Thursday, July 5, 2012

Hyper-V Extensible Switch unified tracing

I have been spending some quality time with the Hyper-V Networking features and I ran into a bit of a problem that I needed to unwind.

I was using the new Network Virtualization feature and I was encapsulating the traffic. 

This is where one host gets the packet from a VM, wraps it in an envelope, sends it to the host where the target VM is, unwraps its, and sends it to the receiving VM.

They also support IP Rewrite, which can be through of as NAT’ing.

I was having a problem where I needed to determine if things were working properly.  I had no way to tell without some type of tracing.

This is where Unified Tracing comes in.  You enable it on the Hyper-V Server and tell it which module and you get this highly detailed ETL format back out (use the latest Network Monitor to view).  I can see the traffic leave the VM, then hit the Network Virtualization module, then leave the switch and so on. 

I can capture the Windows Network Virtualization events by executing the following:

Netsh trace start provider=Microsoft-windows-wnv level=5

I can capture switch events and packets by executing the following:

Netsh trace start provider=Microsoft-Windows-Hyper-V-VmSwitch capture=yes capturetype=vmswitch

I capture both together (as you can only have one trace active at a time) with the following:

Netsh trace start provider=Microsoft-windows-wnv level=5 provider=Microsoft-Windows-Hyper-V-VmSwitch capture=yes capturetype=vmswitch

Now, what I did was I took my synchronization script and I combined that with this tracing into the following coordinating trace capture script:

# Coordinated Network tracing of Windows Network Virtualization
# Run this on both hosts.
# this will run for 3 minutes and then stop.  This should be enough time to do your test.  Change as you need.


# Only one trace can be executing at a time, you must choose one.
$selection = Read-Host -Prompt "Enter the trace number `
1 - WNV Events`
2 - VM packets and switch events`
3 - Both 1 and 2`
"


Get-date
# wait until the next 5 minute even increment
Do {
    # square up near the whole minute mark to "synchronize watches"
    Start-Sleep ( 60 - (Get-Date -Format ss) )
    [string]$nowMinute = Get-Date -Format mm
} until ( $nowMinute -match ".[0,5]" )

Get-Date

"Begin Repro"


switch ( $selection ) {
    1 {
        # capture WNV events
        $trace = Netsh trace start provider=Microsoft-windows-wnv level=5
    }
    2 {
        # capture switch events and packets
        $trace = Netsh trace start provider=Microsoft-Windows-Hyper-V-VmSwitch capture=yes capturetype=vmswitch
    }
    3 {
        # capture both providers together
        $trace = Netsh trace start provider=Microsoft-windows-wnv level=5 provider=Microsoft-Windows-Hyper-V-VmSwitch capture=yes capturetype=vmswitch
    }
}

Start-sleep -Seconds 120  #Two minutes of this is plenty of noise to pick through.

"Stopping Trace"
Get-Date

# Stop the trace
Netsh trace stop


foreach ( $i in $trace ) {
    if ( $i.Contains("Trace File") ) {
        $tracePath = $i.Split(" ")
        $file = $tracepath[($tracepath.Length - 1)]
    }
}
# Convert the ETL to TXT
Netsh trace convert $file


# The ETL can be viewed using Netmon 3.4 or newer.

No comments: