Check out the general OVS product level FAQ here:
TLDR - no, OVS doesn't support ERSPAN but does have some other tunneling technologies. Either way, we dont have that particular tunneling technology plumbed into our side, so we can't set up that tunnel automatically, etc
Can we set up the GRE tunnel manually? In doing so, will this be a supported configuration and can we ask Nutanix support to assist us in troubleshooting set up or configuration issues?
(technically yes), but no, it would not be supported, and we really wouldn't recommend it.
Doing an unsupported change like that would very likely break every time you do any sort of operation on a given VM, like power on/power off, migration, high availability restarts, cloning, etc. This is because it would be a change that our control plane didn't program in, so it would just override it as it went about its business. Thats best case. Worst case, we haven't tested it, so we dont know any unintended side effects.
That said - Could you expand on what you're hoping to accomplish here? I know what tech you're talking about, but I'm wondering what your specific use case is, so I can take it back to the team here.
Here's our use case... 2 VMs on the same host, on the same network segment talking to each other. How do we capture traffic between these 2 VMs?
Network function chains can do this today in AHV. You would create a tap mode network function VM and put it in the network that these VMs use. This would allow you to capture traffic between VMs on the same "Network" regardless of whether or not they were on the same host. All traffic to and from a VM MUST flow through the network function chain when it's enabled.
I'm working on a blog post to cover this use case. Here is an image to show how it would work. You can do an inline port or a tap port.
Thank you Jason. I have a few questions...
Currently, we're sending the captured traffic to our Viavi appliance, is it possible to do the same with the Network Function VM? Are the NFV's running Linux, are they accessible via the console (or any other means) and managed using CLI? Is ERSPAN supported by the NFV's? Thanks again.
Depends on where you're capturing the traffic from, where you're sending it to, and how you're sending it.
The NFV I referred to is a special VM that runs on every single AHV host in the cluster. You provision this VM and mark it as an agent VM. Then you add it to a network function chain. This VM can run any OS that's supported on AHV, and you can decide whether to hook up a single interface as a tap, or multiple interfaces as inline.
This NFV VM can receive, inspect, and capture in tap mode. In inline mode it can do these function AND decide to reject or transmit the traffic. In the example diagram above, imagine that VM as a Palo Alto Networks VM-Series firewall. I've also used the Snort IDS in my own lab.
With this type of NFV configured in a network function chain, you can only capture traffic sent or received by VMs running on AHV. You cannot capture traffic sent by physical hosts, or send in ERSPAN type traffic to the NFV VM.
If you setup a regular VM on AHV, you can use this to receive ERSPAN traffic from outside sources, since all that's required is the IP address of the VM. It's up to you to decide what software you want to install inside this VM. You could use something as simple as tcpdump if you wanted, or you could install a VM with software from a 3rd party vendor for analyzing traffic.
When we say network function VM, in your case we'd be referring to Viavi. It would have to be running on the same host as the system(s) you want to capture traffic from.
To be clear, this isn't some special VM we're providing. The chaining feature in AHV allows you to either put "tap mode" devices where you get a local mirror
in-line mode devices, which would be like a IDS/IPS/Firewall type setup