net@FreeBSD.ORG  Fri Jan 24 07:56:29 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 08055324
 for <freebsd-net@freebsd.org>; Fri, 24 Jan 2014 07:56:29 +0000 (UTC)
Received: from mail-ee0-x236.google.com (mail-ee0-x236.google.com
 [IPv6:2a00:1450:4013:c00::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 93BAD1FAC
 for <freebsd-net@freebsd.org>; Fri, 24 Jan 2014 07:56:28 +0000 (UTC)
Received: by mail-ee0-f54.google.com with SMTP id e53so793717eek.27
 for <freebsd-net@freebsd.org>; Thu, 23 Jan 2014 23:56:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=Chlkk9F5+Ux9Q0EWdp3WAeRUqN+MXmS2jGTqswERgl8=;
 b=cNa+7pkG+oOiFTRPBZHst1Z/1N9uVVbRkOxvDNrRKOWd4mhju0RRyaWkWW1M2ywI7g
 Z5l1qLbASInDBMQxWcLsMTMWk/giGuG21V/PtQtviddOaJkQgs4drh/10f+LXEiHI6n2
 zVOWfL7bHmBx1Bw7g6snmQlp5crUfvzuM303bRmdpYDJejBcPGK+g1ZYcmMwEci1lr8t
 FQw/0P/fLSKXdQuaTqF5BqOWvspmpaGvPlqHlOqo7e3qhML6/Jfeae2BZXuBu6Pz8lhz
 jN6jXp9mNuYz/WJMnYogg1pggEppi/7vPHUlxJ4trsrixM70d4tO3nMuiNvHdWrHOjgq
 YKfg==
MIME-Version: 1.0
X-Received: by 10.14.94.69 with SMTP id m45mr1010543eef.95.1390550186479; Thu,
 23 Jan 2014 23:56:26 -0800 (PST)
Received: by 10.14.2.66 with HTTP; Thu, 23 Jan 2014 23:56:26 -0800 (PST)
In-Reply-To: <CA+hQ2+jCwQJB+P=dSKm+aB0SLW9=+PvZ7mcm8L561YZaPdmdJg@mail.gmail.com>
References: <CALCpEUF8xeq4asVB5U4sAm3VfaprnGEuphH4N3QmtazFV+ZWeA@mail.gmail.com>
 <CA+hQ2+jCwQJB+P=dSKm+aB0SLW9=+PvZ7mcm8L561YZaPdmdJg@mail.gmail.com>
Date: Thu, 23 Jan 2014 23:56:26 -0800
Message-ID: <CALCpEUHCdsWRf2_x2HG_5HLHgJog3WJi1zBUVaLuWLDxo-EDYw@mail.gmail.com>
Subject: Re: Port mirroring on FreeBSD
From: hiren panchasara <hiren.panchasara@gmail.com>
To: Luigi Rizzo <rizzo@iet.unipi.it>
Content-Type: text/plain; charset=UTF-8
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jan 2014 07:56:29 -0000

On Sat, Jan 18, 2014 at 8:29 AM, Luigi Rizzo <rizzo@iet.unipi.it> wrote:
>
>
>
> On Fri, Jan 17, 2014 at 10:58 PM, hiren panchasara
> <hiren.panchasara@gmail.com> wrote:
>>
>> I have this weird requirement that I am juggling right now and I
>> wanted to reach out to larger audience:
>>
>> In this box I have 2 dualport ixgbe 10G cards. On ingress, I want to
>> get data off of 2 ports of first 10G card and lagg/lacp them into 1
>> stream of data. But for outgoing, I want to have 2 identical streams
>> of data going out on 2 ports of the second 10G card. (not
>> load-balancing but more of a mirroring).
>>
>> The reason for this is, I need to be able to provide same data to 2
>> different application hosts downstream for monitoring. Something like:
>>
>> http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-mirroring-ex-series.html
>>
>> I believe a regular switch might be perfect but for I could not find
>> anything simple in FreeBSD to do that.
>>
>> Luigi: Can netmap/vale be helpful here?
>
>
> for this and other custom applications what I would
> do is build a userspace application that puts the nics in
> netmap mode and does the necessary juggling.

What I am thinking right now is:  open all 4 (2 ingress and 2 egress)
ports in netmap
and then copy each packet from both ingress ports to both of the
egress ports via netmap.

I see some packet move/copy code between 2 ports in tools bridge
example. I am thinking of
tweaking that right now.

Should that work?

Also, initially I thought of trunking 2 ingress ports via lagg(4) but
then I don't think I can
open that lagged interface into netmap so I dropped that idea.

cheers,
Hiren

>
> Note that since the host is going to be the performance bottleneck,
> you can probably do the same with just bpf without too much
> impact on performance (and some advantage since you do not
> need to handle the input traffic; at least, if i understand
> your description the monitor does not need to see a
> replica of the incoming traffic).
>
> Some time ago the answer to this type of questions used to be
> "use netgraph". Maybe it is also a valid option but i do not
> know if there are modules that suit your need.
>
> cheers
> luigi