In our use case, we regularly need to capture traffic between every one of our nodes (telecom use, all signaling data is captured for generation of ladder diagrams/problem diagnosis/QoS validation). Our normal bare-metal method of doing this requires setting up a SPAN port on the top-rack switch that mirrors all inbound/outbound data from connected hosts. That is connected to an ethernet tap, and all applicable traffic is stored for diagnostics.
In the case of virtualization, it is possible for all traffic to exist entirely within a single compute node and never need to go to the top-rack switch. This makes it difficult to tap the traffic that goes on between individual nodes using this method.
Is it possible to configure neutron to mirror all traffic going to/from virtual guests to a single physical interface on the host?
With VMWare, this is easily accomplished by using a Distributed vSwitch (supported as of ESXi v5+). However I am having trouble trying to track down any way to do this in OpenStack.
TCPDump isn't a realistic solution due to the volume of data our voice servers generate - we need something that can capture traffic off the wire.
Apologies if terminology is muddled - I am just starting to cut my teeth on openstack so let me know if anything sounds incorrect and I will revise.
