Is followed so that the erspan receiver or packet

  • No School
  • AA 1
  • 5

This preview shows page 2 - 3 out of 5 pages.

is followed so that the ERSPAN receiver or packet sniffer can extract the original frame. The use of the IP protocol as part of the outer header is important because it makes the mirrored traffic routable across any IP network. ERSPAN protocol has two versions; version 1 (type II) and version 2 (type III). ERSPAN protocol is layered on top of the GRE (Generic Routing Encapsulation) protocol, with GRE’s sequence number enabled. For ERSPAN type II, the GRE’s next protocol type is 0x88BE with 8-byte ERSPAN header size, and for ERSPAN type III, the GRE’s next protocol type is 0x22EB with 12-byte ERSPAN header size, if no optional subheader enabled. In this section we describe the basic ERSPAN proto- col header format along with its implementation in the Linux kernel. For IPv4/IPv6, the implementation is under net/ipv4/ip gre.c and net/ipv6/ip6 gre.c. Also a userspace API header, include/uapi/linux/erspan.h is added for metadata- mode tunnel users. 2.1 Native vs Metadata-Mode Tunnel There are two tunnel type implementations in Linux ker- nel: native tunnel and metadata-mode tunnel [5]. Native tun- nel is the basic way of creating tunnels in Linux. A tun- nel netdev is created with per tunnel-specific configuration, tied together with the netdev. For example, creating a GRE tunnel with key and sequence number can be done by: ip link add dev gre123 type gretap local 1.1.1.1 remote 2.2.2.2 seq key 0xfb . As a result, N different tunnel configurations require creating N number of netdevs. In certain cases such as network virtualization, this is not scalable because every host in the network creates mutiple tunnels with different configurations to every other hosts [6]. Metadata-mode tunnel, or called light-weight tunnel, is designed for solving the limitation. The fundamental idea is that only one netdev per tunnel type is required to represent multiple tunnels. This means that the tunnel configuration of a particular type of the tunnel must be passed to the tun- nel netdev in order to encapsulate the packet. For example, creating a metadata-mode tunnel can be done by: ip link add dev type gretap external . Note that there is no configuration parameters assigned at device creation time. The tunnel configuration is set-up per-packet at run-time. Currently there are two ways of using metadata-mode tun- nel, one through OVS and the other through eBPF [1]. We implement both the native mode and metadata-mode [13] for ERSPAN type II and type III. More examples of using native and metadata-mode tunnel are upstreamed under tools/test- ing/selftest/bpf/ { test tunnel.sh, test tunnel kern.c } . 2.2 GRE ERSPAN follows a fixed 8-byte GRE header with the below value. GRE header for ERSPAN encapsulation (8 octets [34:41]) -- 8 bytes 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|0|0|1|0|00000|000000000|00000| Protocol Type for ERSPAN | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number (increments per packet per session) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Note that only the sequence number bit in the FLAGS fields is set. Sequence number is useful at the snifffer site where the mirrored traffic arrives out-of-the-order. Depend-
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 5 pages?

  • Fall '19
  • IP address, ERSPAN, ERSPAN tunnel

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors