Powered by Zoomin Software. For more details please contactZoomin

Flowmon Virtual Appliances

Table of Contents

KVM Open vSwitch Port Mirroring

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 27, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon
    • Documentation

Overview

Flowmon for KVM has the ability to monitor traffic and generate NetFlow/IPFIX flow data. Follow the steps below to to enable this functionality for the monitoring of an Open vSwitch local to the KVM host where Flowmon is running.

Prerequisites

You must have a running Flowmon for KVM instance configured as either:

  • A Flowmon Collector with built-in Probe
  • A standalone Flowmon Probe

Configuration steps

Note:

Virtual Machine Manager does not support OVS. You must configure Flowmon manually.

1. Open Flowmon's XML descriptor for editing:

virsh edit <name-of-your-Flowmon-in-Virtual-Machine-Manager>

2. Add each monitoring port of your Flowmon to an OVSbridge previously created in your OVS. Each monitoring port type must be set to openvswitch. Substitute [name_of_your_OVSbridge] below for the name of your OVS bridge:

<interface type='bridge'>
    <mac address='52:54:00:9f:46:cc'/>
    <source bridge='[name_of_your_OVSbridge]'/>
    <virtualport type='openvswitch'>
        <parameter interfaceid='c9a700ed-9576-45aa-81f3-b7d94b73cc91'/>
    </virtualport>
    <!-- ... -->    
</interface>

3. Create a mirror in your OVS bridge.

ovs-vsctl -- --id=@m create mirror \  
    name=<custom-name-of-the-mirror> \
    -- add bridge \ 
    <name-of-the-OVS-bridge-where-to-add-the-mirror> \
    mirrors @m

4. If you want to mirror specific ports, configure per-port mirroring.

Display UUIDs of all vnet interfaces associated with OVS:

ovs-vsctl show

This example shows UUIDs for vnet[0-5]:

    for p in vnet{0..5}; do    
        echo "$p: $(ovs-vsctl get port "$p" _uuid)"
    done

For each interface created in OVS that you want to monitor, set up its mirroring to the mirror created in step 3. The following command mirrors both ingress and egress traffic of the source port:

    ovs-vsctl set mirror <name-of-the-mirror-from-step-3> \
        select_src_port=<UUID-of-the-vnet-interface-you-want-to-monitor> \
        select_dst_port=<UUID-of-the-vnet-interface-you-want-to-monitor>

5. If your traffic is isolated in VLANs, you can select specific VLAN IDs to mirror.

    ovs-vsctl set mirror <name-of-the-mirror-from-step-3> select-vlan=<csv-list-of-vlan-ids-to-mirror>

6. Select and set the VLAN ID for mirroring output. Flowmon's monitoring interface(s) must belong to this VLAN to receive mirrored traffic:

    ovs-vsctl set mirror <name-of-the-mirror-from-step-3> output-vlan=<selected-vlan-id>

7. Tag Flowmon's monitoring interface(s) with the VLAN ID:

    ovs-vsctl set port <port-name> tag=<selected-vlan-id-from-step-7>    
    # or for multiple VLANs    
    ovs-vsctl set port <port-name> trunks=<csv-list-of-vlan-ids>

Flowmon Configuration

No configuration specific for KVM Open vSwitch monitoring is required. Refer to the Flowmon User Guide for instructions on how to enable a monitoring port.

TitleResults for “How to create a CRG?”Also Available inAlert