Task 9: Identify instances and analyze network traffic with Contrail port mirroring
In this task, you will use the port mirroring feature of Contrail to analyze or identify the traffic between the workloads. To do that, you will use the Wireshark tool as a traffic analyzer which mirrors the traffic between the red and green instances that we created in Task 1.
Disclaimer: The steps in this task are only applicable to Juniper’s Cloud Software Trial tool.
Some values and/or information may vary for users executing this task using a non-Juniper trial tool.
Open the Contrail web interface in the browser by navigating to https://192.168.250.1:8143.
Then, login to the Contrail dashboard using the below credentials.
Domain: (leave blank)
Create a virtual network called “red-network” similar to shown in task 1. Expand the Subnets tab, and enter a subnet of 220.127.116.11/24. Leave all the other values at default and click on Save to complete the creation of virtual network.
Following the instructions along the lines of step 2, create a 2nd virtual network “green-network” with subnet 18.104.22.168/24.
Create a virtual network called VN_MIRROR. Expand the Subnets tab, and enter a subnet of 22.214.171.124/24. Leave all the other values as default, and click Save to complete the creation of virtual network.
. In the Configure tab, navigate to Configure > Networking > Policies > default-domain > demo.
Click on the (+) sign to start the creation of a new network policy. Create a policy, POL1, between VN1 and VN_MIRROR for ANY protocols and ANY ports.
Specify the direction as bi-directional (<>).
. Edit the virtual networks red-network and VN_MIRROR to attach the POL1 created in the previous step.
Log in to the OpenStack Dashboard.
Open a new tab and go to https://192.168.250.1/horizon.
Log in to the Dashboard using the credentials below.
Select the project as “admin”.
Navigate under Project > Instances and click on the “Launch instance” button on the top right corner to start the creation of a VM.
• For “Instance name”, enter “red-instance”
• For “Image Name”, enter “Ubuntu-slim”
• For “Flavor”, enter m.1.small
• Click “Next” at the bottom of the “Launch instance” window until you arrive at the “Networks” tab
• For “Networks”, enter “red-network”
• Click “Launch Instance” to launch the red-instance
Repeat the steps shown in the above screenshots for green-insatcne as well.
8: Repeat step 6 to create an analyzer VM. This time, modify the following parameters:
• Instance Name: “Analyzer”
• Flavor: “M1.medium”
• Network: “VN_MIRROR”.
Confirm that all three VMs are running (Power State should show as Running). Also note down the IP address of the Analyzer VM (126.96.36.199 in this case).
Return to the Contrail web interface.
In the Configure tab, navigate to Configure > Networking > Ports > default-domain > demo.
Expand the Port configuration of the Virtual Machine port corresponding to the Analyzer VM (IP 188.8.131.52).
Note down the MAC Address of the port as shown in the screenshot. .
Continue in Configure > Networking > Ports > default-domain > demo to edit the port configuration for virtual machine red-instance (IP 184.108.40.206) using the edit symbol (Nut icon) on the right side of the screen.
On the edit screen for this port, expand the > Advanced Options tab and scroll down to find a checkbox named Mirroring. Select this checkbox which will result in mirroring-specific options displayed in the edit window.
a. Enter the following values:
• Analyzer IP Address, enter Analyzer VM IP address from step 10 – 220.127.116.11
• Analyzer Name, enter Analyzer1
• Analyzer MAC Address, enter the MAC address of the Analyzer VM from previous step.
• Click Save to turn on port-mirroring
Return to the OpenStack Dashboard.
Under Instances, click on red-instance and go to the nova console. Login to the red-instance console using (username/password: contrail/contrail123), and activate root using command sudo –I (password: contrail123).
Ping the IP address of green-instance 18.104.22.168 and let the ping run continuously. Login to the nova console of Analyzer VM to verify the ICMP request and response packets between 22.214.171.124 and 126.96.36.199, as captured by the Wireshark application, running on this VM.