A tale of NetApp and Wireshark discovery


Wireshark_icon.svg
–==For those interested, Pluralsight has an excellent video training course called Introduction to Wireshark. I highly recommend Pluralsight as the go-to source for IT video training!==–

I was cleaning up a client’s /etc/rc file yesterday while preparing to move some IP addresses to different interfaces and I noticed they had configured the vMotion network as a VLAN interface on both controllers. This isn’t right because the vMotion network only needs to exist between ESXi hosts – the storage array never touches the traffic. Storage vMotion doesn’t use the vMotion network either.  It uses the storage network, whether IP- or FC-based.
I wanted to see if the interface was being used at all and fortunately, NetApp has a command for that. The ifstat command shows the count of frames received and transmitted on any or all interfaces, total bytes for each, and the number of multicasts or broadcasts. So in this case, it looked something like:

NETAPP-A> ifstat VIF-A-79

-- interface  VIF-A-79  (22 hours, 57 minutes, 50 seconds) --

RECEIVE
 Total frames:      150k | Total bytes:     10924k | Multi/broadcast: 21869
TRANSMIT
 Total frames:     4767k | Total bytes:      7177m | Multi/broadcast:   138
 Queue overflows:     0
DEVICE
 Vlan ID:            79  | Phy Iface:        VIF-A

Read the rest of this entry »

Advertisements

NetApp built-in packet capture


3people_netapp_blocks_hiresI first had to do this at the direction of NetApp tech support.  Ever since, I found myself searching my email for it so I could use it again and again.  I finally took the hint and decided to post it here for my reference – but maybe you could use it as well. Oh, and copy it to Evernote, too.

They way I use this, as you might expect, is to start the capture, perform the operation that’s failing, and then stop the capture.  So as not to capture too much traffic and therefore have to wade through all of it, I try to perform those steps rather quickly.  But then again, if you know a few useful features of Wireshark, you can get around in the capture file pretty easily.  So here you are.

filer> pktt start all -d /etc/crash

<perform the operation that fails here>

filer> pktt dump all
filer> pktt stop all

Read the rest of this entry »