Hi Networking Wizards,
I just got sFlow exports working on my OVS switch, using this command:
ovs-vsctl -- --id=@sflow create sflow agent=\"eno0\" \
target="\"10.10.10.10:6343\"" header=128 \
sampling=1024 polling=10 \
-- set bridge MyBridge sflow=@sflow
This works great, and I’m really happy with the results. Trouble is, my 10.10.10.10 collector is a remote machine, and I’m pretty sure this command sends the sFlow exports in cleartext. I’d love to encrypt those exports.
I’ve Googled “OVS,” “ovs-vsctl,” “security,” and other assorted terms, but I don’t see any ovs-vsctl option that turns on a security feature. Am I right in thinking there are none? Put another way, if I want to ensure encryption of sFlow exports between the OVS switch and my collector, is my only option to put a VPN tunnel between them, i.e., encrypt everything within the network?
Thanks!
No comments:
Post a Comment