Port mirroring with Open vSwitch- no row "tap" in port table

[QMan]

Hi all,

I am new to Open vSwitch and I've been running into an issue that I'm hoping someone may be able to help me with.

I'm trying to set up SecurityOnion in my Proxmox homelab. My server only has 1 NIC, so I've added a second NIC adapter using my Thunderbolt 3 port. As a result, I also had to manually add this adapter in /etc/network/interfaces to have it show up as "Active" in the Proxmox GUI:

auto enx####
iface enx#### inet manual

I've been following these guides for the setup process:
https://andrewhofmans.com/blog/how-to/mirrored-ports-with-open-vswitch/
https://bilk0h.com/posts/security-onion-proxmox-open-vswitch#the-mirror

I'm able to get all the way through until the last step, which is creating the mirror port (example from the guide):

ovs-vsctl -- --id=@p get port tap700i1 \
    -- --id=@m create mirror name=span1 select-all=true output-port=@p \
    -- set bridge vmbr2 mirrors=@m

When I run this command using my "tap ID" and bridge name, I get the following:
ovs-vsctl: no row "[my Tap ID]" in table Port

I've confirmed the Tap ID by issuing the following command:

ip address | grep tap

And finding the Tap ID that corresponds to the VM number. Am I doing something wrong here? Any help would be greatly appreciated!

 

[AnotherMan]

Hello QMan,

Did you ever figure this out? I'm running into the exact same issue.

 

[tacitus_kilgore]

Hello QMan,

Did you ever figure this out? I'm running into the exact same issue.

Found the solution in this page: https://github.com/0xvext/proxmox-seconiontap.sh/issues/1

Essentially, be sure to turn off your firewall for that second switch, that way the tap interface for it is visible in OpenVSwitch; if you don't do this, the tap interface will be a Linux switch instead.

 

[spirit]

Found the solution in this page: https://github.com/0xvext/proxmox-seconiontap.sh/issues/1

Essentially, be sure to turn off your firewall for that second switch, that way the tap interface for it is visible in OpenVSwitch; if you don't do this, the tap interface will be a Linux switch instead.

if you use proxmox firewall, the interface in ovs will be the firewall link "fwpr<vmid>p<netid>" instead "tap<vmid>i<netid>"

 

[tacitus_kilgore]

if you use proxmox firewall, the interface in ovs will be the firewall link "fwpr<vmid>p<netid>" instead "tap<vmid>i<netid>"

I did try that interface but in my experience nothing was being mirrored. After I switched off the firewall and used the tap interface, the packets were being mirrored.

 

[Egbahan koissi]

merci