TCP Sessions with Missing Packets

Question

Question by Babar Q. · Dec 04, 2016 at 12:45 PM · nam nam probe

TCP Sessions with Missing Packets

Hello Everyone,

We have a situation that one of our AMD is missing the TCP sessions near about 5% and after reviewed we found that few software services created to monitor the applications have 100% missing sessions.

AMD is performing well without any drop packets or running out any other resources.

What could be the issue?

Below screenshots are reference to my question.

Regards,

Babar

tcp-sessions-with-missing-packets.png (9.7 KiB)

missing-sessions.png (13.0 KiB)

0

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Answer 1 · 2016-12-05T14:59:45Z

Answer by Ulf T. · Dec 05, 2016 at 02:59 PM

Hey Babar - Now I had time to look a little more on you screen - your AMD is also sampling - never good!

https://answers.dynatrace.com/questions/151490/und...

Is it overloaded?

0 Show 1 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Babar Q. · Dec 05, 2016 at 05:42 PM 0

Share

Hello Ulf,

As per our understanding AMD is not under performing, therefore, I took below screenshots for your understanding, might be we are missing something or overlooked.

AMD Health

AMD Settings

Interface Utilization

Packet Distribution (Driver Level)

Regards,

Babar

amd-stat.png (10.9 KiB)

dh1-amd.png (13.1 KiB)

inter-util.png (13.6 KiB)

pckt-dist-driver-level.png (21.3 KiB)

Answer 2 · 2016-12-05T13:43:20Z

Answer by Ulf T. · Dec 05, 2016 at 01:43 PM

So - most likely the SPAN is the source of your problem. I've posted a couple of times before but it's worth repeating - SPAN has very limited value in a production environment. Your best bet for success is have a target port that is much higher in speed than your source ports, and still you can fail :-) so that's why you should use a TAP instead. http://www.lovemytool.com/blog/2007/08/span-ports-...

In the manual (assuming you are on 12.4)

https://community.dynatrace.com/community/display/...

0 Show 1 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Babar Q. · Dec 05, 2016 at 02:12 PM 0

Share

Hello Ulf,

We have AMD Version: 12.3.8.6 and the below two screenshots are taken from the two different AMDs. The weird thing is that only the application traffic is missing 100% on the DH-1 side and the partially missing traffic for the same application(s) on the DH-2.

One more observation that the configured analyzer is HTTP which is showing 100% missing session in DH-1 AMD but for the Unknown TCP there is no missing session.

The same application in the DH-2 AMD is partially missing the traffic and that is also for the HTTP analyzer.

DH-1 Aggregator

DH-2 Aggregator

Regards,

Babar

dh-1-aggregator.png (32.1 KiB)

dh-2-aggregator.png (29.4 KiB)

Answer 3 · 2016-12-05T10:44:39Z

Answer by Ulf T. · Dec 05, 2016 at 10:44 AM

It's most likely depending on how you capture the packets to your AMD. How is it done today?

,

Very likely it's your feed. How are the packets captured and directed to the the AMD?

0 Show 1 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Babar Q. · Dec 05, 2016 at 12:47 PM 0

Share

Hello Ulf,

Thank you for your reply.

We have a span from core switches to Aggregators and then to AMDs.

Below screenshot is a reference for the analyzer and missing sessions.

Regards,

Babar

total-missing-sessions.png (31.5 KiB)

TCP Sessions with Missing Packets

3 Replies

Join the conversation!

NAM 2019 SP3 is available

LIVE WEBINAR

Follow this Question

Related Questions

Forum Tags