Using Open VS to configure an inline device as a VM.

[suspendedanimation]

I am having an issue where in a have a VM of an IPS (Intrusion Prevention System) , and i am hoping to use openvswitch to get all the traffic from a physical port to the VM and then another switch for the egress traffic out of the box.

What i am not sure is how to configure the vswitch to do that. Any ideas and pointers would be a great help. I am new to kvm and open vswitch so pardon my ignorance. In the Vmware world i have achieved this by making the vswitch promiscuous to receive all the traffic coming in and have just one VM use that vswitch.

Thanks in advance for the help.

 

[suspendedanimation]

I found this link http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD which talks setting up a port mirror to achieve equivalent of vswitch promiscuous mode. Now i am hitting another issue where i have to do the following using the ovs-vsctl command, but not sure how to get that into /etc/network/interfaces ?. As after a reboot proxmox seems to clear the database and i end up losing the config.

Any ideas ?
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
ovs-vsctl add-port br0 tap0
ovs-vsctl add-port br0 tap1 \
-- --id=@p get port tap1 \
-- --id=@m create mirror name=m0 select-all=true output-port=@p \
-- set bridge br0 mirrors=@m