We are trying to find out if we are overloading our switch traffic.
Is wireshark an appropriate tool for this? I'm not looking for a full tutorial, just a yes or no, and maybe a few tips related to this specific issue.
Thank youuuuu
-Brandon
Wireshark can help you with analysis but you would need some special hardware to capture such traffic volumes.
What do you mean by switch overload is another question. I would look at port statistics of the switch at first. The switching fabric is designed to deal mostly with unicast traffic (one going between two ports of a switch) and only a small share is expected to be a native or enforced multicast. If your actual traffic contains too much multicast, you can exceed the fabric capacity, causing packets to be lost, or you can exceed the available bandwidth of the egress ports if the fabric handles more. If too much traffic, even unicast one, from several ingress ports is sent out via a single egress port, you'll get an overload (packet loss) of that port as well. And packet loss due to insufficient bandwidth should be visible in the port statistics.
So a mere ping between two connected devices should tell you whether you overload the switch (or at least one of its ports participating in the test) or not; to find out why that happens is a different story.
Some redundancy techniques build on the fact that a switch multicasts frames for a given MAC address until it gets a frame from that MAC address. Again, the switch should be able to tell you which MAC addresses have been seen which match no particular port; you can see from the MAC value whether it is a multicast one or whether it is one of those reserved for that redundancy techniques.
Short and sweet: No. Wireshark is like a microscope, capable to look at every individual bit of the network traffic. Would you use a microscope to measure the flow in a river? Probably not. The only serious way to look into these kinds of problems is analysis of the port statistics, just like @sindy says.
Thank you very much you two.
I tried digging a little to find the port statistics, can you give me an example of where I can find this? (doesn't matter what brand, I should be able to figure it out on the other ones based off one example).
Not really, different manufacturers use very different approaches to configuration and monitoring, from pure command line (show interface xxxx detail) through text menus where you move using arrows and enter to clickable web GUIs. Often "configuration" and "monitoring" get separated somewhere early in the tree. So you are looking for "monitoring" or "supervision" or "state" of physical interfaces. I've even seen "dashboard".
Hi Brandon,
For packet capture, you can do it even with comodity HW, but you need to use PF_RING which bypass Linux kernel. With PF_RING, you can capture with Wireshark whole traffic on 10GE interface. Just google for PF_RING and compiling tshark with this option. You can use it with standard Intel NIC. I recommend to write data to ramdisk to preserve HDD write speed limitation.
Once you get the packets, you should check packet loss, retransmissions, RTT and so on. For this, I highly recommend Laura Chappells Wireshark training.
All the best.
Karol
Comments