Mirror Group
From PicOS 2.8.0, Pica8 switch support ingress-mirror-group and egress-mirror-group.
- Ingress-mirror-group: Packets can modify corresponding fields and send out from one port, at the same time the packets also can keep original and send out from other ports.
- Egress-mirror-group: Packets can modify corresponding fields send out from one port, also can send out from another port at same time.
Using configure type=all group to create ingress-mirror-group or egress-mirror-group.
- Ingress-mirror-group: Only support 2 buckets, the first bucket process packets as normal, use the second bucket to mirror original packets at ingress and send out from one physical port or lag interface.
- Egress-mirror-group: Only support 2 buckets, the first bucket process packets as normal, use the second bucket to mirror modified packets at egress and send out from one physical port or lag interface.
We said the output in second bucket as monitor port.
1. ingress/Egress mirror group only support configure 2 buckets; Monitor port can be physical port/lag port/lag-select-group.
2. lag-select-group can include multiple ports, but if lag-select-group as monitor port only first eight ports can work.
3. only support add 4 monitor port (include ingress+egress) at most.
4. ingress/egress mirror group only can configure in table=0 flow entry.
5. ingress/egress mirror group cannot configure dec_tll in bucket.
6.do not support any other actions except ingress/egress mirror group in a flow's action.All actions you want to use must be added to the first bucket of the ingress/egress mirror-group.
In default, ingress/egress-mirror-groups is disabled, user need use command to configure them. 'ingress-mirror-groups=0-0' means the group ID range is 0-0, that is disable ingress-mirror-groups.
The command to show the ranges of ingress-mirror-groups and egress-mirror-groups.
admin@PicOS-OVS$ovs-vsctl show-group-ranges group_ranges: default lag-select-groups=0-0 ecmp-select-groups=0-0 ingress-mirror-groups=0-0 egress-mirror-groups=0-0
The command to configure ingress-mirror-group and egress-mirror-group ID range:
ovs-vsctl set-group-ranges ingress-mirror-groups=<min_value>-<max_value>
or
ovs-vsctl set-group-ranges egress-mirror-groups=<min_value>-<max_value>
or
ovs-vsctl set-group-ranges ingress-mirror-groups=<min_value1>-<max_value1>,egress-mirror-groups=<min_value2>-<max_value2>
The group IDs may be divided into different areas: ingress-mirror-groups, egress-mirror-group and the original groups. The max range of group is 1-4294967039, and if configure different group the group range cannot conflict.
After configure the command, user need reboot switch.
Use command 'ovs-vsctl set-group-ranges' to back default group ranges.
admin@PicOS-OVS$ovs-vsctl set-group-ranges ingress-mirror-groups=1-10000,egress-mirror-groups=20000-30000 admin@PicOS-OVS$ovs-vsctl show-group-ranges group_ranges: lag-select-groups=0-0 ecmp-select-groups=0-0 ingress-mirror-groups=1-10000 egress-mirror-groups=20000-30000
Example 1
And ingress-mirror-group, first bucket modify packet's fields dl_vlan and dl_dst.
admin@PicOS-OVS$ovs-ofctl add-group br0 group_id=100,type=all,bucket=set_field:100-\>vlan_vid,set_field:22:00:00:00:00:00-\>eth_dst,output:33,bucket=output:34 admin@PicOS-OVS$ admin@PicOS-OVS$ovs-ofctl add-flow br0 in_port=31,dl_dst=22:11:11:11:11:11,actions=group:100 admin@PicOS-OVS$ admin@PicOS-OVS$ovs-appctl pica/dump-flows #0 normal_d permanent flow_id=2 priority=0, actions:drop #1 normal permanent flow_id=6 (ingress mirror group) in_port=31,dl_dst=22:11:11:11:11:11, actions:set(eth_dst((dst=22:00:00:00:00:00))),set_vlan_id(vid=100),33,mirror_nest_start,34,mirror_nest_end Total 2 flows in HW. admin@PicOS-OVS$
Example 2
And egress-mirror-group, first bucket modify packet's fields dl_src and dl_dst, second bucket is lag interface.
admin@PicOS-OVS$ovs-vsctl add-port br0 ae1 vlan_mode=trunk tag=1 -- set interface ae1 type=pica8_lag options:members=te-1/1/32,te-1/1/33 admin@PicOS-OVS$ admin@PicOS-OVS$ovs-ofctl add-group br0 group_id=20010,type=all,bucket=set_field:00:00:00:11:11:11-\>eth_src,set_field:00:00:00:22:22:22-\>eth_dst,output:34,bucket=output:1025 admin@PicOS-OVS$ admin@PicOS-OVS$ovs-ofctl add-flow br0 in_port=31,actions=group:20010 admin@PicOS-OVS$ admin@PicOS-OVS$ovs-appctl pica/dump-flows #0 normal_d permanent flow_id=2 priority=0, actions:drop #2 normal permanent flow_id=7 (egress mirror group) in_port=31, actions:set(eth(src=00:00:00:11:11:11,dst=00:00:00:22:22:22)),34,mirror_nest_start,1025,mirror_nest_end Total 2 flows in HW.
Close all Group-ranges
If user want close the group-ranges, please use command as below.
ovs-vsctl set-group-ranges
admin@PicOS-OVS$ovs-vsctl set-group-ranges admin@PicOS-OVS$ovs-vsctl show-group-ranges group_ranges: lag-select-groups=0-0 ecmp-select-groups=0-0 ingress-mirror-groups=0-0 egress-mirror-groups=0-0
Copyright © 2024 Pica8 Inc. All Rights Reserved.