Network flow monitoring with Open vSwitch
With network virtualization, the software switches (such as Open vSwitch) on the servers act like the edge switches. So, to gain insights into the network flow behavior, it becomes important to have some sort of flow monitoring technique to analyze the traffic through these switches. NetFlow and sFlow are the two most widely used flow monitoring approaches. To monitor the flows, the switches need to be configured to export and send the traffic data to an analyzer (eg SolarWinds Real-Time NetFlow Analyzer and InMon sFlowTrend). The analyzer listens on a a particular port for the flow statistics data sent from the switches. In this article, I will explain how to configure an OVS
to send the flow statistics to an analyzer for monitoring.
sFlow:
To begin, lets start the InMon sFlowTrend analyzer (or any other sFlow analyzer) on a host (h1). By default, sFlowTrend listens on port 6343. On the server (h2) running the open vswitch, we need to use ovs-vsctl
to configure the OVS as follows:
$ COLLECTOR_IP=192.168.0.121
$ COLLECTOR_PORT=6343
$ AGENT=eth1
$ HEADER=128
$ SAMPLING=512
$ POLLING=10
COLLECTOR_IP
: IP of host h1
where the analyzer is running and listening on port COLLECTOR_PORT
. AGENT
: network interface on the host h2
which connects to the network on which host h1 is running. HEADER
: size (in bytes) of the packet header to be analyzed. SAMPLING
: specifies the sampling rate. Every nth packet will be sampled (with some deviation). POLLING
: polling time period in seconds.
Configure the OVS bridge ‘ovsbr1‘
(replace with the name of the OVS bridge on your setup):
$ SFLOWUUID=`
sudo
ovs-vsctl -- --
id
=@sflow create sflow \
agent=${AGENT} target=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" \
header=${HEADER} sampling=${SAMPLING} polling=${POLLING} \
--
set
bridge virbr0 sflow=@sflow`
or
$
sudo
ovs-vsctl -- --
id
=@sflow create sflow agent=${AGENT} \
target=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" header=${HEADER} \
sampling=${SAMPLING} polling=${POLLING} \
--
set
bridge ovsbr1 sflow=@sflow
Now, you should be able to see on the sFlow analyzer the statistics for the traffic going through this OVS bridge.
To stop the switch from sending these statistics and remove this configuration, do:
$
sudo
ovs-vsctl remove bridge ovsbr1 sflow $SFLOWUUID
or to remove all the sFlow configurations from the bridge:
$
sudo
ovs-vsctl --
clear
Bridge ovsbr1 sflow
You can also see the list of sFlow configurations using:
$
sudo
ovs-vsctl list sflow
NetFlow:
Similarly, start a NetFlow collector on a host (h1
) and configure the OVS bridge on h2
as follows:
$ COLLECTOR_IP=192.168.0.121
$ COLLECTOR_PORT=6343
$ TIMEOUT=10
$
sudo
ovs-vsctl --
set
Bridge ovsbr1 netflow=@nf -- --
id
=@nf \
create NetFlow targets=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" \
active-timeout=${TIMEOUT}
Verify that you are getting the NetFlow statistics on the analyzer. To deconfigure NetFlow on ovsbr1
, do:
$
sudo
ovs-vsctl
clear
Bridge ovsbr1 netflow
You can also change the timeout once the NetFlow has been configured by using:
$
sudo
ovs-vsctl
set
NetFlow ovsbr1 active_timeout=20
Cheers!
Credits:
1. ovs-vsctl documentation
2. Open vSwitch config-cookbook
[转]Network flow monitoring with Open vSwitch,古老的榕树,5-wow.com
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。