Guest

Cisco Catalyst 6500 Series Switches

Capture Hardware Switched Packet with Datapath Capture Configuration Example

Document ID: 118103

Updated: Aug 01, 2014

Contributed by Mariusz Kazmierski and Shashank Singh, Cisco TAC Engineers.

   Print

Introduction

This document describes a method to capture a hardware switched packet on a forwarding engine on a Catalyst 6500 equipped with aSupervisor Engine 2T or on a Catalyst 6880, and display forwarding/QoS decisions to the user.

Note: The approach presented in this document cannot be used on Catalyst 6500/Supervisor 720 or on older supervisors.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

Datapath capture is based on Embedded Logic Analyzer Module (ELAM) that is triggered on Lamira ASIC , the chip that is responsible for taking Layer-3 forwarding decisions on the Catalyst 6500/Supervisor Engine 2T and 6880). This chip allows you to track packet forwarding and the QoS decision process without advanced knowledge of internal architecture of the platform and the exact internal packet flow that is required to properly set up ELAM. 

Information gathered by this capture can be used in order to understand hardware decision process. The information gathered is also good input data for Cisco Technical Assistance Center for further analysis in case there are any issues with packet forwarding or QoS.

Note:  In order to generate forwarding outputs, real traffic is required. For example, packets defined for a trigger must flow through the device while you perform the capture. This method does not impact the performance of the device, and does not affect the tested traffic stream. 

 

Use this CLI in order to configure packet capture:

6500#show platform datapath ?
all Packet datapath trace for all features
cos Packet ingress cos
ingress-interface Packet ingress interface (port, subinterface,
service-instance)
last Use data from the last datapath capture
lif Packet ingress LIF from Eureka or shim header
packet-data Packet header data specification
pkt-length Packet length
qos Packet QoS datapath trace
recirc recirculated packet
release-elam Release Elam
slot Forwarding Engine slot
src-index Packet ingress port source index
vty Used for virtual terminal lines
| Output modifiers

See these definitions for the most important parameters:

  • all - configures a packet capture to capture basic forwarding as well as QoS forwarding decisions (as two currently implemented flow types) at the same time.
  • vty - allows to display output in case the user is logged via Telnet/Secure Shell (SSH) (this is not required when command is run from the console).
  • release-elam - removes previously configured triggers.
  • ingress-interface/slot - allows the selection of module/interface on which packet a will be captured.
  • cos - allows you to select the COS value of the packet that will be captured.
  • pkt-length allows you to specify the size of the packet that will be captured.
  • packet-data - provides avery flexible way to select packet characteristics that need to be captured. 

This example sets the capture for packets that are received on interface te1/4.

show platform datapath ingress-interface te1/4

This example sets the capture for packets that are received on slot 2.

show platform datapath slot 2

This example sets the trigger to capture frames that have a COS equal to 5.

show platform datapath cos 5

This example sets the trigger to capture frames that are 64-bytes long.

show platform datapath pkt-length 64

This example sets the trigger to capture the IPv4/TCP frame with an ACK flag set that also has a source MAC address of 0000.0000.0001 and a source IP of 10.0.0.1. 

show platform datapath packet-data ipv4 src-address 10.0.0.1 tcp flags ack l2 
src-mac 0000.0000.0001

Network Diagram

Test traffic is received on trunk Te1/4 in VLAN10, is routed by the Catalyst 6500 to the VLAN20, and then is sent to the receiver in VLAN20 on port Te2/1.

See this scenario:

Tests

 

In order to capture the packet, enter this command:

show platform datapath vty all ingress-interface te1/4 packet-data ipv4 
src-address 10.10.0.1

Basic Packet Flow

This sets the trigger to IPv4 packets that arrive on interface te1/4 with a source IP address of 10.10.0.1 and asks the device to display packet forwarding and QoS decisions. After it executes this command, this traffic reaches the device and this output is generated:

Capturing from TenGigabitEthernet1/4 src_index 3[0x3]
_______________________________________________________________
Basic Packet Flow
-----------------
Packet TCP(6)[len=64]R: 10.10.0.1 -> 10.20.0.1
| Ports: 1000 -> 2000 [ACK 0x10] Dscp/Tos 46/0xB8 Ttl 64
| RouterMAC 0013.5f1c.0980 SMAC 0000.0000.1010
| Vlan 10 CoS 5 1q 1
V
Te1/4[3] Ingress Lif 0xA Vlan 10
| ILM 0x6900A Lif_Sel 3 Lif_Base 0x69000
| Cpp_en
V
Ingress ACL: Permit (Default) Lbl_A 1
Features QoS: Mark[16][4] AggPolice Tcam[Bank0][16376] Lbl 1
V
FIB-L3 Key: 10.20.0.1 [No VPN]
| TCAM[30465] Adj 0x24001 dgt 0
V
Adjacency [FIB] L3_Enable Dec_Ttl ADJ[IP][0x24001]
V
EgressLIF 0x14 Vlan 20 IpMtu 1518[17] Base 0x0
V
Egress ACL: Permit (Default)
Features QoS: Default (Tcam_Lkup_Disabled)
V
Rewrite [FIB] L2_RW[0]: 0013.5f1c.0980 -> 0000.0000.1020 Dec_Ttl
| CCC 4
| RIT[0x24001]
V
_______________________________________________________________

 

The packet contains basic characteristics of a captured packet, which includes Layer 2 information (MAC addresses, VLAN, CoS, IEEE 802.1Q (Dot1Q) header, packet size), Layer 3 information (IP addresses, Differentiated Services Code Point (DSCP)/Types of Service (TOS), Time to Live (TTL)), and Layer 4 information (ports, flags, protocol name). 

The rest of the output corresponds to the forwarding decision data with these descriptions:

  • Features (ingress/egress) - specifies if any ACL/QOS policy has been applied to the packet and what was the impact (in this example on ingress, ACL is the default and QoS is marking, and on egress default actions are taken).
  • FIB-L3/adjacency/rewrite - corresponds to the forwarding decision taken on the packet. In this example, the adjacency entry stored under entry 0x24001 indicates that TTL must be decreased (Dec_Ttl). There is also a change of destination in the MAC addresses as specified, if applicable.

QoS Packet Flow

QoS Packet Flow
---------------
Packet TCP(6)[len=64]R: 10.10.0.1 -> 10.20.0.1
| Ports: 1000 -> 2000 [ACK 0x10] Dscp/Tos 46/0xB8 Ttl 64
| RouterMAC 0013.5f1c.0980 SMAC 0000.0000.1010
| Vlan 10 CoS 5 1q 1
V
Te1/4[3] Ingress_Lif 0xA Vlan 10 Cos_In 5
| Portmap [Trust Dscp Port_Acos_Id 0 Qos_En 1]
| ILM 0x6900A Lif_Sel 3 Lif_base 0x69000
| Qos_En 1 Plcr_Base 0 L2_Cos_Sel Cos(1)
V
Ingress TCAM_IDX [16376] Label 1
Features TCAM_RSLT: Lo 0x0021100B Hi 0x00002010
| Mrking [Mark(Acos_Sel 4) Acos 16 Mark_En 1]
| AgPlcr [Id 4096 Cfg_Id 1]
V
IFE PL Acos 16 Mark_En RW(01)
| AgPlcr: Id 4096 Cfg 1 Apply 1 Apply_Stats 1 Drop_En 0
| Marking (Excd_Lo 0 Excd_Hi 0)
V
Adjacency RI 3
V
EgressLif Vlan 20
| Qos_En 0 Plcr_Base 0 L2_Cos_Sel Cos(1)
V
Egress Default (QoS Disabled)
Features
V
RIT Cos 2 Acos 16 Dscp/Tos 16/0x40
| CCC L3_REWRITE(4)
V
_______________________________________________________________

See the packet received by the device and that has CoS=5 and Dscp=46. The packet is sent with CoS=2 and DSCP=16 with the action to rewrite DSCP data in the packet (L3_REWRITE). This change is done by ingress features that point to packet remark activity (Mrking Acos=16, Mark_En 1) and the default policer with ID=4096 (AgpPlcr = 4096).


Further checks reveal that this default policer that does not police traffic, but rather forward all of received packets with DSCP=16 which is done via a policy-map called MAP.

6500#show platform qos ip te1/4
[In] Policy map is MAP [Out] Default.
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module, E - service instance)
(^ - class-copp keyword)

Int Mod Dir Class-map DSCP Agg Trust Fl AgForward AgPoliced
Id Id
-------------------------------------------------------------------------------
Te1/4 1 In class-defa 16 4096 No 0 25561664 0

Note: This example shows a basic packet forwarding scenario. If there are more advanced flows, additional sections/fields are displayed that handle these specific scenarios. 

 

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides information you can use in order  to troubleshoot your configuration.

The Output Interpreter Tool (registered customers only) supports certain show commands. Use the Output Interpreter Tool in order to view an analysis of show command output.

Note: Refer to Important Information on Debug Commands before you use debug commands.

 

  • all - configures packet capture to capture basic forwarding as well as QoS forwarding decisions (as two currently implemented flow types) at the same time,
  • vty - allows to display output in case user is logged via telnet/ssh (this is not required, when command is run from the console)
  • release-elam - removes previously configured triggers
  • ingress-interface/slot - allows the selection of module/interface on which packet will be captured.
  • cos - allows you to select the COS value of the packet that will be captured.
  • pkt-length allows you to specify the size of the packet that is going to be captured.
  • packet-data - provides very flexible way to select packet characteristics that need to be captured.

Related Information

Updated: Aug 01, 2014
Document ID: 118103