title | titleSuffix | description | author | ms.author | ms.service | ms.topic | ms.date | ms.custom |
---|---|---|---|---|---|---|---|---|
Perform packet capture on a packet core instance |
Azure Private 5G Core |
In this how-to guide, you'll learn how to perform packet capture on the control plane or data plane on a packet core instance. |
robswain |
robswain |
private-5g-core |
how-to |
04/24/2024 |
template-how-to, devx-track-azurecli |
Packet capture for control or data plane packets is performed using the MEC-Dataplane Trace tool. MEC-Dataplane (MEC-DP) Trace is similar to tcpdump, a data-network packet analyzer computer program that runs on a command line interface (CLI). You can use MEC-DP Trace to monitor and record packets on any user plane interface on the access network (N3 interface) or data network (N6 interface) on your device, and the control plane (N2 interface). You can access MEC-DP Trace using the Azure portal or the Azure CLI.
Packet capture works by mirroring packets to a Linux kernel interface, which can then be monitored using tcpdump. In this how-to guide, you'll learn how to perform packet capture on a packet core instance.
Important
Performing packet capture will reduce the performance of your system and the throughput of your data plane. It is therefore only recommended to use this tool at low scale during initial testing.
You must have an AP5GC site deployed to perform packet capture.
To perform packet capture using the command line, you must:
- Identify the Kubernetes - Azure Arc resource representing the Azure Arc-enabled Kubernetes cluster on which your packet core instance is running.
- Ensure your local machine has core kubectl access to the Azure Arc-enabled Kubernetes cluster. This requires a core kubeconfig file, which you can obtain by following Core namespace access.
Important
Once you have created the user-assigned managed identity, you must refresh the packet core configuration by making a dummy configuration change. This could be a change that will have no impact on your deployment and can be left in place, or a change that you immediately revert. See Modify a packet core instance. If you do not refresh the packet core configuration, packet capture will fail.
-
Sign in to the Azure portal.
-
Navigate to the Packet Core Control Pane overview page of the site you want to run a packet capture in.
-
Select Packet Capture under the Help section on the left side. This will open a Packet Capture view.
-
If this is the first time you've taken a packet capture using the portal, you'll see an error message prompting you to configure a storage account. If so:
- Follow the link in the error message.
- Enter the Storage account container URL that was configured for diagnostics storage and select Modify.
[!TIP] If you don't have the URL for your storage account container:
- Navigate to your Storage account.
- Select the ... symbol on the right side of the container that you want to use for packet capture.
- Select Container properties in the context menu.
- Copy the contents of the URL field.
- Return to the Packet Capture view.
-
Select Start packet capture.
-
Fill in the details on the Start packet capture pane and select Create.
The Maximum bytes per session limit is applied per node. In highly available (HA) deployments, it's likely that the packet capture will reach this limit and complete on one node before the other, so a packet capture will still be running when the first has completed. You should stop any running packet captures before starting a new one.
-
The page will refresh every few seconds until the packet capture has completed. You can also use the Refresh button to refresh the page. If you want to stop the packet capture early, select Stop packet capture.
-
Once the packet capture has completed, the AP5GC online service will save the output at the provided storage account URL.
In HA deployments, two packet capture files will be uploaded, one for each node. The files will be labeled with a
0
or a1
, corresponding to thecore-mec-dp-0
orcore-mec-dp-1
pod. If one packet capture fails, the status page will show an error, but the successful capture results will upload as normal. -
To download the packet capture output, you can use the Copy to clipboard button in the Storage or File name columns to copy those details and then paste them into the Search box in the portal. To download the output, right-click the file and select Download.
-
In a command line with kubectl access to the Azure Arc-enabled Kubernetes cluster, enter the MEC-DP troubleshooter pod:
kubectl exec -it -n core core-mec-dp-0 -c troubleshooter -- bash
[!NOTE] In an HA deployment,
core-mec-dp-0
may not exist because the node is down. In that case, entercore-mec-dp-1
instead. -
View the list of configured user plane interfaces:
mect list
This should report a single interface on the control plane network (N2), a single interface on the access network (N3) and a single interface for the core network (N6).
n2trace n3trace n6trace
-
Run
mectdump
with any parameters that you would usually pass to tcpdump. In particular,-i
to specify the interface, and-w
to specify where to write to. Close the tool when finished by pressing Ctrl + C. The following examples are common use cases:- To capture packets on all interfaces, run
mectdump -i any -w any.pcap
- To capture packets for the N3 interface and the N6 interface for a single data network, enter the MEC-DP troubleshooter pod in two separate windows. In one window run
mectdump -i n3trace -w n3.pcap
and in the other window runmectdump -i n6trace -w n6.pcap
. To select an individual data network, filter by VLAN ID.
[!IMPORTANT] Packet capture files might be large, particularly when running packet capture on all interfaces. Specify filters when running packet capture to reduce the file size - see the tcpdump documentation for the available filters.
- To capture packets on all interfaces, run
-
Leave the container:
exit
-
Copy the output files:
kubectl cp -n core core-mec-dp-0:<path to output file> <location to copy to> -c troubleshooter
The tcpdump might have been stopped in the middle of writing a packet, which can cause this step to produce an error stating
unexpected EOF
. However, your file should have copied successfully, and you can check your target output file to confirm. -
Remove the output files:
kubectl exec -it -n core core-mec-dp-0 -c troubleshooter -- rm <path to output file>
For more options to monitor your deployment and view analytics:
- Learn more about monitoring Azure Private 5G Core using Azure Monitor platform metrics
- If you have found a problem and don't know how to resolve it, you can Get support for your Azure Private 5G Core service