+ These columns are mutually exclusive. Exactly one of them must be
+ nonempty.
+
+
- Output port for selected packets, if nonempty. Mutually exclusive
- with .
+ Output port for selected packets, if nonempty.
Specifying a port for mirror output reserves that port exclusively
- for mirroring. No frames other than those selected for mirroring
- will be forwarded to the port, and any frames received on the port
- will be discarded.
- This type of mirroring is sometimes called SPAN.
+ for mirroring. No frames other than those selected for mirroring
+ via this column
+ will be forwarded to the port, and any frames received on the port
+ will be discarded.
+
+ The output port may be any kind of port supported by Open vSwitch.
+ It may be, for example, a physical port (sometimes called SPAN) or a
+ GRE tunnel.
+
- Output VLAN for selected packets, if nonempty. Mutually exclusive
- with .
+ Output VLAN for selected packets, if nonempty.
The frames will be sent out all ports that trunk
- , as well as any ports with implicit VLAN
- . When a mirrored frame is sent out a
- trunk port, the frame's VLAN tag will be set to
- , replacing any existing tag; when it is
- sent out an implicit VLAN port, the frame will not be tagged. This
- type of mirroring is sometimes called RSPAN.
+ , as well as any ports with implicit VLAN
+ . When a mirrored frame is sent out a
+ trunk port, the frame's VLAN tag will be set to
+ , replacing any existing tag; when it is
+ sent out an implicit VLAN port, the frame will not be tagged. This
+ type of mirroring is sometimes called RSPAN.
+
+ The following destination MAC addresses will not be mirrored to a
+ VLAN to avoid confusing switches that interpret the protocols that
+ they represent:
+
+
+ 01:80:c2:00:00:00
+ - IEEE 802.1D Spanning Tree Protocol (STP).
+
+ 01:80:c2:00:00:01
+ - IEEE Pause frame.
+
+ 01:80:c2:00:00:0x
+ - Other reserved protocols.
+
+ 01:00:0c:cc:cc:cc
+ -
+ Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
+ Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
+ and others.
+
+
+ 01:00:0c:cc:cc:cd
+ - Cisco Shared Spanning Tree Protocol PVSTP+.
+
+ 01:00:0c:cd:cd:cd
+ - Cisco STP Uplink Fast.
+
+ 01:00:0c:00:00:00
+ - Cisco Inter Switch Link.
+
Please note: Mirroring to a VLAN can disrupt a network that
- contains unmanaged switches. Consider an unmanaged physical switch
- with two ports: port 1, connected to an end host, and port 2,
- connected to an Open vSwitch configured to mirror received packets
- into VLAN 123 on port 2. Suppose that the end host sends a packet on
- port 1 that the physical switch forwards to port 2. The Open vSwitch
- forwards this packet to its destination and then reflects it back on
- port 2 in VLAN 123. This reflected packet causes the unmanaged
- physical switch to replace the MAC learning table entry, which
- correctly pointed to port 1, with one that incorrectly points to port
- 2. Afterward, the physical switch will direct packets destined for
- the end host to the Open vSwitch on port 2, instead of to the end
- host on port 1, disrupting connectivity. If mirroring to a VLAN is
- desired in this scenario, then the physical switch must be replaced
- by one that learns Ethernet addresses on a per-VLAN basis. In
- addition, learning should be disabled on the VLAN containing mirrored
- traffic. If this is not done then intermediate switches will learn
- the MAC address of each end host from the mirrored traffic. If
- packets being sent to that end host are also mirrored, then they will
- be dropped since the switch will attempt to send them out the input
- port. Disabling learning for the VLAN will cause the switch to
- correctly send the packet out all ports configured for that VLAN. If
- Open vSwitch is being used as an intermediate switch, learning can be
- disabled by adding the mirrored VLAN to
- in the appropriate table or tables.
+ contains unmanaged switches. Consider an unmanaged physical switch
+ with two ports: port 1, connected to an end host, and port 2,
+ connected to an Open vSwitch configured to mirror received packets
+ into VLAN 123 on port 2. Suppose that the end host sends a packet on
+ port 1 that the physical switch forwards to port 2. The Open vSwitch
+ forwards this packet to its destination and then reflects it back on
+ port 2 in VLAN 123. This reflected packet causes the unmanaged
+ physical switch to replace the MAC learning table entry, which
+ correctly pointed to port 1, with one that incorrectly points to port
+ 2. Afterward, the physical switch will direct packets destined for
+ the end host to the Open vSwitch on port 2, instead of to the end
+ host on port 1, disrupting connectivity. If mirroring to a VLAN is
+ desired in this scenario, then the physical switch must be replaced
+ by one that learns Ethernet addresses on a per-VLAN basis. In
+ addition, learning should be disabled on the VLAN containing mirrored
+ traffic. If this is not done then intermediate switches will learn
+ the MAC address of each end host from the mirrored traffic. If
+ packets being sent to that end host are also mirrored, then they will
+ be dropped since the switch will attempt to send them out the input
+ port. Disabling learning for the VLAN will cause the switch to
+ correctly send the packet out all ports configured for that VLAN. If
+ Open vSwitch is being used as an intermediate switch, learning can be
+ disabled by adding the mirrored VLAN to
+ in the appropriate table or tables.
+
+ Mirroring to a GRE tunnel has fewer caveats than mirroring to a
+ VLAN and should generally be preferred.
+