Open Stack

hi all:

I want to detect internal network flow by a physical IDS(Intrustion
detection system) device, so a possible approach is switch span.

first, I create a mirror with the openvswitch and redirect all data to an
pysical interface eth1

ovs-vsctl -- --id=@m create mirror name=mirror0 -- add bridge br-int
mirrors @m
ovs-vsctl set mirror
mirror0 output_port=4d5ed382-a0c3-4453-ab3c-58e1e7f603b0(uuid of eth1)
ovs-vsctl set mirror
mirror0 select_src_port=d624f5b1-f5e3-4f85-a907-bd209b5463aa(uuid of br-int)
ovs-vsctl set mirror
mirror0 select_dst_port=d624f5b1-f5e3-4f85-a907-bd209b5463aa(uuid of br-int)

so that the internal transfered data is copied to the eth1, if the eth1 and
the IDS device are in the same vlan, the IDS can detect internal flow of
the openvswitch.

But the problem is that: all compute node should have an extra physical
interface, so that the internal data inside the compute node can be
detected, it is a really waste.

So I wonder is it possible to mirror the data to a vlan,rather than a
port(i.e output_vlan instead of output_port), but I find that there are few
documents about the output_vlan argument.

After I create a vlan tags 998 on both a compute node and a network node, I
find that the system halts and I can not ssh to the nodes.

So can any one tell how to mirror the data to a vlan, please?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121228/defd5e45/attachment.html>