Linux Bridge Mirror Port

Source: Internet
Author: User

Linux Bridge is a core-supported bridge device that enables simple switch functionality. Now the demand is to listen to the cloud platform, the cloud host all the traffic. We're using bridge, not a powerful software device that uses vswitch. By accessing the information

http://backreference.org/2014/06/17/port-mirroring-with-linux-bridges/

Http://superuser.com/questions/753294/mirror-port-via-iptables

Http://askubuntu.com/questions/22562/copy-all-bridge-traffic-to-a-specific-interface


There are several ways to do this:

Iptables

Use the iptables to edit

Mangle Table Specific

-j Route (explicitly route packets, valid at prerouting)

Options

--iface <iface_name>

--ifindex <iface_idx>

You can also enter commands directly.

Iptables–i prerouting–t mangle–i eth0–j tee–gateway 192.168.200.1

Iptables–i postrouting–t mangle–j Tee–gateway 192.168.200.1

Description on the document:

The TEE target would clone a packet and redirect this clone to another machine on the local network segment. In other words, the nexthop must is the target, or you'll have to configure the nexthop to forward it further if

So desired.


--gateway ipaddr

Send the cloned packet to the host reachable at the given IP address. Use of 0.0.0.0, for IPV4 packets, or:: (IPV6) is invalid.


To forward all incoming traffic on eth0 to an Network Layer logging box:


-T mangle-a prerouting-i eth0-j TEE--gateway 2001:db8::1


The goal is tee, which clones the packet to another local network machine. However, it is necessary to note that the modification is the mangle table, to this step, the packet has actually been done Snat Dnat, obviously is not the cloud host originally came out of the package.

TC Tool


Daemonlogger
sudo daemonlogger-i <input_interface>-o <mirror_interface>

Where the arguments is explained as

-I <interface> Set interface to grab data from to <interface>. -O <interface> Disable logging, instead mirror traffic from-i <interface> to-o <interface>.

That would be easy.


Small experiment:

Grab the bag on the BOND0

Tcpdump-i bond0-n|grep 223.5.5.5tcpdump:warning:bond0:no IPv4 address assignedtcpdump:verbose output suppressed, use -V OR-VV for full protocol decodelistening on BOND0, Link-type EN10MB (Ethernet), capture size 65535 bytes10:51:01.16006 5 IP 10.10.82.226 > 223.5.5.5:icmp echo request, id 15978, SEQ 182, Length 6410:51:01.163128 IP 223.5.5.5 > 10.10.8 2.226:icmp Echo reply, id 15978, SEQ 182, Length 6410:51:02.161217 IP 10.10.82.226 > 223.5.5.5:icmp echo request, ID 15978, SEQ 183, Length 64


Grab the bag on the Vnet0

[Email protected]:~# tcpdump-i vnet0-n|grep 223.5.5.5tcpdump:warning:vnet0:no IPv4 address assignedtcpdump:verbose o Utput suppressed, Use-v OR-VV for full protocol decodelistening on Vnet0, Link-type EN10MB (Ethernet), capture size 6553 5 bytes17:31:42.458344 IP 192.168.138.14 > 223.5.5.5:icmp echo request, id 30953, seq 1, length 6417:31:42.461327 IP 2 23.5.5.5 > 192.168.138.14:icmp echo reply, id 30953, seq 1, Length 64

Can be found in bridge vlnet0 out of the package are native! Which is not through iptables Internet


The special need to note is why not directly export bond0 on the traffic, is because we do the iptables on the Snat, Dnat rules, specific reference to the previous article. It is because of the snat, Dnat so that the original package has changed, there is no more src or dest to monitor the associated cloud host traffic.

Linux Bridge Mirror Port

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.