Tuesday, December 24, 2019

Encrypt sFlow Exports out of OVS Switch?

Hi Networking Wizards,

I just got sFlow exports working on my OVS switch, using this command:

ovs-vsctl -- --id=@sflow create sflow agent=\"eno0\" \

target="\"10.10.10.10:6343\"" header=128 \

sampling=1024 polling=10 \

-- set bridge MyBridge sflow=@sflow

This works great, and I’m really happy with the results. Trouble is, my 10.10.10.10 collector is a remote machine, and I’m pretty sure this command sends the sFlow exports in cleartext. I’d love to encrypt those exports.

I’ve Googled “OVS,” “ovs-vsctl,” “security,” and other assorted terms, but I don’t see any ovs-vsctl option that turns on a security feature. Am I right in thinking there are none? Put another way, if I want to ensure encryption of sFlow exports between the OVS switch and my collector, is my only option to put a VPN tunnel between them, i.e., encrypt everything within the network?

Thanks!



No comments:

Post a Comment