projects / ovs.git / blame
| Commit | Line | Data |
|---|---|---|
| 198c5d3d SF |
1 | .. |
| 2 | Licensed under the Apache License, Version 2.0 (the "License"); you may | |
| 3 | not use this file except in compliance with the License. You may obtain | |
| 4 | a copy of the License at | |
| 5 | ||
| 6 | http://www.apache.org/licenses/LICENSE-2.0 | |
| 7 | ||
| 8 | Unless required by applicable law or agreed to in writing, software | |
| 9 | distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | |
| 10 | WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
| 11 | License for the specific language governing permissions and limitations | |
| 12 | under the License. | |
| 13 | ||
| 14 | Convention for heading levels in Open vSwitch documentation: | |
| 15 | ||
| 16 | ======= Heading 0 (reserved for the title in a document) | |
| 17 | ------- Heading 1 | |
| 18 | ~~~~~~~ Heading 2 | |
| 19 | +++++++ Heading 3 | |
| 20 | ''''''' Heading 4 | |
| 21 | ||
| 22 | Avoid deeper levels because they do not render well. | |
| 23 | ||
| 24 | ================================ | |
| 25 | Monitoring VM Trafic Using sFlow | |
| 26 | ================================ | |
| 27 | ||
| 28 | This document describes how to use Open vSwitch is to monitor traffic sent | |
| 29 | between two VMs on the same host using an sFlow collector. | |
| 30 | VLANs. | |
| 31 | ||
| 32 | .. image:: sflow.png | |
| 33 | :align: center | |
| 34 | ||
| 35 | Setup | |
| 36 | ----- | |
| 37 | ||
| 38 | This guide assumes the environment is configured as described below. | |
| 39 | ||
| 40 | Two Physical Networks | |
| 41 | ~~~~~~~~~~~~~~~~~~~~~ | |
| 42 | ||
| 43 | - Data Network | |
| 44 | ||
| 45 | Ethernet network for VM data traffic. For experimentation, this physical | |
| 46 | network is optional. You can instead connect all VMs to a bridge that is not | |
| 47 | connected to a physical interface. | |
| 48 | ||
| 49 | - Management Network | |
| 50 | ||
| 51 | This network must exist, as it is used to send sFlow data from the agent to | |
| 52 | the remote collector. | |
| 53 | ||
| 54 | Two Physical Hosts | |
| 55 | ~~~~~~~~~~~~~~~~~~ | |
| 56 | ||
| 57 | The environment assumes the use of two hosts: `host1` and `hostMon`. `host` is | |
| 58 | a hypervisor that run Open vSwitch and has two NICs: | |
| 59 | ||
| 60 | - eth0 is connected to the Data Network. No IP address can be assigned on eth0 | |
| 61 | because it is part of an OVS bridge. | |
| 62 | ||
| 63 | - eth1 is connected to the Management Network. eth1 has an IP address for | |
| 64 | management traffic, including sFlow. | |
| 65 | ||
| 66 | `hostMon` can be any computer that can run the sFlow collector. For this | |
| 67 | cookbook entry, we use `sFlowTrend | |
| 68 | <http://www.inmon.com/products/sFlowTrend.php>`__, a free sFlow collector that | |
| 69 | is a simple cross-platform Java download. Other sFlow collectors should work | |
| 70 | equally well. `hostMon` has a single NIC, `eth0`, that is connected to the | |
| 71 | Management Network. `eth0` has an IP adress that can reach `eth1` on `host1`. | |
| 72 | ||
| 73 | Two Virtual Machines | |
| 74 | ~~~~~~~~~~~~~~~~~~~~ | |
| 75 | ||
| 76 | This guide uses two virtual machines - `vm1` and `vm2`- running on `host1`. | |
| 77 | ||
| 78 | .. note:: | |
| 79 | For Xen/XenServer, VM interfaces appears as Linux devices with names like | |
| 80 | ``vif1.0``. Other Linux systems may present these interfaces as ``vnet0``, | |
| 81 | ``vnet1``, etc. | |
| 82 | ||
| 83 | Configuration Steps | |
| 84 | ------------------- | |
| 85 | ||
| 86 | On `host1`, define the following configuration values in your shell | |
| 87 | environment:: | |
| 88 | ||
| 89 | COLLECTOR_IP=10.0.0.1 | |
| 90 | COLLECTOR_PORT=6343 | |
| 91 | AGENT_IP=eth1 | |
| 92 | HEADER_BYTES=128 | |
| 93 | SAMPLING_N=64 | |
| 94 | POLLING_SECS=10 | |
| 95 | ||
| 96 | Port 6343 (``COLLECTOR_PORT``) is the default port number for sFlowTrend. If | |
| 97 | you are using an sFlow collector other than sFlowTrend, set this value to the | |
| 98 | appropriate port for your particular collector. Set your own IP address for the | |
| 99 | collector in the place of 10.0.0.1 (``COLLECTOR_IP``). Setting the ``AGENT_IP`` | |
| 100 | value to eth1 indicates that the sFlow agent should send traffic from `eth1`'s | |
| 101 | IP address. The other values indicate settings regarding the frequency and type | |
| 102 | of packet sampling that sFlow should perform. | |
| 103 | ||
| 104 | Still on `host1`, run the following command to create an sFlow configuration | |
| 105 | and attach it to bridge br0:: | |
| 106 | ||
| 107 | $ ovs-vsctl -- --id=@sflow create sflow agent=${AGENT_IP} \ | |
| 108 | target="${COLLECTOR_IP}:${COLLECTOR_PORT}" header=${HEADER_BYTES} \ | |
| 109 | sampling=${SAMPLING_N} polling=${POLLING_SECS} \ | |
| 110 | -- set bridge br0 sflow=@sflow | |
| 111 | ||
| 112 | Make note of the UUID that is returned by this command; this value is necessary | |
| 113 | to remove the sFlow configuration. | |
| 114 | ||
| 115 | On `hostMon`, go to the `sFlowTrend | |
| 116 | <http://www.inmon.com/products/sFlowTrend.php>`__ and click "Install" in the | |
| 117 | upper right-hand corner. If you have Java installed, this will download and | |
| 118 | start the sFlowTrend application. Once sFlowTrend is running, the light in the | |
| 119 | lower right-hand corner of the sFlowTrend application should blink green to | |
| 120 | indicate that the collector is receiving traffic. | |
| 121 | ||
| 122 | The sFlow configuration is now complete, and sFlowTrend on `hostMon` should be | |
| 123 | receiving sFlow data from OVS on `host1`. | |
| 124 | ||
| 125 | To configure sFlow on additional bridges, just replace ``br0`` in the above | |
| 126 | command with a different bridge name. | |
| 127 | ||
| 128 | To remove sFlow configuration from a bridge (in this case, ``br0``), run this | |
| 129 | command, where "sFlow UUID" is the UUID returned by the command used to set the | |
| 130 | sFlow configuration initially:: | |
| 131 | ||
| 132 | $ ovs-vsctl remove bridge br0 sflow <sFlow UUID> | |
| 133 | ||
| 134 | To see all current sets of sFlow configuration parameters, run:: | |
| 135 | ||
| 136 | $ ovs-vsctl list sflow | |
| 137 | ||
| 138 | Troubleshooting | |
| 139 | --------------- | |
| 140 | ||
| 141 | If sFlow data isn't being collected and displayed by sFlowTrend, check the | |
| 142 | following items: | |
| 143 | ||
| 144 | - Make sure the VMs are sending/receiving network traffic over bridge br0, | |
| 145 | preferably to multiple other hosts and using a variety of protocols. | |
| 146 | ||
| 147 | - To confirm that the agent is sending traffic, check that running the | |
| 148 | following command shows that the agent on the physical server is sending | |
| 149 | traffic to the collector IP address (change the port below to match the port | |
| 150 | your collector is using):: | |
| 151 | ||
| 152 | $ tcpdump -ni eth1 udp port 6343 | |
| 153 | ||
| 154 | If no traffic is being sent, there is a problem with the configuration of OVS. | |
| 155 | If traffic is being sent but nothing is visible in the sFlowTrend user | |
| 156 | interface, this may indicate a configuration problem with the collector. | |
| 157 | ||
| 158 | Check to make sure the host running the collector (`hostMon`) does not have a | |
| 159 | firewall that would prevent UDP port 6343 from reaching the collector. | |
| 160 | ||
| 161 | Credit | |
| 162 | ------ | |
| 163 | ||
| 164 | This document is heavily based on content from Neil McKee at InMon: | |
| 165 | ||
| 166 | - `https://mail.openvswitch.org/pipermail/ovs-dev/2010-July/165245.html | |
| 167 | <https://mail.openvswitch.org/pipermail/ovs-dev/2010-July/165245.html>`__ | |
| 168 | ||
| 169 | - `http://blog.sflow.com/2010/01/open-vswitch.html | |
| 170 | <http://blog.sflow.com/2010/01/open-vswitch.html>`__ (note: the configuration | |
| 171 | syntax is out of date, but the high-level descriptions are correct) |