Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[NFX] Packet capture on the Open vSwitch (OVS) using port_util.sh

0

0

Article ID: KB32285 KB Last Updated: 21 Mar 2019Version: 2.0
Summary:

This article provides the steps to do a packet capture on the VNF interface connected to the OVS (ovs-sys-br or custom OVS), using port_util.sh on the NFX.

The commands are executed on Hypervisor.‚Äč Refer to the KB32292 - [NFX] How to access Hypervisor, virtual machines and containers inside NFX for more information.

Solution:

Perform these steps to do the packet capture on the OVS:


1. List mirror ports.

root@localhost:~# /usr/sbin/port_util.sh  -o list-mirror                  
Listing mirrors ..    
   

No mirror ports are configured in this example  


Note: Only one mirror port is supported for packet capture at any point of time, so you have delete an existing mirror port for packet capture. To delete the mirror port, follow Step 6 below.


If a mirror port is already configured then you will get the following error in the next step when creating a new mirror port.

Creating mirror port ..
A mirror port with name ipsec-nm-cap_mirror already exists. Please delete it before creating another mirror port.

2. Configure mirror port for VNF.

Example parameters:
  • ipsec-nm-cap is the mirror port
  • ipsec-nm is the VNF
  • heth2 is the interface of the VNF that we need to monitor/collect packets
  • The custom OVS can be used as the bridge name instead of ovs-sys-br, if VNF is connected to a custom OVS.
root@localhost:~#/usr/sbin/port_util.sh  -o create-mirror -m ipsec-nm-cap -v ipsec-nm -i heth2 -b ovs-sys-br
Creating mirror port ..
Mirror port name: ipsec-nm-cap
Bridge is : ovs-sys-br
VNF name: ipsec-nm
VNF interface: heth2
VNF-Port is : ipsec-nm_heth2
Creating a mirror with name ipsec-nm-cap_mirror
176916d7-d052-4795-81bb-f9589490ecc1

3. List mirror ports to verify it was created.
 
root@localhost:~# /usr/sbin/port_util.sh  -o list-mirror
Listing mirrors ..
_uuid               : 176916d7-d052-4795-81bb-f9589490ecc1
external_ids        : {}
name                : ipsec-nm-cap_mirror
output_port         : cf224674-f8d1-4b9f-ab9d-887f28688d46
output_vlan         : []
select_all          : true
select_dst_port     : [4cf88ef2-07a1-41a2-a27f-58b88033856d]
select_src_port     : [4cf88ef2-07a1-41a2-a27f-58b88033856d]
select_vlan         : []
statistics          : {tx_bytes=2368, tx_packets=7}

4. Use tcpdump to capture packets on the mirror port created.  heth2.pcap is the name of the file the output is written to.

root@localhost:~# tcpdump -i ipsec-nm-cap -w /var/tmp/heth2.pcap
tcpdump: listening on ipsec-nm-cap, link-type EN10MB (Ethernet), capture size 262144 bytes

^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel

5. Read contents of the pcap file.

root@localhost:~# tcpdump -r /var/tmp/heth2.pcap                 
reading from file /var/tmp/heth2.pcap, link-type EN10MB (Ethernet)
13:04:29.196043 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ec:13:db:db:21:39 (oui Unknown), length 286
13:04:34.857402 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ec:13:db:db:21:4c (oui Unknown), length 300
13:04:37.221491 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ec:13:db:db:21:39 (oui Unknown), length 286
13:04:43.273370 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ec:13:db:db:21:4c (oui Unknown), length 300
13:04:43.285560 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from ec:13:db:db:21:39 (oui Unknown), length 286

6. Delete mirror port after the use.

root@localhost:~# /usr/sbin/port_util.sh  -o delete-mirror -m ipsec-nm-cap
Deleting mirror port ..
Mirror port name: ipsec-nm-cap
Bridge is : ovs-sys-br

7. List mirror ports to ensure mirror port is deleted.

root@localhost:~# /usr/sbin/port_util.sh  -o list-mirror                  
Listing mirrors ..
root@localhost:~#

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search