X

Move your VMware and KVM applications to the cloud without making any changes

  • Friday, April 24, 2015

How to use promiscuous mode on AWS: using port mirroring for packet capture in the cloud

It is a well-known fact that one cannot use promiscuous mode (port mirroring) on AWS or Google cloud. However getting packet capture on AWS in many cases would be the easy and sometime only solution for testing various use cases where traffic monitoring and deep packet analysis is required, such as IDS or networking applications development, testing or training. Using Ravello, you’ll be able to set up this kind of advanced network configuration for your application, while running on the public cloud, AWS or Google cloud.

In this post, we’ll demonstrate how port mirroring can be configured for your application, in a few simple steps. For our demo we’ll set up a simple environment, consisting of three VMs. Each VM includes two NICs. Two of the VMs will communicate with each other (using a simple PING command), and the third VM will listen on all traffic between them, by setting its NIC to “port mirror” mode (from within the Ravello VM properties). Since we’ll only use tcpdump for sniffing the network, we will not need to configure the VM NIC to promiscuous mode, but in other cases, this may be a required configuration.

First, let’s see the configuration of our two VMs communicating:

VM #1: access10
NIC #1: configured via DHCP with reserved IP address 10.0.0.3/255.255.0.0
NIC #2: configured via DHCP with reserved IP address 30.0.0.3/255.255.255.0
It is possible to set any NIC to communicate on a separate VLAN

VM #2: access20
NIC #1: configured via DHCP with reserved IP address 10.0.0.5/255.255.0.0
NIC #2: configured via DHCP with reserved IP address 30.0.0.5/255.255.255.0
It is possible to set any NIC to communicate on a separate VLAN

Please note, that if we had defined the NICs in VM #1 and VM #2 to different VLANs we should have used another VM as trunk between the two VLANs. Defining such VM is also possible using Ravello, see our previous post about advanced networking on AWS EC2 for additional information.

The third VM is the VM we’ll use for monitoring the traffic between the other VMs:

VM #3: promisc
NIC #1: configured via DHCP with reserved IP address 10.0.0.7/255.255.0.0
NIC #2: configured via DHCP with reserved IP address 30.0.0.7/255.255.255.0
Note that for NIC #2 in this VM, we have checked the option for port mirroring in the VM properties (and this is all we had to do!)

Now, let’s preform our simple test - VM #1 and VM #2 will send to each other ping requests (over ICMP). VM #3 will monitor this traffic using tcpdump:

Summary

In this post we showed how easy it is for us to set promiscuous mode NIC and port forwarding setup of our internal application network over AWS or Google cloud. Due to our HVX technology and the resulting overlay network, Ravello is able to provide a fully functional Layer 2 and Layer 3 network which allows an accurate replica of your data center applications over the public cloud.

This functionality is currently in beta phases - please contact our support team to enable it for your organization.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
Oracle

Integrated Cloud Applications & Platform Services