CentOS - Jul 2013 - Centos 6.4, bnx2 in promiscuous mode does not see packets

Hi,

I hope someone can help me, I cannot seem to get a system's ethernet 
interface to correctly work in promiscuous mode...

I have a Centos 6.4 system with 2 bnx2 interfaces on it.

I have set up eth1 in promiscuous mode and am sending traffic to it 
using the port mirroring configuration on a Nortel 3510-24T switch.
The switch reports that it is sending a fair amount of traffic to the 
mirror port.

However, within Centos 6.4, I only see broadcast traffic from the 
switch:

[root at host eth1]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:19:B9:E2:30:AE
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:75 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:4800 (4.6 KiB)  TX bytes:0 (0.0 b)

I have tried various options configuring eth1 via 
/etc/sysconfig/networking/devices/ifcfg-eth1

Currently it looks like this:

DEVICE=eth1
BOOTPROTO=static
HWADDR=00:19:B9:E2:30:AE
#NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
#UUID="e753ec9b-fc35-4460-bcd1-87f26f8d1553"
IPV6INIT=no
USERCTL=no
PROMISC=yes

I have also tried to manually put the interface in promiscuous mode (as 
I think PROMISC=yes is deprecated):

ifconfig eth1 promisc

It shows as being in promiscuous mode via ifconfig...

The relevant parks of bootup / system messages:

bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.2.3 (June 
27, 2012)
bnx2 0000:05:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
bnx2 0000:05:00.0: firmware: requesting bnx2/bnx2-mips-06-6.2.3.fw
bnx2 0000:05:00.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:05:00.0: eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) 
PCI-X 64-bit 133MHz found at mem f8000000, IRQ 16, node addr 
00:19:b9:e2:30:ac
bnx2 0000:09:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
bnx2 0000:09:00.0: firmware: requesting bnx2/bnx2-mips-06-6.2.3.fw
bnx2 0000:09:00.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:09:00.0: eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) 
PCI-X 64-bit 133MHz found at mem f4000000, IRQ 16, node addr 
00:19:b9:e2:30:ae
bnx2 0000:05:00.0: irq 95 for MSI/MSI-X
bnx2 0000:05:00.0: eth0: using MSI
bnx2 0000:05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex
bnx2 0000:09:00.0: irq 96 for MSI/MSI-X
bnx2 0000:09:00.0: eth1: using MSI
bnx2 0000:09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps full duplex, 
receive & transmit flow control ON
bnx2 0000:05:00.0: irq 95 for MSI/MSI-X
bnx2 0000:05:00.0: eth0: using MSI
bnx2 0000:05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex
bnx2 0000:09:00.0: irq 96 for MSI/MSI-X
bnx2 0000:09:00.0: eth1: using MSI
bnx2 0000:09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps full duplex, 
receive & transmit flow control ON

Does anyone have any ideas?

Thanks

Giles

On 02/07/2013 08:39, Giles Coochey wrote:
> Hi,
>
> I hope someone can help me, I cannot seem to get a system's ethernet
> interface to correctly work in promiscuous mode...
>
> I have a Centos 6.4 system with 2 bnx2 interfaces on it.
>
> I have set up eth1 in promiscuous mode and am sending traffic to it
> using the port mirroring configuration on a Nortel 3510-24T switch.
> The switch reports that it is sending a fair amount of traffic to the
> mirror port.
>
> However, within Centos 6.4, I only see broadcast traffic from the
> switch:
>
>
This turned out, not to be a problem with Centos, but a limitation or 
the interpretation of the port mirror feature on the Nortel 3510-24T switch.

Setting up a mirror port to capture traffic to/from port<x> and to/from 
port<y> doesn't create a mirror port of traffic passing through either
interface, but seems to mirror traffic that passes through both 
interfaces, which is no good in a VRRP situation!!

-- 
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles at coochey.net