none
10Gb external port mirroring throughput

    Question

  • I am doing some testing on using Hyper-V to do network monitoring, this monitoring involves a 10Gb network card configured as the source and a virtual machine as the distination to relay ALL the external traffic (utilising promiscuous mode) to the VM.

    The equipment used is a HP Proliant DL360p Gen 9 with a Intel X520 10Gb NIC. using a traffic generator and WireShark on the host. In this config I can only get about 95% of the traffic being generated and fed to the NIC seen at the host.

    Has anyone been doing any testing with throughputs in promiscuous mode with success? By throughputs I am talking about > 1Gbps and more in the region of 10 to 20Gbps?

    Happy to provide more info on the config but interested to see if others out there are testing at > 1Gbps on Hyper-V 2016.    

    Friday, February 3, 2017 12:40 PM

All replies

  • Hyper-V can do port mirroring for network sniffers.  (the traffic destined for a VM NIC (port of the virtual switch) is copied to another VM NIC)

    https://blogs.technet.microsoft.com/networking/2015/10/16/setting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine/

    It does not allow traditional promiscuous style sniffing of everything coming into the physical nic of the virtual switch.

    And, the Host is not exposed to the network traffic of the VMs.  There is an isolation boundary there that is maintained, even at the virtual switch.


    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

    Friday, February 3, 2017 4:15 PM
    Moderator
  • Thanks for the input Brian, I am doing traffic conversation generation with the aim of getting a network sniffer processing the conversations. At 1Gbps applied at the external interface and measuring on the host side of that NIC I get 0.5% packet loss.

    Trying the same at 2Gbps and 5Gbps the loss rate climbs to 50%. Inside the VM set up as the network sniffer the losses are worse. The conversations are still being seen in the virtual network sniffer. 

    My problem appears to be in the capacity of the Hyper-V host in coping the incoming data to the destination VM NIC.

     Intouch82

     

    Intouch82 


    • Edited by intouch82 Monday, February 6, 2017 8:04 AM
    Saturday, February 4, 2017 4:11 AM
  • Hi,

    The issues seems strange and I'm not able to find related information.

    Well, try to update the NIC driver to see if it helps. And also check the system resource usage on VM, such as CPU and RAM.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 7, 2017 5:37 AM
    Moderator
  • Hi Leo

    Currently have the latest drivers from Intel and I am measuring the throughput at the host before the virtual switch.

    so at this stage just trying to prove that at the host level that what is being sent to the host NIC is seen inside the host.

    PowerShell using Get-NetAdaptor shows that Promiscuous mode on the physical NIC is enabled and using Wireshark anything above 1Gb and the difference is greater than 0.5% (that is 0.5% of the traffic is lost) and climbs from there. 

    Interesting to say the least.

    Intouch82


    Intouch82 "without hard data you are just another opinon with no substance"

    Tuesday, February 7, 2017 12:22 PM
  • Hi,

    Since I'm not able to find more related information. I suggest you open a case with Microsoft, more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.
    Here is the link:
    https://support.microsoft.com/en-us/gp/contactus81?Audience=Commercial&wa=wsignin1.0

    Best Regards,
    Leo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 14, 2017 2:07 AM
    Moderator