From d683a0ffae9ad094c1667ceda6dceb2ef4ba0b4b Mon Sep 17 00:00:00 2001
From: Adam Rudell <arudell@microsoft.com>
Date: Wed, 19 Feb 2025 20:44:24 -0600
Subject: [PATCH 1/2] add new health test to check if multiple switches have
 vfp enabled

---
 src/SdnDiagnostics.psd1                |  1 +
 src/modules/SdnDiag.Health.Config.psd1 |  5 ++++
 src/modules/SdnDiag.Health.psm1        | 40 ++++++++++++++++++++++++++
 3 files changed, 46 insertions(+)

diff --git a/src/SdnDiagnostics.psd1 b/src/SdnDiagnostics.psd1
index c0418323..be00272a 100644
--- a/src/SdnDiagnostics.psd1
+++ b/src/SdnDiagnostics.psd1
@@ -173,6 +173,7 @@
         'Test-SdnNonSelfSignedCertificateInTrustedRootStore',
         'Test-SdnClusterServiceState',
         'Test-SdnServiceState',
+        'Test-SdnVfpEnabledVMSwitch',
         'Test-SdnVfpPortTuple'
     )
 
diff --git a/src/modules/SdnDiag.Health.Config.psd1 b/src/modules/SdnDiag.Health.Config.psd1
index 186ca81b..d2b12e4c 100644
--- a/src/modules/SdnDiag.Health.Config.psd1
+++ b/src/modules/SdnDiag.Health.Config.psd1
@@ -98,6 +98,11 @@
             Impact = "Policy configuration failures may be reported by Network Controller when applying policies to the Hyper-v host. In addition, network traffic may be impacted."
             PublicDocUrl = ""
         }
+        'Test-SdnVfpEnabledVMSwitch'= @{
+            Description = "Multiple VFP enabled virtual switches detected on the Hyper-V host(s)."
+            Impact = "Policy configuration failures may be reported by Network Controller when applying policies to the Hyper-v host."
+            PublicDocUrl = ""
+        }
         'Test-VMNetAdapterDuplicateMacAddress' = @{
             Description = "Duplicate MAC address detected with the data plane on the Hyper-V host(s)."
             Impact = "Policy configuration failures may be reported by Network Controller when applying policies to the Hyper-v host. In addition, network traffic may be impacted for the interfaces that are duplicated."
diff --git a/src/modules/SdnDiag.Health.psm1 b/src/modules/SdnDiag.Health.psm1
index d05cc79f..e466cf25 100644
--- a/src/modules/SdnDiag.Health.psm1
+++ b/src/modules/SdnDiag.Health.psm1
@@ -2373,6 +2373,46 @@ function Test-SdnHostAgentConnectionStateToApiService {
     return $sdnHealthTest
 }
 
+function Test-SdnVfpEnabledVMSwitch {
+    <#
+        .SYNOPSIS
+            Enumerates the VMSwitches on the system and validates that only one VMSwitch is configured with VFP.
+    #>
+
+    [CmdletBinding()]
+    param()
+
+    Confirm-IsServer
+    $sdnHealthTest = New-SdnHealthTest
+    $i = 0
+
+    try {
+        $vmSwitches = Get-VMSwitch
+
+        # only progress if we have more than one VMSwitch
+        if ($vmSwitches.Count -ge 2) {
+            foreach ($vmSwitch in $vmSwitches) {
+                $extensions = $vmSwitch | Get-VMSwitchExtension
+                $vfpExtension = $extensions | Where-Object { $_.Name -eq 'Microsoft Azure VFP Switch Extension' }
+                if ($vfpExtension.Enabled -eq $true) {
+                    $i++
+                }
+            }
+        }
+
+        if ($i -gt 1) {
+            $sdnHealthTest.Result = 'FAIL'
+            $sdnHealthTest.Remediation += "TODO"
+        }
+    }
+    catch {
+        $_ | Trace-Exception
+        $sdnHealthTest.Result = 'FAIL'
+    }
+
+    return $sdnHealthTest
+}
+
 ###################################
 ###### NC HEALTH VALIDATIONS ######
 ###################################

From 9b66eab65992857ac0754afe850cdc155cea197d Mon Sep 17 00:00:00 2001
From: Adam Rudell <arudell@microsoft.com>
Date: Thu, 20 Feb 2025 12:58:33 -0600
Subject: [PATCH 2/2] improve perf

---
 src/modules/SdnDiag.Health.psm1 | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/modules/SdnDiag.Health.psm1 b/src/modules/SdnDiag.Health.psm1
index e466cf25..64c27d7e 100644
--- a/src/modules/SdnDiag.Health.psm1
+++ b/src/modules/SdnDiag.Health.psm1
@@ -1593,6 +1593,7 @@ function Debug-SdnServer {
             Test-SdnServiceState -ServiceName $services
             Test-SdnProviderNetwork
             Test-SdnHostAgentConnectionStateToApiService
+            Test-SdnVfpEnabledVMSwitch
         )
 
         # enumerate all the tests performed so we can determine if any completed with WARN or FAIL
@@ -2384,25 +2385,22 @@ function Test-SdnVfpEnabledVMSwitch {
 
     Confirm-IsServer
     $sdnHealthTest = New-SdnHealthTest
-    $i = 0
 
     try {
+        # enumerate the VMSwitches on the system and validate that only one VMSwitch is configured with VFP
         $vmSwitches = Get-VMSwitch
 
-        # only progress if we have more than one VMSwitch
-        if ($vmSwitches.Count -ge 2) {
-            foreach ($vmSwitch in $vmSwitches) {
-                $extensions = $vmSwitch | Get-VMSwitchExtension
-                $vfpExtension = $extensions | Where-Object { $_.Name -eq 'Microsoft Azure VFP Switch Extension' }
-                if ($vfpExtension.Enabled -eq $true) {
-                    $i++
-                }
+        $i = 0
+        foreach ($vmSwitch in $vmSwitches) {
+            $vfpExtension = $vmSwitch.Extensions | Where-Object { $_.Name -eq 'Microsoft Azure VFP Switch Extension' }
+            if ($vfpExtension.Enabled -eq $true) {
+                $i++
             }
         }
 
+        # if there is more than one VMSwitch configured with VFP, this is a failure
         if ($i -gt 1) {
             $sdnHealthTest.Result = 'FAIL'
-            $sdnHealthTest.Remediation += "TODO"
         }
     }
     catch {