Using Open VS to configure an inline device as a VM.

suspendedanimation

New Member
Jul 24, 2015
2
0
1
I am having an issue where in a have a VM of an IPS (Intrusion Prevention System) , and i am hoping to use openvswitch to get all the traffic from a physical port to the VM and then another switch for the egress traffic out of the box.

What i am not sure is how to configure the vswitch to do that. Any ideas and pointers would be a great help. I am new to kvm and open vswitch so pardon my ignorance. In the Vmware world i have achieved this by making the vswitch promiscuous to receive all the traffic coming in and have just one VM use that vswitch.

Thanks in advance for the help.
 
I found this link http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD which talks setting up a port mirror to achieve equivalent of vswitch promiscuous mode. Now i am hitting another issue where i have to do the following using the ovs-vsctl command, but not sure how to get that into /etc/network/interfaces ?. As after a reboot proxmox seems to clear the database and i end up losing the config.

Any ideas ?
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
ovs-vsctl add-port br0 tap0
ovs-vsctl add-port br0 tap1 \
-- --id=@p get port tap1 \
-- --id=@m create mirror name=m0 select-all=true output-port=@p \
-- set bridge br0 mirrors=@m
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!