Date: Thu, 23 Jan 2014 23:56:26 -0800 From: hiren panchasara <hiren.panchasara@gmail.com> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Port mirroring on FreeBSD Message-ID: <CALCpEUHCdsWRf2_x2HG_5HLHgJog3WJi1zBUVaLuWLDxo-EDYw@mail.gmail.com> In-Reply-To: <CA%2BhQ2%2BjCwQJB%2BP=dSKm%2BaB0SLW9=%2BPvZ7mcm8L561YZaPdmdJg@mail.gmail.com> References: <CALCpEUF8xeq4asVB5U4sAm3VfaprnGEuphH4N3QmtazFV%2BZWeA@mail.gmail.com> <CA%2BhQ2%2BjCwQJB%2BP=dSKm%2BaB0SLW9=%2BPvZ7mcm8L561YZaPdmdJg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 18, 2014 at 8:29 AM, Luigi Rizzo <rizzo@iet.unipi.it> wrote: > > > > On Fri, Jan 17, 2014 at 10:58 PM, hiren panchasara > <hiren.panchasara@gmail.com> wrote: >> >> I have this weird requirement that I am juggling right now and I >> wanted to reach out to larger audience: >> >> In this box I have 2 dualport ixgbe 10G cards. On ingress, I want to >> get data off of 2 ports of first 10G card and lagg/lacp them into 1 >> stream of data. But for outgoing, I want to have 2 identical streams >> of data going out on 2 ports of the second 10G card. (not >> load-balancing but more of a mirroring). >> >> The reason for this is, I need to be able to provide same data to 2 >> different application hosts downstream for monitoring. Something like: >> >> http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-mirroring-ex-series.html >> >> I believe a regular switch might be perfect but for I could not find >> anything simple in FreeBSD to do that. >> >> Luigi: Can netmap/vale be helpful here? > > > for this and other custom applications what I would > do is build a userspace application that puts the nics in > netmap mode and does the necessary juggling. What I am thinking right now is: open all 4 (2 ingress and 2 egress) ports in netmap and then copy each packet from both ingress ports to both of the egress ports via netmap. I see some packet move/copy code between 2 ports in tools bridge example. I am thinking of tweaking that right now. Should that work? Also, initially I thought of trunking 2 ingress ports via lagg(4) but then I don't think I can open that lagged interface into netmap so I dropped that idea. cheers, Hiren > > Note that since the host is going to be the performance bottleneck, > you can probably do the same with just bpf without too much > impact on performance (and some advantage since you do not > need to handle the input traffic; at least, if i understand > your description the monitor does not need to see a > replica of the incoming traffic). > > Some time ago the answer to this type of questions used to be > "use netgraph". Maybe it is also a valid option but i do not > know if there are modules that suit your need. > > cheers > luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALCpEUHCdsWRf2_x2HG_5HLHgJog3WJi1zBUVaLuWLDxo-EDYw>