1.2 Troubleshooting virtual switches
Microsoft also has extended Unified Tracing through the Hyper-V
extensible switch, which makes it easier for you to diagnose problems
that may occur. For example, if you are experiencing issues that you
think might be connected with the extensible switch, you could attempt
to troubleshoot the problem by turning on tracing using the Netsh
command like this:
netsh trace start provider=Microsoft-Windows-Hyper-V-VmSwitch capture=yes
capturetype=vmswitch
Then you would try and reproduce the issue while tracing is turned on. Once a repro has occurred, you could disable tracing with netsh trace stop and then review the generated Event Trace Log (ETL) file using Event Viewer or Network Monitor. You also could review the System event log for any relevant events.
A number of other advanced capabilities also have been integrated by Microsoft into the Hyper-V extensible switch to help enhance security, monitoring, and troubleshooting functionality. These additional capabilities include the following:
-
DHCP guard
Helps safeguard against Dynamic
Host Configuration Protocol (DHCP) man-in-the-middle attacks by
dropping DHCP server messages from unauthorized VMs pretending to be
DHCP servers
-
MAC address spoofing
Helps safeguard against attempts to use ARP spoofing to steal IP
addresses from VMs by allowing VMs to change the source MAC address in
outgoing packets to an address that is not assigned to them
-
Router guard
Helps safeguard
against unauthorized routers by dropping router advertisement and
redirection messages from unauthorized VMs pretending to be routers
-
Port mirroring
Enables monitoring of a VM’s network traffic by forwarding copies of destination or source packets to another VM being used for monitoring purposes
-
Port ACLs
Helps enforce virtual network isolation by allowing traffic filtering based on media access control (MAC) or IP address ranges
-
Isolated VLANs
Allows segregation of traffic on multiple VLANs to facilitate isolation of tenant networks through the creation of private VLANs (PVLANs)
-
Trunk mode
Allows directing traffic from a group of VLANs to a specific VM
-
Bandwidth management
Allows guaranteeing a minimum amount of bandwidth and/or enforcing a maximum amount of bandwidth for each VM
-
Enhanced diagnostics
Allows packet monitoring and event tracing through the extensible switch using ETL and Unified Tracing
Most of these additional capabilities can be configured from the graphical user interface (GUI) by opening the VM’s settings. For example, by selecting the network adapter under Hardware, you can specify bandwidth management settings for the VM. Figure 4
shows these settings configured in such a way that the VM always has at
least 50 MBps of network bandwidth available, but never more than 100
MBps. If your hosts reside in a shared cloud being used to provision
applications and services to business units or customers, these new
bandwidth management capabilities can provide the benefit of helping
you meet your SLAs with these business units or customers.
Clicking the + sign beside Network Adapter in these settings exposes
two new pages of network settings: Hardware Acceleration and Advanced
Features. Here are the Advanced Features settings
which lets you configure MAC address spoofing, DHCP guard, router guard, and port mirroring for the selected network adapter of the VM, as shown in Figure 5.
As the sidebar demonstrates, you also can use PowerShell to configure and manage the various advanced capabilities of the Hyper-V extensible switch.
