How do I capture a packet trace of NFS operations on a NetApp filer?
Environment
- Red Hat Enterprise Linux
- NetApp filer
Issue
- How do I capture a packet trace of NFS operations on a NetApp filer?
Resolution
- The below procedure has been known to work on many NetApp filers, and is given here for reference. It may be incomplete or inaccurate depending on your NetApp software version. Please contact NetApp support and/or see NetApp's support website, Content from now.netapp.com is not included.Content from now.netapp.com is not included.http://now.netapp.com/ for official recommendations.
- A packet trace can be taken by using the 'pktt' command from the NetApp filer console. For full documentation of this command, see NetApp's support website, Content from now.netapp.com is not included.Content from now.netapp.com is not included.http://now.netapp.com/ or contact NetApp support.
1. Determine the IP address of the NFS client to filter on, use ifconfig to determine the IP:
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1B:21:0B:BB:E0
inet addr:192.168.122.101 Bcast:192.168.122.255 Mask:255.255.252.0
2. Start the tracing on the NetApp filer with the "pktt" command. Use a buffer size of 1MB, and filter on the IP address of the NFS client:
filer> pktt start all -b 1m -i 192.168.122.101
ns0: started packet trace
ns1: started packet trace
lo: started packet trace
3. Reproduce the NFS issue on the NFS client.
4. Check the status of the packet trace on the filer to ensure the trace buffer has not overflowed:
filer> pktt status
ns0: Packet tracing enabled; packets truncated at 1514 bytes.
ns0: Trace buffer utilization = 43% of 1048320 bytes, 630 packets
ns0: 630 packets seen; 0 packets dropped; 450132 total bytes seen
ns1: Packet tracing enabled; packets truncated at 1514 bytes.
ns1: Trace buffer utilization = 36% of 1048320 bytes, 536 packets
ns1: 536 packets seen; 0 packets dropped; 369132 total bytes seen
lo: Packet tracing enabled; packets truncated at 1514 bytes.
lo: Trace buffer utilization = 0% of 1048320 bytes, 0 packets
lo: 0 packets seen; 0 packets dropped; 0 total bytes seen
5. Dump the trace data to a file:
filer> pktt dump all
Thu Feb 17 16:00:43 EST [cmds.pktt.write.info:info]: pktt: 951 packets seen, 0 dropped, 606642 bytes written to /ns0_20110217_160043.trc.
Thu Feb 17 16:00:43 EST [cmds.pktt.write.info:info]: pktt: 857 packets seen, 0 dropped, 524138 bytes written to /ns1_20110217_160043.trc.
Thu Feb 17 16:00:43 EST [cmds.pktt.write.info:info]: pktt: 0 packets seen, 0 dropped, 0 bytes written to /lo_20110217_160043.trc.
6. Stop the packet tracing on the filer:
filer> pktt stop all
ns0: Tracing stopped and packet trace buffers released.
ns1: Tracing stopped and packet trace buffers released.
lo: Tracing stopped and packet trace buffers released.
7. Copy the trace file(s) to the Linux host from the filer, via NFS, or some other means:
# mount -t nfs -o ro 192.168.154.174:/ /mnt/filer
# cp /mnt/filer/*.trc /tmp
8. Use wireshark or other tool to examine trace.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.