How to Configure a Promiscuous Virtual Machine in XenServer

book

Article ID: CTX121729

calendar_today

Updated On:

Description

This article describes how to configure a Virtual Machine (VM) running on XenServer to behave promiscuously on the network, that is, allow it to see all network traffic on the Physical Network Interface (PIF).

Certain applications, such as network diagnostic or performance monitoring tools, might require visibility into the entire traffic passing across the PIF to which it is connected. In the case of XenServer, a VM running within the hypervisor, by default, connects to a virtual switch (xenbr) that segments the network traffic between the PIF and the Virtual Network Interface (VIF) which is directly attached to the VM. Following the process outlined in this article permits all the traffic crossing the PIF to become transparent across the xenbr and visible to the VIF that the VM is plugged in to.

Instructions

Complete the following set of procedures:

Modify the promiscuous setting for the PIF
Modify the promiscuous setting for the VIF
Reset the VM virtual interface to apply the changes

Modify the promiscuous setting for the PIF

Run the following command on the XenServer host to grab the PIF UUID:
xe pif-list network-name-label=<name_of_network>
Where <name_of_network> is the common name for the network as it appears in XenCenter (Network 0, for example).
Note the UUID for the PIF because you need it for the next command.
To enable promiscuous mode for the PIF, run the following command on the XenServer host:
xe pif-param-set uuid=<uuid_of_pif> other-config:promiscuous="true"
Where <uuid_of_pif> is the UUID for the PIF copied from Step 1.
Run the following command to verify that the promiscuous option has been set:
xe pif-param-list uuid=<uuid_of_pif>
In the output of this command, you can see the following line:
other-config (MRW): promiscuous: true
This indicates that promiscuous mode is active on the PIF.

Modify the promiscuous setting for the VIF

Run the following command on the XenServer host to get the VIF UUID:
xe vif-list vm-name-label=<name_of_vm>
Where <name_of_vm> is the common name of the virtual machine as it appears in XenCenter.
Note the UUID for the VIF because you need it for the next command.
To enable promiscuous mode for the VIF, run the following command on the XenServer host:
xe vif-param-set uuid=<uuid_of_vif> other-config:promiscuous="true"
Where <uuid_of_vif> is the UUID for the VIF copied from Step 1.
Run the following command to verify that the promiscuous option has been set:
xe vif-param-list uuid=<uuid_of_vif>
In the output of this command you can see the following line:
other-config (MRW): promiscuous: true
This indicates that promiscuous mode is active on the VIF.

Reset the VM virtual interface to apply the changes

Run the following commands to activate the preceding changes:
xe vif-unplug uuid=<uuid_of_vif>
xe vif-plug uuid=<uuid_of_vif>
These commands disconnect and reconnect the VIF to the VM, and it returns with promiscuous mode active.
Note: Running the unplug command makes the VM VIF offline, and brings down the interface to the VM until you run the vif-plug command.

Issue/Introduction

This article describes how to configure a Virtual Machine (VM) running in XenServer to behave promiscuously on the network, that is, allow it to see all network traffic on the Physical Network Interface (PIF).

Additional Information

You can use tcpdump utility to compare traffic on the PIF and VIF to ensure that the VIF is behaving promiscuously.

Use ifconfig (net-tools) or ip (iproute2) to directly turn on promiscuous mode for interfaces within the guest.

Turn On Promiscuous Mode:
ifconfig eth0 promisc
Turn Off Promiscuous Mode:
ifconfig eth0 -promisc

ip link set eth0 promisc on|off

Use netstat -i to check if interfaces are running in promiscuous mode. There will be a "P" flag for interfaces running promisc mode.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"