Publié le 31 août 2011
Part 1 of this article examine the main configuration issues with packet-forwarding devices is fragmentation of the traffic, VLAN tunneling and header fields.
To enhance troubleshooting tools for technicians and network engineers, EXFO has introduced packet-capture and decode capabilities to its extensive datacom portfolio—as a software upgrade to its existing FTB and RTU Ethernet test modules. This new feature, associated with the frame-analyzer test tool, introduces Ethernet capture capabilities at a line-rate speed from 10 Mbit/s to 10 Gbit/s. The combination of these two tools allows network operators and technicians to quickly and efficiently troubleshoot network events:
EXFO’s implementation of the packet-capture tool goes beyond the simple capture capabilities. Extra features and functionalities have been implemented in order to increase the efficiency of the test cycle and provide more value to the customer. Capturing capabilities are often reduced by the limited amount of memory available to store the capture traffic. In the case of the EXFO suite, available memory is dependent on the module used. In order to mitigate the effect of these limitations, EXFO’s packet-capture tool provides comprehensive filter and triggering methods to target specific traffic and efficiently use the memory available.
In some cases, only a particular traffic flow is of interest and other traffic can consume memory without providing any useful information. The EXFO packet capture tool provides the capability to filter the captured traffic in order to capture only traffic that fits a specific profile, therefore efficiently using the available memory.
The filter engine is based on the basic frame-analyzer and advanced traffic-filter system. In the basic mode, the user can filter traffic based on a single trigger value, while an advanced mode provides the capability to restrict traffic even more by using up to four trigger field and operands (AND, OR, NOT). In both cases, a complete set of triggers is available such as MAC – IP – TCP/UDP fields, VLAN, MPLS and PBB-TE fields.
In most captures, the payload information is typically proprietary information that cannot be understood and decoded by the analysis engine. The technical staff usually focuses on header information as these are decoded and are used for more in-depth troubleshooting, such as conversation and top-talker analysis. Therefore, capturing the payload of packets is, in most cases, not efficient as it consumes memory without providing extra information.
EXFO’s packet-capture tool provides an innovative packet truncation feature, which limits the capture to a specific number of bytes, starting from the first bit of the packet. Users can therefore limit capture to the first few bytes of the header (layer 2 to layer 4) or add more bytes to include higher layer information. By only capturing this information and avoiding the payload, users efficiently use the available memory. In order to assist the truncation process, a simple calculator is provided. This efficient tool automatically calculates the number of bytes to truncate according to the common header profile of the incoming frames.
A very common issue with typical capture tools is that the capture starts as soon as the tool is enabled. However, the event of interest may occur later and the captured traffic fills the memory buffer but does not provide any useful information. In some cases, the testing opportunity can be completely missed because of the high amount of captured data and the short event window.
EXFO’s packet-capture tools solve this issue by including a set of triggering capabilities, allowing the customer to fine-tune and specify when the capture process should start. This powerful capability simplifies the troubleshooting process by filling the memory only when the event of interest is detected. The memory and troubleshooting time are therefore efficiently used, resulting in meaningful capture data, which yields more important information.
Users can capture traffic based on three types of triggers:
1. Manual trigger is the simplest form of trigger and basically starts the capture as soon as it is enabled. This is the default mode of operation and mimics traditional capture tools.
2. On-error trigger is a trigger which starts to capture the operation when a specific event is detected. These events are typically Ethernet errors such as frame-check sequence (FCS) errors. This mode enables on-event capture, a scenario where a capture device can remain armed; monitoring the circuit, until the specific event is detected and the capture is triggered.
3. Field-match trigger launches the capture when a frame with a specific filtered condition is detected. This condition uses a similar system as the traffic filter system and enables the user to monitor the circuit and start the capture as soon as a specific frame condition is detected.
The triggering position is used to determine the position of the triggered frame within the captured data, solving one of the common problems with traditional capture tools where the event of interest is often located within the capture data.
A typical use for the triggering position is performing pre- and post-analysis. In network troubleshooting, it is very important to understand the events that lead to the failure and to view the events that followed the failure. These two critical phases provide a wealth of information on the failure, as well as on its causes and how the network reacted to it. For example, troubleshooting a TCP retransmission issue could start by looking at the pre-trigger phase to identify the cause of the retransmission by focusing on the TCP sequence itself, looking at the bandwidth usage or determining if there was any congestion by searching for Ethernet pause frames. The post-trigger analysis can focus on the retransmission process and determine if the cause of congestion has been relieved.
The triggering position capabilities allows the user to specify where the trigger event will be located in the capture, therefore allowing the selection of the frames that will be captured, depending on their position relative to the trigger event. Traditional capture tools do not provide the capability to perform mid-trigger or pre-trigger as they only provide post-trigger capabilities. Instead, users are left to manually search in the captured sequence to identify the event and perform the analysis. Combining this to the lack of trigger mechanism, it is quite possible when using traditional capture tools that the event of interest is completely missed, resulting in an inefficient capture process.
EXFO’s packet-capture feature provides three triggering positions:
Once a capture has been completed, the captured data can be exported either to the platform’s internal memory or to an external USB-based memory for decoding. The exporting process generates an industry-standard, PCAP file that can be used by a variety of open-source decoding tools.
Decoding and post-analysis is performed using the Wireshark application (the industry standard in protocol analysis and decode). This free application enables extensive protocol decoding as well as complex analysis to provide a solid post-processing analysis. Since Wireshark is an open-source application and it is maintained by a strong and dedicated community of developers and contributors, the application is always up-to-date with the latest protocols. What’s more, Wireshark is also supported by various extensions that enable analysis tools or specialized processes which can be used to complement the standard Wireshark offering.
EXFO’s test solution can be used in a variety of locations, from central field and customer locations to labs and exchange office.
Today’s multiservice networks are growing increasingly complex, driving the need for technicians to have a more granular view of data traffic across all layers of the network. By adding packet-capture and decode capabilities to its test modules, EXFO brings to market a comprehensive, simplified and fully integrated solution for end-to-end carrier Ethernet network assessment. This enables field technicians to quickly pinpoint, analyze and report quality of service issues using a single test unit. With packet-capture and decode functionalities, EXFO is revolutionizing the way network operators validate, turn up, monitor and troubleshoot carrier Ethernet services.