Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 18 Jan 2014 08:29:43 -0800
From:      Luigi Rizzo <rizzo@iet.unipi.it>
To:        hiren panchasara <hiren.panchasara@gmail.com>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: Port mirroring on FreeBSD
Message-ID:  <CA%2BhQ2%2BjCwQJB%2BP=dSKm%2BaB0SLW9=%2BPvZ7mcm8L561YZaPdmdJg@mail.gmail.com>
In-Reply-To: <CALCpEUF8xeq4asVB5U4sAm3VfaprnGEuphH4N3QmtazFV%2BZWeA@mail.gmail.com>
References:  <CALCpEUF8xeq4asVB5U4sAm3VfaprnGEuphH4N3QmtazFV%2BZWeA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jan 17, 2014 at 10:58 PM, hiren panchasara <
hiren.panchasara@gmail.com> wrote:

> I have this weird requirement that I am juggling right now and I
> wanted to reach out to larger audience:
>
> In this box I have 2 dualport ixgbe 10G cards. On ingress, I want to
> get data off of 2 ports of first 10G card and lagg/lacp them into 1
> stream of data. But for outgoing, I want to have 2 identical streams
> of data going out on 2 ports of the second 10G card. (not
> load-balancing but more of a mirroring).
>
> The reason for this is, I need to be able to provide same data to 2
> different application hosts downstream for monitoring. Something like:
>
> http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-mirroring-ex-series.html
>
> I believe a regular switch might be perfect but for I could not find
> anything simple in FreeBSD to do that.
>
> Luigi: Can netmap/vale be helpful here?
>

for this and other custom applications what I would
do is build a userspace application that puts the nics in
netmap mode and does the necessary juggling.

Note that since the host is going to be the performance bottleneck,
you can probably do the same with just bpf without too much
impact on performance (and some advantage since you do not
need to handle the input traffic; at least, if i understand
your description the monitor does not need to see a
replica of the incoming traffic).

Some time ago the answer to this type of questions used to be
"use netgraph". Maybe it is also a valid option but i do not
know if there are modules that suit your need.

cheers
luigi

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BhQ2%2BjCwQJB%2BP=dSKm%2BaB0SLW9=%2BPvZ7mcm8L561YZaPdmdJg>