Hello,
I am doing a PoC for ProxMox for my team as I am proposing it as an alternative to ESXi. These forums have been critical to me getting as far as I have, so I'm hoping for some advice.
So far, I really like ProxMox. However, we have a unique case that I am struggling to recreate. I'm going to use simplified names.
We receive SPAN on an interface called "span0". It is a physical link. Our requirement is:
1) Be able to mirror all received traffic on span0 to the tap interfaces of two different VMs (tap1 and tap2 for each VM respectively)
2) Filter down the traffic going to tap1's interface to just a specific port - say port80/http. This lets both VMs receive the same port80 traffic, but its the only traffic tap1 is receiving.
In ESXi, we achieve this with a dSwitch, promiscious mode, and traffic filtering on the port group. It works great.
In ProxMox, I'm able to successfully create a mirror with OpenVSwitch (OVS) to both tap1 and tap2's interface. They should both be receiving 100% of the traffic received on span0. This has its own annoyances due to it not being persistent on reboots, but I made a script to overcome this.
But how can I filter down the traffic on tap1's interface? I have tried using ovs-ofctl to set a filter on that interface to only allow port 80/http traffic, but it gets no matches. I think it's skipping over it because its a mirrored port?
This is our final check box to check before my team will start migrating lab stuff to ProxMox, as a precursor for a potential large production migration - hope someone can help a ProxMox noob out!
I am doing a PoC for ProxMox for my team as I am proposing it as an alternative to ESXi. These forums have been critical to me getting as far as I have, so I'm hoping for some advice.
So far, I really like ProxMox. However, we have a unique case that I am struggling to recreate. I'm going to use simplified names.
We receive SPAN on an interface called "span0". It is a physical link. Our requirement is:
1) Be able to mirror all received traffic on span0 to the tap interfaces of two different VMs (tap1 and tap2 for each VM respectively)
2) Filter down the traffic going to tap1's interface to just a specific port - say port80/http. This lets both VMs receive the same port80 traffic, but its the only traffic tap1 is receiving.
In ESXi, we achieve this with a dSwitch, promiscious mode, and traffic filtering on the port group. It works great.
In ProxMox, I'm able to successfully create a mirror with OpenVSwitch (OVS) to both tap1 and tap2's interface. They should both be receiving 100% of the traffic received on span0. This has its own annoyances due to it not being persistent on reboots, but I made a script to overcome this.
But how can I filter down the traffic on tap1's interface? I have tried using ovs-ofctl to set a filter on that interface to only allow port 80/http traffic, but it gets no matches. I think it's skipping over it because its a mirrored port?
This is our final check box to check before my team will start migrating lab stuff to ProxMox, as a precursor for a potential large production migration - hope someone can help a ProxMox noob out!
Last edited: