Configure Packet-Trace to Debug PBR Traffic on XE Platforms

Available Languages

Download Options

  • PDF     (42.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (68.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (69.4 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 12, 2017
Document ID:200926

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the procedure to enable packet-trace on IOS-XE platform to capture Policy-Based Routing (PBR) traffic on Cisco's Integrated Service Router (ISR) 4000 series platform.

Contributed by Prathik Krishnappa, Cisco TAC Engineer.

Prerequisites

Requirements

There are no specific requirements for this document.

  

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

Here is the configuration to enable packet-trace to debug PBR traffic:

PBR Configurations: 

route-map PBR permit 10
 match ip address 102
 set ip next-hop 192.168.1.18
ip access-list extended 102
 permit ip 192.168.1.0 0.0.3.255 any
 permit ip 192.168.2.0 0.0.0.255 any

interface GigabitEthernet0/0/1
 ip address 192.168.2.10 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip policy route-map PBR
 load-interval 30
 negotiation auto
route-map PBR, permit, sequence 10
  Match clauses:
    ip address (access-lists):102 
  Set clauses:
    ip next-hop 192.168.1.18 
  Policy routing matches: 500 packets, 400 bytes
  • To debug particular subnet, create an access-list:
ip access-list ext 103
permit ip host 192.168.3.10 any
  • Apply the access-list in the PBR:
route-map PBR
match ip address 103
  • Perform conditional debug on the interface where PBR is applied: 
debug platform condition interface gigabitethernet 0/0/1 ipv4 access-list 103 both
  • Enable these debugs: 
debug platform packet-trace packet 64
debug platform packet-trace packet 16 fia-trace
debug platform packet-trace enable
debug platform condition start

Initiate traffic from the subnet.

Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides information you can use in order  to troubleshoot your configuration.

Router #sh debugging
IOSXE Conditional Debug Configs:
Conditional Debug Global State: Start
Conditions Direction
----------------------------------------------------------------------------------------------|---------
GigabitEthernet0/0/1 & IPV4 ACL [102] both
Feature Condition Type Value
-----------------------|-----------------------|--------------------------------
Feature Type Submode Level
------------|-------------|----------------------------------------------------------------------------------------------|----------
IOSXE Packet Tracing Configs:
debug platform packet-trace enable
debug platform packet-trace packet 16 fia-trace data-size 2048
Packet Infra debugs:
Ip Address Port
------------------------------------------------------|----------

show platform packet-trace packet 0 shows the first packet that is traced.

Summary shows that the input packe t is received on gig 0/0/1 and forwarded on to output interface gig 0/0/2 and the state is fwd.

In path trace you can find source and destination ip address.

To verify if the packet is policy based, check: IPV4_INPUT_PBR field.

  Feature: FIA_TRACE
    Entry      : 0x10f81c00 - IPV4_INPUT_PBR
    Lapsed time: 23220 ns

Router#sh platform packet-trace packet 0 
Packet: 0           CBUG ID: 458151
Summary
  Input     : GigabitEthernet0/0/1
  Output    : GigabitEthernet0/0/2
  State     : FWD 
  Timestamp
    Start   : 355835562633335 ns (12/28/2016 08:11:52.433136 UTC)
    Stop    : 355835562660187 ns (12/28/2016 08:11:52.433163 UTC)
Path Trace
  Feature: IPV4
    Source      : 192.168.3.10
    Destination : 74.125.200.189
    Protocol    : 17 (UDP)
      SrcPort : 56018
      DstPort : 443
  Feature: FIA_TRACE
    Entry      : 0x10f82018 - DEBUG_COND_INPUT_PKT
    Lapsed time: 2060 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81c38 - IPV4_INPUT_SRC_LOOKUP_ISSUE
    Lapsed time: 2160 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81c34 - IPV4_INPUT_DST_LOOKUP_CONSUME
    Lapsed time: 3080 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81c2c - IPV4_INPUT_SRC_LOOKUP_CONSUME
    Lapsed time: 700 ns
  Feature: FIA_TRACE
    Entry      : 0x10f82000 - IPV4_INPUT_FOR_US_MARTIAN
    Lapsed time: 800 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81c14 - IPV4_INPUT_FNF_FIRST
    Lapsed time: 15280 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81ff4 - IPV4_INPUT_VFR
    Lapsed time: 620 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81c00 - IPV4_INPUT_PBR
    Lapsed time: 23220 ns
  Feature: FIA_TRACE
    Entry      : 0x10f816f4 - IPV4_INPUT_TCP_ADJUST_MSS
    Lapsed time: 1500 ns
  Feature: FIA_TRACE
    Entry      : 0x10f81e90 - IPV4_INPUT_LOOKUP_PROCESS
    Lapsed time: 5100 ns
  Feature: FIA_TRACE

Related Information



TAC Authored

Contributed by Cisco Engineers

  • Prathik Krishnappa
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco