Skip to content
T

taas

Project ID: 5485

In the following guide, three dots (...) represents the actual content of the configuration file, which shouldn't be modified.

Controller

vim /etc/kolla/neutron-server/neutron.conf:

[DEFAULT]
...
service_plugins = ...,taas
...

[service_providers]
service_provider = TAAS:TAAS:neutron_taas.services.taas.service_drivers.taas_rpc.TaasRpcDriver:default

[taas]
driver = neutron_taas.services.taas.drivers.linux.ovs_taas.OvsTaasDriver
enabled = True
docker exec -it -u 0 neutron_server pip3 install tap-as-a-service
docker exec -it -u 0 neutron_server neutron-db-manage upgrade heads
docker restart neutron_server

Compute

vim /etc/kolla/neutron-openvswitch-agent/neutron.conf:

[DEFAULT]
...
service_plugins = ...,taas
...

[service_providers]
service_provider = TAAS:TAAS:neutron_taas.services.taas.service_drivers.taas_rpc.TaasRpcDriver:default

[taas]
driver = neutron_taas.services.taas.drivers.linux.ovs_taas.OvsTaasDriver
enabled = True

vim /etc/kolla/neutron-openvswitch-agent/openvswitch_agent.ini:

[agent]
...
extensions = taas
...
docker exec -it -u 0 neutron_openvswitch_agent pip3 install tap-as-a-service
docker exec -it -u 0 neutron_openvswitch_agent apt update
docker exec -it -u 0 neutron_openvswitch_agent apt install bridge-utils
docker exec -it -u 0 neutron_openvswitch_agent neutron-db-manage upgrade heads
docker restart neutron_openvswitch_agent

System with python-openstackclient installed

pip3 install tap-as-a-service

Create TAP service (destination of mirrored traffic). Replace PORT-ID with the OpenStack port ID of VM hosting sniffing software. Port security needs to be disabled on this port.

openstack tap service create --port PORT-ID --name tap-service

Create TAP flow (source of mirrored traffic). Replace PORT-ID with the OpenStack port ID of the port that should be sniffed.

openstack tap flow create --port PORT-ID --name tap-flow --tap-service tap-service --direction both