Hi everybody,
I'm asking some questions about the quality and transparency of mirroring in VDS.
To begin, the goal of this mirror is to make some performance measurement of the network and applications hosted in the ESX.
In order to be sure about the mirror quality we've done some tests.
Here's the lab. description :
- 2 virtual machines hosting windows server 2008
• network card config (default) on the two hosts:
∘ IPv4 checksum offload : rx&tx enabled
∘ Jumbo packet : disabled
∘ Large send offload (ipv4) : enabled
∘ Coalesce buffer : 128
∘ Receive Buffers : 256
∘ TCP Checksum Offload : Rx & Tx Enabled
∘ Transmit Buffers : 512
∘ UDP Chesksum Offload : Rx & Tx Enabled
- 1 Probe receiving mirrored traffic
- VDS:
- A Server : port 1
- B server : port 0
- Mirror out : port 11
- Mirror config :
- Source Port 0, direction Both
- Allow normal IO : Yes
- Encap Vlan : none
- Preserve Vlan : Yes
- Mirror packet length : 1500
- Mirror config :
The test is done with iperf with the following parameters:
- A Server 192.168.80.229 iperf server:
- iperf -s -p 50000
- wireshark capture during test
- B Server 192.168.80.223 iperf client :
- iperf -c 192.168.80.229 -p 50000 -t 1
- wireshark capture during test
- Probe 192.168.80.231
- tcpdump -ni any -s0 host 192.168.80.223 and port 50000
Results :
- some packets coming from B (under 60 bytes size) are seen at 60 bytes in A and Probe
- after some searches and tweaking we've found that a parameter : advanced parameters/net/Net.MinEtherLen = 60 by default
- Test done with /net/Net.MinEtherLen = 0, result is now correct, packets under 60 bytes are now seen well
- Apart from that, the most critical thing is packet disorder :
as you can see in this wireshark screenshot
nearly all packets are not in order, ack is coming before data packet.
as you can easily imagine, it complicates in a huge amount the probe behaviour.
>> Have you got other experience return ? Is there others parameters to tweak in advanced parameters ?
You'll find pcap file attached (Source, Destination and mirror)