DIGITAL Trace Facility

Introduction

This document provides an overview of the DIGITAL Trace Facility (DTF) version 3.0 and describes what information can be traced over the interfaces in DIGITAL VNswitch routers having active tracepoints. 

DIGITAL Trace Facility

The VNswitch 900 router supports the DIGITAL Trace Facility (DTF) operating in TCP/IP networks. DTF is a host-based utility that traces packets as they pass through the protocol layers within a router and displays the decoded packet on the host or records the trace data in a file for later analysis. DTF includes facilities for:

• Filtering certain packet types at the source

• Filtering the output using regular expressions

• Performing validity check on packets

• Displaying the output in full, brief, or raw formats

The VNswitch 900 performs all packet forwarding and bridging in its fast-path processor (FP), with only terminating and multicast packets sent to the application processor (AP) for processing. There are no DTF tracepoints in the FP, which means that forwarded and bridged packets will not be traced. Router and bridge control packets (and all protocol control packets) are either terminating or are multicast and are processed by the AP and are traceable. By removing the forwarded packets from the traced data, you can capture more control packets on any one tracepoint in hte VNswitch.

Tracepoints

The points within a router that can be traced are known as tracepoints. Each tracepoint defines a number of events (up to 64) and each packet that is traced through the tracepoint is marked with one of these events by the router.

Tracing occurs through tracepoints that are usually positioned in the transmit and receive routines of the protocol modules in the router. Each tracepoint has a name and state. When a packet passes through an active tracepoint, the packet is copied and queued to the DTF module in the VNswitch, which transmits it to the host where the DTF utility resides. 

Each protocol module within the router may have zero or more tracepoints. For example, a tracepoint of ETHERNET INTERFACE Eth/* traces all Ethernet interfaces whose names match the wildcard string Eth/*. Table 1 summarizes the DTF tracepoints for the VNswitch router.

Table 1: Router Tracepoints
Tracepoint Filters Description
Ethernet interface name tx, rx, aarptx, aarprx, apltx, aplrx, arptx, arprx, dntx, dnrx, iptx, iprx, ipxtx, ipxrx, ipv6tx, ipv6rx, moptx, moprx, ositx, osirx, xnstx, xnsrx Traces all packets received by the AP on the Ethernet interface and all packets transmitted over that interface that originated from the router.
FDDI interface name tx, rx, arptx, aarprx, apltx, aplrx, arptx, arprx, dntx, dnrx, iptx, iprx, ipxtx, ipxrx, ipv6tx, ipv6rx, moptx, moprx, ositx, osirx, xnstx, xnsrx Traces all packets received by the AP on the FDDI interface and all packets transmitted over that interface that originated from the router.
VLAN interface name tx, rx, aarptx, aarprx, apltx, aplrx, arptx, arprx, dntx, dnrx, iptx, iprx, ipxtx, ipxrx, ipv6tx, ipv6rx, moptx, moprx, ositx, osirx, xnstx, xnsrx Traces all packets received by the AP on the VLAN interface and all packets transmitted over that interface that originated from the router.
IGMP interface name tx, rx Traces all IGMP packets transmitted and received by the IGMP module on the AP over the specified interface.
IP interface name tx, rx, icmptx, icmprx, ospftx, ospfrx, tcptx, tcprx, udptx, udprx, Traces all packets transmitted and received by the IP module on the AP over the specified interface. All IP packets received on the AP are traced by this tracepoint; however, not all IP packets transmitted by the AP pass through this tracepoint. In particular, most IP packets originated by the routing control protocols such as RIP and OSPF are sent directly to the datalink drivers and bypass this tracepoint. Packets originated by the UDP (other than RIP) and TCP based protocols do pass through this tracepoint.
OSPF interface name tx, rx Traces all packets transmitted and received by the OSPF module on the AP over the specified interface.
Event subsystem subsystem-list trace, info, error, always Traces all the ELS messages. The instance name is a list of ELS subsystems whose messages are traced. By default, all message types are traced and the filters can be used to restrict the trace to messages of a particular type.

Note:  Wildcards (*) cannot be used with this tracepoint.

Events

When DTF initially connects to the router, it optionally instructs the router to filter the packets passing through the specified tracepoint to trace the events that match the events specified in the events list file located on the DTF host system. 

When you run DTF on a host system, it uses a transport protocol to connect to the router you want to trace and also sends the parameters to use for the trace session. Events at the activated tracepoints are transmitted back to the host system for analysis (either live display, or recorded in a trace file for later analysis).

Events can be either traced or blocked. By default, all specified events are traced unless otherwise blocked by prefixing the event name with the exclamation point (!) character in the events list file. The special event name, denoted with an asterisk (*), is used to mean all events. If a filter list (event list) is not specified, then DTF assumes all events are traced. If a filter list is specified, then DTF uses the filter list to block the events before processing the list.

Session Trace Buffer Parameters

Session trace buffer parameters are forwarded to the VNswitch by the host system at the start of the trace session. These parameters determine how much router resources are allocated to the trace session and how much of the data passing through the tracepoints is captured. The following is a list of session parameters sent to the VNswitch:
Parameter Description
Buffer count Specifies the number of trace buffers used to capture trace data during the session. The larger the number of trace buffers that are used results in less trace data loss.
Buffer size Specifies the size (in bytes) of the trace buffers. This value determines the size of the data packet that can be traced.
Capture size Specifies the number of bytes in the data packet that is copied into the trace buffer.

Trace Data Loss

Trace data loss occurs when there are not enough trace buffers available to trace the next data packet. To minimize the effect of trace data loss, use the following guidelines, which are listed in order of effectiveness: 

• Use filters to reduce the amount of data being traced.

• Increasing the buffer count allows more trace data to be buffered within the router.

• Reducing the capture size increases the packets that can be contained in each trace buffer.

• Increasing the buffer size increases buffering available to the trace system.

• Record the results instead of displaying them. 

Accessing DTF

DTF version 3.0 software is included with the clearVISN Router Configurator software. It is in the install-directory\tools\supported\dtf\ subdirectory. 

The latest versions of the DTF documentation and installation kits for each host platform are available over the Internet, and can be downloaded from the following World Wide Web locations:

North America: http://www.networks.digital.com
Europe: http://www.networks.europe.digital.com
Asia Pacific: http://www.networks.digital.com.au
Use the search feature to find the DTF Installation Kit.