Prerequisites for OVS Mirroring

This section is only applicable if you wish to use OVS Mirroring as your traffic acquisition method. The following items are required to deploy a UCT-V OVS agent:

  • An existing OpenStack cloud environment should be available with admin project and login credentials to create a monitoring domain.
  • A user with OVS access is required to enable OVS-Mirror. The user can be an admin or can be a user with a custom role that has the permissions and the ability to list projects.
  • A working GigaVUE-FM with latest build.

OpenStack Cloud Environment Requirements

  • ML2 mechanism driver: Open vSwitch.
  • You must have the following role privileges as shown in the table for the respective files to enable OVS mirroring:
  • File

    Command

    /etc/nova/policy.json

    "os_compute_api:os-hypervisors": "role:gigamon",
    "os_compute_api:servers:detail:get_all_tenants": "role:gigamon",
    "os_compute_api:servers:index:get_all_tenants": "role:gigamon",
    "os_compute_api:servers:allow_all_filters”:“role:gigamon",
    “os_compute_api:os-extended-server-attributes”:“role:gigamon”

    /etc/keystone/policy.json

    "identity:list_projects": "role:admin or role:gigamon",
    "identity:list_user_projects": "role:admin or role:gigamon or rule:owner",
    "identity:list_users": "role:admin or role:gigamon"

    /etc/neutron/policy.json

    "context_is_advsvc":  "role:advsvc or role:gigamon",
    "get_subnet": "rule:admin_or_owner or rule:shared or role:gigamon",
    "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc”,
    "update_floatingip": "rule:admin_or_owner or role:gigamon",
    "get_floatingip": "rule:admin_or_owner or role:gigamon",
    "get_security_groups": "rule:admin_or_owner or role:gigamon",
    "get_security_group": "rule:admin_or_owner or or role:gigamon",
    "get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
    "get_port:binding:vif_details”:“rule:admin_only or rule:context_is_gigamon”
  • Here are the APIs and commands required for OVS mirroring
  • OpenStack CLI command

    Supported API/Action Description

    openstack hypervisor list

    GET /os-hypervisors

    Should list all hypervisors in the domain.

    openstack server list --all -- host <hostname>

    GET /servers

    Should list all the servers on a specified host

    openstack server list-all

    GET /servers

    Should list servers of all projects in the domain.

    openstack project list

    GET /v3/projects

    Should list all projects in the domain.

    openstack project list - user <user with custom role>

    GET /v3/projects

    Should list all projects that a specified user (user specified in GigaVUE‑FM config) is associated with

    openstack user show <userName>

    GET /v3/users

    Should list all users by username

    openstack subnet list

    GET /subnets

    Should list all subnets for all projects in the domain.

    openstack network list

    GET /network

    Should list all networks for all projects in the domain.

    openstack floating ip list

    GET /floatingips

    Should list all floating ips for all projects in the domain.

    openstack floating ip set-port <portid> <floating ip>

    PUT /floatingips/{floatingip_ID}

    Used to attach floating ip to fabric nodes.

    openstack security group list

    GET /security-groups

    Should list security groups for all projects in the domain

    openstack security group show <security group id>

    GET /security-groups/{security_group_id}

    Should list details of specified security group

    openstack port list

    GET /ports

    Should list ports for all projects in the domain

    openstack port show <portID>

    GET /ports/{portID}

    Should list port details including bridge name.

    openstack server create

    POST /servers

    Launch fabric nodes

    openstack server <action> <serverName>

    POST /servers/{server_id}/action

    stop/start/reboot fabric nodes

    openstack server delete <serverName>

    DELETE /servers/{serverID}

    Delete fabric nodes

    openstack server set

    PUT /servers/{serverID}/metadata

    Update visibility node metadata

    openstack flavor list

    GET /flavors

    Get list of flavors

    openstack availability zone list

    GET /os-availability-zone

    Get list of availability zones

    openstack keypair list

    GET /os-keypairs

    Get list of keypairs


If the OpenStack CLI command openstack hypervisor list does not return a reachable IP for the hypervisors that are being monitored, you must manually enter a reachable IP for each hypervisor in OpenStack CLI using project properties. For each hypervisor you will need to add a key value pair property in the following format:
  • key: value
  • key: must be in the form gigamon-hv-<hypervisorID>
  • value: reachable IP for hypervisor
  • For example: openstack project set --property gigamon-hv-1=1.2.3.4 project-name