Currently, I am troubleshooting a iSCSI performance issue which looks like is a buffer capacity issue on my switches. I see messages on my captures which have "TCP Dup ACK" and "TCP Previous segment not captured". My environment consists of vmware hypervisor using software iscsi initiators connecting over a low-end catalyst 2960S switch to VNX SAN. What I would like to determine from my captures is getting a metric of when packets start to drop. Are there any good guidelines when troubleshooting iSCSI connectivity to determine this. Cisco does not publish buffer sizes for their low-end switches but I can see from snmp monitoring that there are huge buffer misses and a lot of output drops on the interfaces connected to the SAN. asked 05 Apr '13, 11:30  ytek |
One Answer:
That might be a sign for dropped packets. However, to be sure where the packet loss takes place, you need to capture in front of the server and in front of the client at the same time (two capturing machines). After that you can compare the two capture files to find any differences (packet loss). However, as a first start you could use this display filter:
Regards answered 08 Apr '13, 16:24  Kurt Knochner ♦ |
Thanks for the advice Kurt. I actually can see that there are duplicate acks and lost segements. Given my current setup I'm only able to span the two ports to a single mirror port and then separate the captures based on source mac address. I'm exporting this view of the packets as two separate captures to compare.
well, then the packet loss might also be caused by flooding of the monitor port as too much traffic is coming from the two mirrored ports. With that setup, you will never know for sure what is causing the problem.
I would mirror just one port and then check if there is still packet loss.