-
Notifications
You must be signed in to change notification settings - Fork 128
SPAN
SPAN (Switched Port Analyzer), sends a copy of all network packets seen on one port to another port.
To test SPAN with VPP, I've created four tap interfaces and configure SPAN in this way:
vpp# set int span tap0 destination tap1 both
vpp# set int span tap0 destination tap2 rx
vpp# set int span tap0 destination tap3 tx
The SPAN mirror table now have following records:
vpp# sh int span
Source Destination Device L2
tap0 tap1 ( both) ( none)
tap2 ( rx) ( none)
tap3 ( tx) ( none)
and if I send one packet to tap0 the trace looks following:
Packet 1
00:13:03:616966: virtio-input
virtio: hw_if_index 1 next-index 6 vring 0 len 98
hdr: flags 0x00 gso_type 0x00 hdr_len 0 gso_size 0 csum_start 0 csum_offset 0 num_buffers 1
00:13:03:616993: span-input
SPAN: mirrored tap0 -> tap1
SPAN: mirrored tap0 -> tap2
00:13:03:617011: ethernet-input
IP4: 96:08:82:fd:b2:b3 -> 02:fe:f7:bb:4f:e8
00:13:03:617026: ip4-input
ICMP: 10.10.1.1 -> 10.10.1.2
tos 0x00, ttl 64, length 84, checksum 0xcc3f
fragment id 0x5853, flags DONT_FRAGMENT
ICMP echo_request checksum 0x1494
[...]
00:13:03:617077: tap0-output
tap0 l2_hdr_offset_valid l3_hdr_offset_valid
IP4: 02:fe:f7:bb:4f:e8 -> 96:08:82:fd:b2:b3
ICMP: 10.10.1.2 -> 10.10.1.1
tos 0x00, ttl 64, length 84, checksum 0x6d56
fragment id 0xb73c, flags DONT_FRAGMENT
ICMP echo_reply checksum 0x1c94
00:13:03:617081: span-output
SPAN: mirrored tap0 -> tap1
SPAN: mirrored tap0 -> tap3
Main lines are:
00:13:03:616993: span-input
SPAN: mirrored tap0 -> tap1
SPAN: mirrored tap0 -> tap2
and
00:13:03:617081: span-output
SPAN: mirrored tap0 -> tap1
SPAN: mirrored tap0 -> tap3
From this lines, I can tell that the packet right after virtio-input node went to span-input node, so SPAN is working.
Also input was sent to tap1 and tap2, in the other hand output was mirrored to tap1 and tap3. This happend because I've configured SPAN to mirror both input and output to tap1, only 'rx' to tap2 and only 'tx' to tap3.
One more thing, is
vpp# sh int
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
local0 0 down 0/0/0/0
tap0 1 up 9000/0/0/0 rx packets 1
rx bytes 98
tx packets 1
tx bytes 98
ip4 1
tap1 2 up 9000/0/0/0 tx packets 2
tx bytes 196
tap2 3 up 9000/0/0/0 tx packets 1
tx bytes 98
tap3 4 up 9000/0/0/0 tx packets 1
tx bytes 98
and this shows that the packet was actually sent to those interfaces. Also on linux side of taps, tcpdump captures ICMP echo request and ICMP echo reply on tap1 and only request on tap2 and only reply on tap3.