Dépannage du flux de trafic nord-sud de transfert SDA
Table des matières
Introduction
Ce document décrit comment valider le flux de trafic Nord-Sud dans le cadre du Software Defined Access (SDA).
Conditions préalables
Exigences
Cisco vous recommande de prendre connaissance des rubriques suivantes :
- Transfert IP
- Protocole BGP (Border Gateway Protocol)
- Accès défini par logiciel (SD-Access)
Composants utilisés
Les informations contenues dans ce document sont basées sur les versions de matériel et de logiciel suivantes :
C9000v sur Cisco IOS® XE 17.10.1
CSR1Kv sur Cisco IOS® XE 17.3.6
SDA 1.0 (non LISP PubSub)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. Si votre réseau est en ligne, assurez-vous de bien comprendre l’incidence possible des commandes.
Produits associés
Ce document peut également être utilisé avec les versions matérielles et logicielles suivantes :
- C9200
- C9300
- C9400
- C9500
- C9600
- Cisco IOS® XE 16.12 et versions ultérieures
Informations générales
Le flux de trafic nord-sud SDA fait référence au concept selon lequel un terminal qui existe dans le fabric SDA et veut communiquer avec un terminal ou un serveur, qui ne se trouve pas dans le fabric SDA.
- Tout d'abord, le point d'extrémité résout le protocole ARP pour sa passerelle par défaut, qui est le noeud Périphérie du fabric
- Le point d'extrémité envoie ensuite le paquet IP vers la passerelle par défaut, qui est la passerelle Anycast sur le noeud Périphérie du fabric.
- Le noeud Périphérie du fabric utilise Cisco Express Forwarding (CEF) pour envoyer le paquet, lequel est piloté par le protocole LISP (Locator ID Separator Protocol).
- Le noeud Périphérie du fabric possède une entrée de cache de mappage pour 0.0.0.0/0, une route par défaut et l'action consiste à encapsuler tous les paquets vers le routeur PETR (Proxy Egress Tunnel Router) ou le ou les noeuds de périphérie du fabric SDA.
- Le noeud Périphérie du fabric encapsule le paquet IP d'origine dans VXLAN et transfère le paquet vers le ou les noeuds de périphérie du fabric SDA.
- Le noeud de périphérie décapsule le paquet et exécute une recherche IP sur l'adresse IP de destination du paquet d'origine, puis transfère le paquet vers le tronçon suivant approprié, qui est très probablement un routeur Fusion en amont qui ne fait pas partie du fabric SDA.
- Ensuite, pour le trafic de retour dirigé vers le point d'extrémité dans le fabric SDA, le paquet est reçu par le routeur Fusion et exécute également une recherche IP sur l'adresse IP de destination et le transfère vers le tronçon suivant approprié, qui est un noeud de frontière.
- Le noeud Périphérie du fabric consulte le protocole CEF, dérivé du protocole LISP, pour déterminer quel noeud Périphérie du fabric est associé au point d'extrémité, encapsule le paquet d'origine dans le VXLAN et l'envoie.
- La périphérie du fabric décapsule le paquet et transfère le paquet d'origine vers le point d'extrémité.
Workflow de base
Topologie de référence
Pour les besoins de cet exemple, les commutateurs C9000v fonctionnent comme périphérie de fabric et frontières colocalisées. Les routeurs Fusion et le routeur Internet sont des routeurs CSR1Kv. Le point d'extrémité à l'adresse 10.47.4.2 qui se trouve dans le VLAN 1026 et qui fait partie du réseau virtuel (VN) red_vn tente d'envoyer une requête ping à l'adresse 8.8.8.8 qui existe en tant qu'interface Loopback0 sur le routeur Internet.
Vérification du flux de trafic Nord-Sud
Détails de configuration
Configuration de la périphérie 1 (10.47.1.12)
! hostname Edge-1 ! vrf definition red_vn ! address-family ipv4 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! ip routing ! ip dhcp relay information option ! ip dhcp snooping vlan 1025-1026 ip dhcp snooping vlan 1025-1026 proxy-bridge ip dhcp snooping vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! license boot level network-advantage addon dna-advantage license smart transport off ! system mtu 8978 diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! vlan 1025 name blue ! vlan 1026 name red ! vlan 2046 name VOICE_VLAN ! lldp run ! policy-map system-cpp-policy ! interface Loopback0 ip address 10.47.1.12 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface L2LISP0 ip access-group SDA-FABRIC-LISP in ip access-group SDA-FABRIC-LISP out ! interface L2LISP0.8188 ! interface L2LISP0.8190 ! interface GigabitEthernet1/0/1 no switchport ip address 10.47.1.1 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2 no switchport ip address 10.47.1.5 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable ! interface Vlan1025 description Configured from Cisco DNA-Center mac-address 0000.0c9f.fb87 vrf forwarding blue_vn ip address 10.47.7.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility blue-IPV4 ! interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 ! router lisp locator-table default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set ! locator default-set rloc_222e1707-175d-4019-a783-060404f8bc2f service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 091B4C08185447475E5A5D7A7970796A61 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 00531107050A5B535A77151E5B4D544E46 etr map-server 10.47.1.11 proxy-reply etr sgt no map-cache away-eids send-map-request use-petr 10.47.1.10 use-petr 10.47.1.11 proxy-itr 10.47.1.12 exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 055C040E201D1E5C4C534E42595855737F etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change dynamic-eid blue-IPV4 database-mapping 10.47.7.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf blue_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 8188 remote-rloc-probe on-route-change service ethernet eid-table vlan 1025 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! ipv4 locator reachability minimum-mask-length 32 ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4012.00 is-type level-2-only domain-password xxxxxx metric-style wide log-adjacency-changes nsf ietf !
Détails de configuration de Border-1 (10.47.1.10)
! hostname Border-1 ! vrf definition red_vn rd 1:4099 ! address-family ipv4 route-target export 1:4099 route-target import 1:4099 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! aaa session-id common ! ip routing ! vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso crypto engine compliance shield disable ! vlan 3001 name 3001 ! vlan 3002 name 3002 ! interface Loopback0 ip address 10.47.1.10 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface Loopback1026 description Loopback Border vrf forwarding red_vn ip address 10.47.4.1 255.255.255.255 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface GigabitEthernet1/0/1 description Uplink To Fusion Router 1 switchport mode trunk ! interface GigabitEthernet1/0/2 no switchport no ip address ! interface GigabitEthernet1/0/2.69 encapsulation dot1Q 69 ip address 10.47.1.8 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2.421 encapsulation dot1Q 421 vrf forwarding red_vn ip address 10.47.9.1 255.255.255.252 ! interface GigabitEthernet1/0/3 no switchport ip address 10.47.1.0 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/4 no switchport ip address 10.47.1.2 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface Vlan3002 description vrf interface to External router vrf forwarding red_vn ip address 10.47.2.5 255.255.255.252 no ip redirects ip route-cache same-interface ! router lisp locator-table default locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 IPv4-interface Loopback0 priority 10 weight 10 auto-discover-rlocs exit-locator-set ! locator default-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 124E0716135A5C517F7D7D786161734A53 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr sgt proxy-etr proxy-itr 10.47.1.10 map-server map-resolver exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 0758234D4F5849504244525C567E7A7D7C etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 10190B180446425E5952737B767C626C76 etr map-server 10.47.1.11 proxy-reply etr map-server map-resolver exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change service ipv4 eid-table vrf red_vn database-mapping 10.47.2.4/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-red_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change service ipv4 eid-table vrf blue_vn database-mapping 10.47.2.0/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-blue_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! site site_uci description map-server configured from Cisco DNA-Center authentication-key 7 091B4C08185447475E5A5D7A7970796A61 eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics eid-record instance-id 4099 10.47.4.0/24 accept-more-specifics eid-record instance-id 4100 0.0.0.0/0 accept-more-specifics eid-record instance-id 4100 10.47.7.0/24 accept-more-specifics eid-record instance-id 8188 any-mac eid-record instance-id 8190 any-mac exit-site ! ipv4 locator reachability exclude-default ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4010.00 is-type level-2-only domain-password cisco123 metric-style wide log-adjacency-changes nsf ietf default-information originate ! router bgp 69420 bgp router-id interface Loopback0 bgp log-neighbor-changes bgp graceful-restart ! address-family ipv4 vrf blue_vn bgp aggregate-timer 0 network 10.47.2.0 mask 255.255.255.252 network 10.47.7.1 mask 255.255.255.255 aggregate-address 10.47.7.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.2 remote-as 65531 neighbor 10.47.2.2 update-source Vlan3001 neighbor 10.47.2.2 activate neighbor 10.47.2.2 weight 65535 neighbor 10.47.2.2 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! address-family ipv4 vrf red_vn bgp aggregate-timer 0 network 10.47.2.4 mask 255.255.255.252 network 10.47.4.1 mask 255.255.255.255 aggregate-address 10.47.4.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.6 remote-as 65531 neighbor 10.47.2.6 update-source Vlan3002 neighbor 10.47.2.6 activate neighbor 10.47.2.6 weight 65535 neighbor 10.47.2.6 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! ip community-list 1 permit 655370 ! ip prefix-list deny_0.0.0.0 seq 10 permit 0.0.0.0/0 ! ip prefix-list l3handoff-prefixes seq 914788097 permit 10.47.2.12/30 ip prefix-list l3handoff-prefixes seq 934060929 permit 10.47.2.8/30 ip prefix-list l3handoff-prefixes seq 934208897 permit 10.47.2.4/30 ip prefix-list l3handoff-prefixes seq 934356865 permit 10.47.2.0/30 ! ip prefix-list blue_vn seq 337301377 permit 10.47.7.0/24 ip prefix-list blue_vn seq 629796565 permit 0.0.0.0/0 ! ip prefix-list red_vn seq 629796565 permit 0.0.0.0/0 ip prefix-list red_vn seq 927849985 permit 10.47.4.0/24 ! route-map tag_local_eids permit 5 set community 655370 ! route-map DENY-blue_vn deny 5 match ip address prefix-list blue_vn ! route-map DENY-blue_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-blue_vn deny 15 match community 1 ! route-map DENY-blue_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-blue_vn permit 30 ! route-map DENY-red_vn deny 5 match ip address prefix-list red_vn ! route-map DENY-red_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-red_vn deny 15 match community 1 ! route-map DENY-red_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-red_vn permit 30 ! route-map deny_0.0.0.0 deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map deny_0.0.0.0 permit 30 !
Vérification de la périphérie du fabric vers le terminal SDA
Vérification de la programmation des adresses IPDT et MAC
Vérifiez la base de données IPDT (IP Device-Tracking) pour vous assurer qu'il existe une entrée valide pour le terminal
Edge-1#show device-tracking database interface gig1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk 0004:Orig access
0008:Orig trusted trunk 0010:Orig trusted access 0020:DHCP assigned
0040:Cga authenticated 0080:Cert authenticated 0100:Statically assigned
Network Layer Address Link Layer Address Interface vlan prlvl age state Time left
DH4 10.47.4.2 5254.0019.93e9 Gi1/0/3 1026 0024 76s REACHABLE 165 s try 0(21276 s)
**Programmation d’adresses MAC logicielles**
Edge-1#show mac address-table address 5254.0019.93e9
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.0019.93e9 DYNAMIC Gi1/0/3 <--- Endpoint MAC address learnt dynamically in VLAN 1026
Total Mac Addresses for this criterion: 1
**Programmation d'adresses MAC FED logicielles**
Utilisez la commande show platform software fed switch active matm macTable vlan <vlan> mac <adresse mac>
Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026 5254.0019.93e9 0x1 9 0 0 0x7f65ec7bda68 0x7f65ec7c21f8 0x0 0x7f65ec6e1368 300 7 GigabitEthernet1/0/3 Yes
======platform hardware details ======
Asic: 0
htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3]
Asic: 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000000
**MAC Address macHandle Programming**
Prenez la valeur macHandle de la commande précédente (0x7f65ec7bda68) et utilisez dans le commutateur show platform hardware fed active fwd-asic abstraction print-resource-handle <macHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1
Entry 0: (handle 0x7f65ec95dc68)
Absolute Index: 6778
Time Stamp: 4
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================
**Vérification MVID**
Le numéro 7 dans le résultat précédent est l'ID de VLAN mappé (MVID) dans le matériel. Pour vérifier qu'ils correspondent au « vrai » vlan, utilisez show platform software fed switch active vlan <numéro de vlan>
Edge-1#show platform software fed switch active vlan 1026
VLAN Fed Information
Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID
-----------------------------------------------------------------------------------------------------------------------
1026 0x0000000000420011 0x00007f65ec6a08b8 0x00007f65ec6a1138 0x00007f65ec77e838 0x000000000000001d 7
**Vérification du numéro de port global (GPN)**
Pour corréler le GPN avec une interface « réelle », utilisez la commande show platform software fed switch active ifm mappings gpn
Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table
GPN Interface IF_ID IF_TYPE
--------------------------------------------------------------------------------------------------
1 GigabitEthernet1/0/1 0x0000001a ETHER
2 GigabitEthernet1/0/2 0x0000001b ETHER
3 GigabitEthernet1/0/3 0x0000000b ETHER
**MAC Address siHandle Programming**
Prenez la valeur siHandle de la commande précédente (0x7f65ec7c21f8) et utilisez dans le commutateur show platform hardware fed active fwd-asic abstraction print-resource-handle <si_handle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3 mtu_index/l3u_ri_index0:0x0 index1:0xc3 mtu_index/l3u_ri_index1:0x0
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC
Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core
==============================================================
**Vérification de l’index de réécriture des adresses MAC**
Prenez la valeur RI de la commande précédente (0x25) et utilisez dans la plage d’index de réécriture « all rewrite-index » active fwd-asic resource asic switch « show platform hardware fed » <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
**Vérification de l’index de destination des adresses MAC**
Prenez la valeur d’ID de la commande précédente (0x526e) et utilisez dans la plage d’index de toutes les destinations active fwd-asic resource basic switch show platform hardware fed switch <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:
Destination index = 0x526e
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2.
pmap_intf : [GigabitEthernet1/0/3]
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x526e
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
**Vérification du port**
Pour corréler le port qui a été vu précédemment, utilisez la commande show platform software fed switch active ifm mappings et regardez la colonne Port.
Edge-1#show platform software fed switch active ifm mappings
------------------ show platform software fed switch active ifm mappings ------------------
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y
GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y
GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y <-- Matches port 2 from previous output
**Vérification de l'adresse MAC FED matérielle**
Ce résultat dans un scénario de travail/idéal correspond à ce que le décodage macHandle a fourni.
Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 HEAD: MAC address 5254.0019.93e9 in VLAN 1026 KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0 MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0 DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0 Total Mac number of addresses:: 1
- L'ID de VLAN dans le matériel (MVID) est 7
- Adresse MAC : 5254.0019.93e9
- GPN : 3
Vérification de la connectivité ARP et IP
Edge-1#show ip arp vrf red_vn 10.47.4.2 ------------------ show ip arp vrf red_vn 10.47.4.2 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.4.2 156 5254.0019.93e9 ARPA Vlan1026
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 130/145/168 ms
Edge-1#show vlan id 1026 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1026 red active L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026
**Vérification de la base de données LISP L2**
Pour vérifier la base de données LISP de couche 2, utilisez la commande show lisp instance-id <L2 LISP ID> ethernet database <mac address>
Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9 LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 2 5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC Uptime: 2d17h, Last-change: 2d17h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**Vérification de la base de données LISP L2 Address Resolution (AR)**
Pour vérifier la base de données d'AR de couche 2, utilisez la commande show lisp instance-id <L2 LISP ID> ethernet database address-resolution <mac address>
Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9 LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190) (*) -> entry being deleted Hardware Address L3 InstID Host Address 5254.0019.93e9 4099 10.47.4.2/32 <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively
**Vérification de la base de données L3 LISP**
Pour vérifier la base de données LISP L3, utilisez la commande show lisp instance-id <L3 LISP ID> ipv4 database <adresse ipv4/masque de sous-réseau>
Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32 LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 1 10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address Uptime: 2d18h, Last-change: 2d18h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
Point d'extrémité d'entrée de fabric avec capture de paquets intégrée (EPC)
À ce stade, vous pouvez filtrer et comparer les adresses IP réelles (10.47.4.2 en communication avec 8.8.8.8), car il n’y a pas encore eu d’encapsulation VXLAN. Le paquet entre dans le noeud de périphérie du fabric.
Edge-1(config)#ip access-list extended TAC Edge-1(config-ext-nacl)#permit ip host 10.47.4.2 host 8.8.8.8 Edge-1(config-ext-nacl)#permit ip host 8.8.8.8 host 10.47.4.2 Edge-1#monitor capture 1 interface g1/0/3 both access-list TAC Edge-1#monitor capture 1 start Started capture point : 1 Edge-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**Affichage de la capture de paquets avec le mot clé brief**
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.006216 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=0/0, ttl=64 2 0.493181 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=0/0, ttl=253 (request in 1) 3 1.009602 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=1/256, ttl=64 4 1.437506 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=1/256, ttl=253 (request in 3) 5 2.025409 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=2/512, ttl=64 6 2.521520 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=2/512, ttl=253 (request in 5) 7 3.010566 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=3/768, ttl=64 8 3.420162 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=3/768, ttl=253 (request in 7)
**Affichage de la capture de paquets avec un mot clé détaillé**
Edge-1#show monitor capture 1 buffer display-filter "icmp.type==8" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) -----> Endpoint SMAC and Anycast GW MAC
Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9b61 (39777)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x8107 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8Capture de paquets intégrée en sortie de fabric vers les noeuds périphériques
À ce stade, le paquet est encapsulé VXLAN, votre liste de contrôle d'accès ne peut pas correspondre aux adresses IP internes (10.47.4.2 et 8.8.8.8) que vous devez faire correspondre entre RLOC et RLOC. Ensuite, vous pouvez utiliser les filtres Wireshark pour afficher et examiner les adresses internes.
**Affichage de la capture de paquets avec le mot clé brief**
Edge-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.025666 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=3/768, ttl=63 14 0.895095 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=4/1024, ttl=63
**Affichage de la capture de paquets avec un mot clé détaillé**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> These are not the real MAC Addresses, does not capture L3 rewrite properly Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x063b (1595) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0x1db9 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.10 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 -----> VXLAN Destination Port Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 1] [Timestamps] [Time since first frame: 0.869429000 seconds] [Time since previous frame: 0.869429000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 -----> L3 LISP Instance ID tied to this VN Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN Header Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> Inner IPv4 Addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x380e (14350) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0xe55a [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 8.8.8.8 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xd8d0 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 4 (0x0004) Sequence number (LE): 1024 (0x0400) Data (56 bytes)
Vérification de la route de périphérie du fabric vers un client non SDA
Vérification CEF et LISP de la périphérie du fabric
LISP détermine ce que CEF fait lors du transfert du paquet
Edge-1#show lisp instance-id 4099 ipv4 map-cache 0.0.0.0/0 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 0.0.0.0/0, uptime: 3d02h, expires: never, via static-send-map-request Sources: static-send-map-request State: send-map-request, last modified: 3d02h, map-source: local Exempt, Packets out: 24481(14099580 bytes), counters are not accurate (~ 00:00:46 ago) Configured as EID address space Encapsulating to proxy ETR <-- Send the packet to the Proxy Egress Tunnel Router
Edge-1#show run | include use-petr use-petr 10.47.1.10 <-- These PETRs are used for packet forwarding use-petr 10.47.1.11 <-- These PETRs are used for packet forwarding
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
Vérification de la route FMAN RP
Pour vérifier la route d'un point de vue FMAN RP, utilisez la commande show platform software ip switch active r0 cef prefix <adresse réseau/masque de sous-réseau> detail
Edge-1#show platform software ip switch active r0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Convert 0x4f from hex to decimal, result is 79 Prefix Flags: Default OM handle: 0x34802330f0
Comme il y a deux tronçons suivants disponibles, la table de transfert utilise un objet d'équilibrage de charge, utilisez la commande show platform software loadinfo switch active r0 index <convert hex to decimal of OBJ_LOADBALANCE>
Edge-1#show platform software loadinfo switch active r0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 OM handle: 0x34803abbf8
Prenez le handle obj de la commande précédente et utilisez dans show platform software adjacency switch active r0 index <obj handle>
Edge-1#show platform software adjacency switch active r0 index 0x55 Number of adjacency objects: 25 Adjacency id: 0x55 (85) Interface: GigabitEthernet1/0/1, IF index: 26, Link Type: MCP_LINK_IP Encap: 52:54:0:a:42:f3:52:54:0:4:84:b1:8:0 -----> 5254.000a.42f3 (DMAC) 5254.0000.0004.00b1 (SMAC) 0800 (ETYPE) (ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.0 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x3480270910
Prenez le handle obj de la commande précédente et utilisez dans show platform software adjacency switch active r0 index <obj handle>
Edge-1#show platform software adjacency switch active r0 index 0x4c Number of adjacency objects: 25 Adjacency id: 0x4c (76) Interface: GigabitEthernet1/0/2, IF index: 27, Link Type: MCP_LINK_IP Encap: 52:54:0:1c:7d:e0:52:54:0:4:84:a3:8:0 -----> 5254.001c.7de0 (DMAC) 5254.00004.84a3 (SMAC) 0800(ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.4 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803991c0
Les entrées ARP correspondent aux adresses IP du tronçon suivant
Edge-1#show ip arp g1/0/1 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.1 - 5254.0004.84b1 ARPA GigabitEthernet1/0/1 Internet 10.47.1.0 63 5254.000a.42f3 ARPA GigabitEthernet1/0/1
Edge-1#show ip arp g1/0/2 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.5 - 5254.0004.84a3 ARPA GigabitEthernet1/0/2 Internet 10.47.1.4 47 5254.001c.7de0 ARPA GigabitEthernet1/0/2
Vérification du routage FMAN FP
Pour vérifier la route du point de vue FMAN FP, utilisez la commande show platform software ip switch active f0 cef prefix <network/subnet mask> detail
Edge-1#show platform software ip switch active f0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Matches the OBJ_LOADBALANCE object that FMAN RP had Prefix Flags: Default aom id: 165, HW handle: (nil) (created) -----> Object ID that is used in the next command
Prenez la valeur d'id d'aom de la commande précédente et utilisez dans show platform software object-manager switch active f0 object <valeur d'id d'aom>
Edge-1#show platform software object-manager switch active f0 object 165 Object identifier: 165 Description: PREFIX 0.0.0.0/0 (Table id 0) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0x37e9e498
Edge-1#show platform software object-manager switch active f0 object 165 parents Object identifier: 21 Description: ipv4 table 0 (Default), vrf id 0 Status: Done Object identifier: 1451 Description: uRPF-list(hdl=0x00000052) Status: Done Object identifier: 1452 Description: LB 0x4f -----> This load balance object is the same that was observed in previous output, decimal 79 Status: Done
Comme pour FMAN RP, utilisez show platform software loadinfo switch active f0 <convert hex to decimal of the LB object> pour voir ces informations du point de vue FMAN FP
Edge-1#show platform software loadinfo switch active f0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 aom id: 1452, HW handle: (nil)
Prenez le handle obj de la commande précédente et utilisez dans show platform software adjacency switch active f0 index <obj handle>
Edge-1#show platform software object-manager switch active f0 object 0x55 Object identifier: 85 Description: intf L2LISP0, handle 23, hw handle 23, HW dirty: NONE AOM dirty NONE Obj type id: 31 Obj type: dpidb-config Status: Done, Epoch: 0, Client data: 0x37e8e5f8
Edge-1#show platform software object-manager switch active f0 object 0x4c Object identifier: 76 Description: Tx Channel Vlan1026, handle 29, hw handle 29, flag 0x0, dirty hw: NONE dirty aom NONE Obj type id: 33 Obj type: txchan-config Status: Done, Epoch: 0, Client data: 0x37e896a8
Vérification du routage FED
Pour vérifier la route du point de vue FED, utilisez la commande show platform software fed switch active ip route <network/subnet mask>
Edge-1#show platform software fed switch active ip route 0.0.0.0/0
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 0.0.0.0/0 0x7f65ec862228 0x0 0 0 2023/09/21 05:56:21.484 1
FIB: prefix_hdl:0xdd000001, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 ----> Decimal 79 is hex 0x4F
mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0
modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0
bwalk:[req:0 in_prog:0 nested:0]
AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1)
hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458
ADJ:objid:85 {link_type:IP ifnum:0x1a, adj:0xa7000028, si: 0x7f65ec8b8468 IPv4: 10.47.1.0 } <-- Decimal 85 is hex 0x55
ADJ:objid:76 {link_type:IP ifnum:0x1b, adj:0x62000026, si: 0x7f65ec8a5458 IPv4: 10.47.1.4 } <-- Decimal 76 is hex 0x4c
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Décodage HTM de vérification de route FED**
Prenez la valeur htm de la commande précédente (0x7f65ec862228) et utilisez dans le commutateur show platform hardware fed active fwd-asic abstraction print-resource-handle <htm value> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec862228 1 Handle:0x7f65ec862228 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec846388 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f65ec846388) Absolute Index: 92658 Time Stamp: 446 KEY - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 MASK - vrf:4095 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:3 afdLabelOrDestClientId:0 SI:65281 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:1 need_to_learn:1 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:1 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:1 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:1 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**FED Route Verification ECR Object Decode**
Comme la route emprunte deux chemins suivants disponibles, vérifiez le routage à coût égal (ECR) avec la commande show platform software fed switch active ip ecr et recherchez l'objet loadbalance comme obj_id
Edge-1#show platform software fed switch active ip ecr IPV4 ECR table <snip> Entry 3 obj_id 0x4f Num Choices 0x2 Flags 0x00000000 Index 0x7f65ec8029f8 -----> Hex 0x4f to decimal is 79 LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0 modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0 bwalk:[req:0 in_prog:0 nested:0] AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1) hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458 Adj IP 10.47.1.0 adj_id 0x55 SI 0x7f65ec8b8468 -----> The IPv4 next-hop, this adjacency ID has been seen previously Adj IP 10.47.1.4 adj_id 0x4c SI 0x7f65ec8a5458 -----> The IPv4 next-hop, this adjacency ID has been seen previously <snip>
**FED Route Verification ECR Index Decode**
Prenez l'index vu dans la commande précédente (0x7f65ec8029f8) et utilisez dans show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ecr index> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8029f8 1 Handle:0x7f65ec8029f8 Res-Type:ASIC_RSC_LV2_ECR Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x1 mtu_index/l3u_ri_index0:0x0 index1:0x1 mtu_index/l3u_ri_index1:0x0 Cookie length: 128 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Equal Cost Routing Level2 (ECR lv2) [0x1] lv2StationIndex0 = 0xb1 ------> This Station Index is associated with one next-hop adjacency SI handle0 = 0 lv2StationIndex1 = 0xbc ------> This Station Index is associated with one next-hop adjacency SI handle1 = 0
Vérification du tronçon suivant LISP de la périphérie du fabric
Pour capturer les tronçons suivants LISP, vérifiez la route dans CEF dans le VRF
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
Vérification FED de la route de tronçon suivant LISP
Pour obtenir les valeurs si_hdl ou ri_hdl, utilisez la commande show platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
Décodage si_hdl du tronçon suivant LISP
Prenez le si_hdl (0x7f65ec8a9b38) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9b38 1 Handle:0x7f65ec8a9b38 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a9d58Hardware Indices/Handles: index0:0xbf mtu_index/l3u_ri_index0:0x0 index1:0xbf mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD
Décodage d'index de réécriture de tronçon suivant LISP
Pour décoder l'index de réécriture (0x20) et utiliser dans la commande show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x20 0x20 ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, ----> Dummy VXLAN MAC Address Src IP: 10.47.1.12 ----> FE RLOC Dst IP: 10.47.1.10 ----> BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46
Décodage de l'index de destination du tronçon suivant LISP
Pour décoder l'index de destination (0x5012) et utiliser dans la commande show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 al_rsc_cmi ASIC#1: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi
LISP Next-Hop ri_hdl Decode
Pour décoder le ri_hdl, prenez la valeur (0x7f65ec8a9d58) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <di_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9d58 1 Handle:0x7f65ec8a9d58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8aa2c8Hardware Indices/Handles: index0:0x20 mtu_index/l3u_ri_index0:0x0 index1:0x20 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ==============================================================
Vérification de la sous-couche de périphérie du fabric au tronçon suivant
Pour identifier les adresses IP de tronçon suivant sous-jacentes permettant d’atteindre les tronçons suivants LISP, consultez la table de routage
Edge-1#show ip route 10.47.1.10 Routing entry for 10.47.1.10/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.0 on GigabitEthernet1/0/1, 07:10:11 ago Routing Descriptor Blocks: * 10.47.1.0, from 10.47.1.10, 07:10:11 ago, via GigabitEthernet1/0/1 Route metric is 20, traffic share count is 1
Edge-1#show ip route 10.47.1.11 Routing entry for 10.47.1.11/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.4 on GigabitEthernet1/0/2, 1w1d ago Routing Descriptor Blocks: * 10.47.1.4, from 10.47.1.11, 1w1d ago, via GigabitEthernet1/0/2 Route metric is 20, traffic share count is 1
Pour obtenir si_hdl, les informations ri_hdl utilisent la commande show platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
Vérification du tronçon suivant sous-jacent si_hdl Décodage
Pour décoder le si_hdl, prenez le si_hdl (0x7f65ec8a5458) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was already seen RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD -----> Local Data, indicating that this ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was seen previously RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD -----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core. ==============================================================
Décodage d'index de réécriture de vérification de tronçon suivant sous-jacent
Pour décoder l'index de réécriture (0x1a) et utiliser dans la commande show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38
Vérification de tronçon suivant sous-jacent ri_hdl Décodage
Pour décoder le si_hdl, prenez le ri_hdl (0x7f65ec8a4eb8) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1 Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a mtu_index/l3u_ri_index0:0x0 index1:0x1a mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ==============================================================
Noeud en limite entrant EPC depuis le noeud en périphérie du fabric
N’oubliez pas que le paquet est encapsulé VXLAN pour le moment, que vous ne pouvez pas faire correspondre une liste de contrôle d’accès avec les adresses IP internes, que vous devez faire correspondre RLOC avec RLOC, puis que vous pouvez utiliser les filtres Wireshark pour rechercher et filtrer les adresses IP internes.
Border-1(config)#ip access-list extended TAC Border-1(config-ext-nacl)#permit ip host 10.47.1.12 host 10.47.1.10 Border-1(config-ext-nacl)#permit ip host 10.47.1.10 host 10.47.1.12 Border-1#monitor capture 1 interface g1/0/3 both access-list TAC Border-1#monitor capture 1 start Started capture point : 1 Border-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**Affichage de la capture de paquets avec le mot clé brief**
Border-1#show monitor capture 1 buffer display-filter “icmp.type==8” brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.483114 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 4 0.490667 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 7 1.461263 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 8 1.469756 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 11 2.480293 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=2/512, ttl=63
**Affichage de la capture de paquets avec un mot clé détaillé**
Ethernet II, Src: 52:54:00:04:84:b1 (52:54:00:04:84:b1), Dst: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) <--- SMAC (G1/0/1 of FE Node) DMAC (G1/0/3 of BN)
Destination: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC of FE Node, RLOC of BN
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x0490 (1168)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x2064 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.12
Destination: 10.47.1.10
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
Source Port: 65354
Destination Port: 4789 -----> VXLAN Destination Port
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099 -----> L3 LISP ID tied to this VN
Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy Ethernet Header
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> PC Source IP Address Destination IP address
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0xa41e (42014)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x794a [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xfa72 [correct]
[Checksum Status: Good]
Identifier (BE): 30 (0x001e)
Identifier (LE): 7680 (0x1e00)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
Vérification du routage du noeud périphérique vers le client non SDA
Vérification de route de noeud périphérique Programmation IOS
Border-1#show ip route vrf red_vn 8.8.8.8 Routing Table: red_vn Routing entry for 8.8.8.8/32 Known via "bgp 69420", distance 20, metric 0 Tag 65531, type external Redistributing via lisp Last update from 10.47.2.6 03:28:39 ago Routing Descriptor Blocks: * 10.47.2.6, from 10.47.2.6, 03:28:39 ago opaque_ptr 0x7F08285F3C00 Route metric is 0, traffic share count is 1 AS Hops 1 Route tag 65531 MPLS label: none MPLS Flags: NSF
Vérification CEF de la route du noeud périphérique
Border-1#show ip cef vrf red_vn 8.8.8.8 8.8.8.8/32 nexthop 10.47.2.6 Vlan3002
Border-1#show ip vrf detail red_vn | include Table ID Address family ipv4 unicast (Table ID = 0x3): -----> Used in the next command, use the integer that comes after 0x
Programmation de route de noeud périphérique Vérification FMAN RP
Border-1#show platform software ip switch active r0 cef table index 3 prefix 8.8.8.8/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 8.8.8.8/32 OBJ_ADJACENCY 0x1239 -----> Index used in the next command Border-1#show ip arp vrf red_vn vlan 3002 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 142 001e.4982.54bf ARPA Vlan3002 -----> Next Hop
Programmation de routage de noeud périphérique Vérification FMAN FP
Border-1#show platform software ip switch active f0 cef table index 3 prefix 8.8.8.8/32 detail Forwarding Table 8.8.8.8/32 -> OBJ_ADJACENCY (0x1239), urpf: 4669 -----> Matches the index from FMAN RP Prefix Flags: unknown aom id: 32123, HW handle: (nil) (created) <-- Used in the next command
Noeud frontière Programmation de route FMAN Décodage d'objet FP
Prenez l'id aom du résultat précédent et utilisez la commande show platform software object-manager switch active f0 object <id aom>
Border-1#show platform software object-manager switch active f0 object 32123 Object identifier: 32123 Description: PREFIX 8.8.8.8/32 (Table id 3) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0xc630b208 Border-1#show platform software object-manager switch active f0 object 32123 parents Object identifier: 30 Description: ipv4 table 3 (red_vn), vrf id 3 Status: Done Object identifier: 32669 Description: adj 0x1239, Flags None -----> Convert 0x1239 to decimal, get 4665 Status: Done Object identifier: 32675 Description: uRPF-list(hdl=0x0000123d) Status: Done
Prenez la valeur adj précédente en décimal et utilisez la commande show platform software adjacency switch active f0 index <décimal de la valeur adj>
Border-1#show platform software adjacency switch active f0 index 4665 Number of adjacency objects: 27 Adjacency id: 0x1239 (4665) Interface: Vlan3002, IF index: 30, Link Type: MCP_LINK_IP -----> Next-hop interface towards Fusion Router Encap: 0:1e:49:82:54:bf:52:54:0:a:42:e6:8:0 -----> DMAC 001e.4982.54bf SMAC 5254.000a.42e6 0x800 ETYPE Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.2.6 IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 32669, HW handle: (nil) (created)
Vérification de la route du noeud périphérique Programmation FED
Pour vérifier la route dans FED, utilisez la commande show platform software fed switch active ip route vrf <vrf name> <network/subnet mask>
Border-1#show platform software fed switch active ip route vrf red_vn 8.8.8.8/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
3 8.8.8.8/32 0x7f3c607c3878 0x0 0 0 2023/09/25 14:09:10.866 3
FIB: prefix_hdl:0xd50001e0, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:4665 {link_type:IP ifnum:0x1e, adj:0xdf0000c6, si: 0x7f3c608a8ed8 IPv4: 10.47.2.6 } -----> 4665 matches FMAN FP Object
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Noeud en limite Programmation de route Vérification FED Décodage HTM**
Prenez la valeur htm (0x7f3c607c3878) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607c3878 1 Handle:0x7f3c607c3878 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c607c9288 Features sharing this resource:Cookie length: 12 08 08 08 08 00 00 03 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c607c9288) Absolute Index: 62770 Time Stamp: 7 KEY - vrf:3 mtr:0 prefix:8.8.8.8 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:1 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:183 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:42 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
Pour vérifier le paramètre dst_mac, vérifiez le protocole ARP dans le VRF
Border-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.2.6 Vlan3002 001e.4982.54bf 0x7f3c608a8ed8 0x7f3c60ad52c8 0x0 0x1239 2023/09/19 23:22:32.582 Border-1#show ip arp vrf red_vn vlan 3002 ------------------ show ip arp vrf red_vn Vlan3002 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 33 001e.4982.54bf ARPA Vlan3002
**Vérification de la route du noeud périphérique Programmation FED si_hdl Décodage**
Prenez la valeur si_hdl (0x7f3c608a8ed8) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c608a8ed8 1 Handle:0x7f3c608a8ed8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2 priv_ri/priv_si Handle: 0x7f3c60ad52c8Hardware Indices/Handles: index0:0xb7 mtu_index/l3u_ri_index0:0x0 index1:0xb7 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] 57 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xb7] -----> 0xb7 converted from hex to decimal is 183 which was seen on slide 79 RI = 0x1b -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526a -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data. This ASIC is directly connected to the adjacency interface
***Vérification de la route du noeud périphérique Programmation FED Réécriture Index Décodage**
Prenez la valeur RI (0x1b) et utilisez dans la commande show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1b 0x1b ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42
***Vérification de la route du noeud périphérique Programmation FED Décodage de l’index de destination**
Prenez la valeur DI (0x526a) et utilisez la commande show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526a 0x526a ASIC#0: Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] ASIC#1: Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
***Vérification de la route du noeud périphérique Programmation FED Décodage ri_hdl**
Prenez la valeur ri_hdl (0x7f3c60ad52c8) et utilisez dans show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60ad52c8 1 Handle:0x7f3c60ad52c8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c6088a538Hardware Indices/Handles: index0:0x1b mtu_index/l3u_ri_index0:0x0 index1:0x1b mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ==============================================================
Vérification de l'adresse MAC du tronçon suivant du noeud périphérique
**Vérification des adresses MAC IOS et FMAN RP**
Border-1#show mac address-table address 001e.4982.54bf Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 3001 001e.4982.54bf DYNAMIC Gi1/0/1 3002 001e.4982.54bf DYNAMIC Gi1/0/1 Total Mac Addresses for this criterion: 2 Border-1#show platform software matm switch active r0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 OM: 0x348038a100 List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 OM: 0x34803a15d0 List of Ports: 9 -----> This indicates if-id 9
**Vérification des adresses MAC de tronçon suivant FMAN FP**
Border-1#show platform software matm switch active f0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 32668 created List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 32653 created List of Ports: 9
Border-1#show platform software object-manager switch active f0 object 32653 Object identifier: 32653 Description: matm mac entry type VLAN, id 3002, 001e.4982.54bf Obj type id: 455 Obj type: MATM mac entry Status: Done, Epoch: 0, Client data: 0xc6300468
Border-1#show platform software object-manager switch active f0 object 32653 parents Object identifier: 40 Description: intf GigabitEthernet1/0/1, handle 9, hw handle 9, HW dirty: NONE AOM dirty NONE Status: Done Object identifier: 133 Description: matm table type VLAN, id 3002 Status: Done
Border-1#show platform software fed switch active ifm if-id 9 Interface IF_ID : 0x0000000000000009 Interface Name : GigabitEthernet1/0/1
**FED de vérification d’adresse MAC de tronçon suivant**
Border-1#show platform software fed switch active matm macTable vlan 3002 mac 001e.4982.54bf VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3002 001e.4982.54bf 0x1 13 0 0 0x7f3c607bcee8 0x7f3c608a8ed8 0x0 0x7f3c606a76c8 300 13 GigabitEthernet1/0/1 Yes Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c606a76c8 1 Handle:0x7f3c606a76c8 Res-Type:ASIC_RSC_DI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_IFM Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x526a mtu_index/l3u_ri_index0:0x0 index1:0x526a mtu_index/l3u_ri_index1:0x0 Cookie length: 56 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
EPC de sortie du noeud périphérique vers le routeur Fusion
À ce stade, vous pouvez effectuer un filtrage par rapport aux adresses IP d’origine, l’en-tête VXLAN a été supprimé et est transféré normalement vers le routeur de fusion.
Border-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.050 UTC Tue Sep 26 2023 Starting the packet display ........ Press Ctrl + Shift + 6 to exit Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.057 UTC Tue Sep 26 2023 22 7.280477 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=0/0, ttl=63 23 7.316435 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=1/256, ttl=63 30 8.307929 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=2/512, ttl=63 37 9.743485 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=3/768, ttl=63 40 10.312823 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=4/1024, ttl=63
**Affichage de la capture de paquets avec un mot clé détaillé**
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) -----> Does not capture L3 rewrite properly
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: CiscoMetaData (0x8909)
Cisco MetaData
Version: 1
Length: 1
Options: 0x0001
SGT: 0
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> True IPv4 source and destination
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x97b1 (38833)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x85b7 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xade9 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 4 (0x0004)
Sequence number (LE): 1024 (0x0400)
Data (56 bytes)
EPC d'entrée de noeud périphérique du routeur Fusion
À ce stade, vous pouvez effectuer un filtrage par rapport aux adresses IP d’origine, l’en-tête VXLAN a été supprimé et est transféré normalement vers le routeur de fusion.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 26 7.486005 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=0/0, ttl=254 (request in 22) 28 7.602492 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=1/256, ttl=254 (request in 23) 31 8.418010 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=2/512, ttl=254 (request in 30)
**Affichage de la capture de paquets avec un mot clé détaillé**
Ethernet II, Src: 00:1e:49:82:54:bf (00:1e:49:82:54:bf), Dst: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Destination: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Address: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
Address: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 3002
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 1011 1011 1010 = ID: 3002
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9767 (38759)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0xc700 [validation disabled]
[Header checksum status: Unverified]
Source: 8.8.8.8
Destination: 10.47.4.2
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x4509 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 22]
[Response time: 205.528 ms]
Data (56 bytes)
Noeud périphérique Sortie EPC vers noeud de périphérie de fabric
Le paquet est maintenant encapsulé dans VXLAN, vous devez filtrer de RLOC à RLOC, vous ne pouvez pas filtrer et faire correspondre les adresses IP internes dans la liste de contrôle d'accès utilisée dans le cadre de l'EPC.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 21 39.264201 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=0/0, ttl=253 (request in 20) 25 40.291940 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=1/256, ttl=253 (request in 24) 29 41.339627 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=2/512, ttl=253 (request in 28) 37 43.626400 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=3/768, ttl=253 (request in 34)
**Affichage de la capture de paquets avec un mot clé détaillé**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> Does not properly capture L3 rewrite
Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x00d3 (211)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: UDP (17)
Header checksum: 0x6520 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.10
Destination: 10.47.1.12
User Datagram Protocol, Src Port: 65345, Dst Port: 4789
Source Port: 65345
Destination Port: 4789
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099
Reserved: 0
Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:71:00 (00:00:00:00:71:00)
Address: 00:00:00:00:71:00 (00:00:00:00:71:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IPv4 addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x6f66 (28518)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
Vérification du noeud frontière vers le terminal SDA
Vérification LISP du noeud périphérique vers le terminal SDA
Border-1#show lisp instance-id 4099 ipv4 map-cache 10.47.4.2 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 10.47.4.2/32, uptime: 6d17h, expires: 23:08:02, via map-reply, complete Sources: map-reply, site-registration State: complete, last modified: 5d12h, map-source: 10.47.1.12 Exempt, Packets out: 58101(33464626 bytes), counters are not accurate (~ 00:00:09 ago) Configured as EID address space Locator Uptime State Pri/Wgt Encap-IID 10.47.1.12 5d12h up 10/10 - <-- RLOC of the FE node Last up-down state change: 5d12h, state change count: 1 Last route reachability change: 5d12h, state change count: 1 Last priority / weight change: never/never RLOC-probing loc-status algorithm: Last RLOC-probe sent: 00:51:57 (rtt 266ms)
Vérification du routage CEF et FMAN RP du noeud périphérique
Pour vérifier la route vers le point d'extrémité, vérifiez CEF, puis déterminez également l'ID VRF utilisé dans les commandes suivantes
Border-1#show ip cef vrf red_vn 10.47.4.2 10.47.4.2/32 nexthop 10.47.1.12 LISP0.4099
Border-1#show ip vrf detail red_vn | i VRF Id VRF red_vn (VRF Id = 3); default RD 1:4099; default VPNID <-- VRF Id is used later
Border-1#show platform software ip switch active r0 cef table index 3 prefix 10.47.4.2/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 10.47.4.2/32 OBJ_PUSH_COUNTE 0x124c <-- Use in the next command
Vérification de la route FP FMAN du noeud périphérique
Prenez l'index (0x124c) et utilisez dans la commande show platform software push-counter switch active f0 index <index>
Border-1#show platform software push-counter switch active f0 index 0x124c Number of Push Counter oce entries: 6 Index Type Next Object Index Cef Misc Data ------------------------------------------------------------------------------------------------ 0x124c PPC OBJ_ADJACENCY 0x130c aom id: 32712, HW info: (nil) (created) <-- Index is used in the next command
Pour vérifier le RP FMAN de l'objet, utilisez la commande show platform software adjacency switch active r0 index <index>
Border-1#show platform software adjacency switch active r0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803a0c18
Pour vérifier FMAN FP de l'objet, utilisez la commande show platform software adjacency switch active f0 index <index>
Border-1#show platform software adjacency switch active f0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 33287, HW handle: (nil) (created)
Vérification de la route du noeud périphérique Programmation FED
Pour vérifier FED, utilisez la commande show platform software fed switch active ip route <ip address/subnet mask>
Border-1#show platform software fed switch active ip route 10.47.1.12/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 10.47.1.12/32 0x7f3c607b1fa8 0x0 0 0 2023/09/21 05:56:18.346 3
FIB: prefix_hdl:0xcd000023, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:79 {link_type:IP ifnum:0x1b, adj:0x90000026, si: 0x7f3c60989008 IPv4: 10.47.1.1 }
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Vérification de la route du noeud périphérique Programmation FED Décodage HTM**
Utilisez la valeur HTM (0x7f3c607b1fa8) dans la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm valeur> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607b1fa8 1 Handle:0x7f3c607b1fa8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c60888ed8 Features sharing this resource:Cookie length: 12 0c 01 2f 0a 00 00 00 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c60888ed8) Absolute Index: 62678 Time Stamp: 5 KEY - vrf:0 mtr:0 prefix:10.47.1.12 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:180 destined_to_us:0 hw_stats_idx:1 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:38 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**Vérification de la route du noeud périphérique si_hdl Decode**
Pour obtenir si_hdl, ri_hdl, utilisez la commande show platform software fed switch active ip adj <adresse IP>
Border-1#show platform software fed switch active ip adj 10.47.1.12 IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.12 LISP0.4099 4500.0000.0000 0x7f3c607e17f8 0x7f3c60b09f88 0x60 0x130c 2023/09/21 05:56:31.052
Prenez si_hdl (0x7f3c607e17f8) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607e17f8 1 Handle:0x7f3c607e17f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60b09f88Hardware Indices/Handles: index0:0xbe mtu_index/l3u_ri_index0:0x0 index1:0xbe mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 48 65 84 60 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface
**Vérification de routage de noeud périphérique Réécrire le décodage d'index**
Prenez le RI (0x24) et utilisez dans la commande show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x24 0x24 ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 ASIC#:1 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
**Vérification de la route du noeud périphérique Indice de destination Décodage**
Prenez l’ID (0x5012) et utilisez la commande show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0
**Vérification de la route du noeud périphérique ri_hdl Decode**
Prenez le ri_hdl (0x7f3c60b09f88) et utilisez la commande show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60b09f88 1 Handle:0x7f3c60b09f88 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60807728Hardware Indices/Handles: index0:0x24 mtu_index/l3u_ri_index0:0x0 index1:0x24 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2d 00 00 00 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
PCAP entrant en périphérie de fabric à partir du noeud périphérique
Le paquet est toujours encapsulé VXLAN, continuez à filtrer la capture avec l'ACL correspondant RLOC à RLOC, et non avec les adresses IP internes.
Edge-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 12 0.876204 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=3/768, ttl=253 (request in 3) 17 2.614814 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=4/1024, ttl=253 (request in 14)
Ethernet II, Src: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3), Dst: 52:54:00:04:84:b1 (52:54:00:04:84:b1) -----> True MAC addresses Destination: 52:54:00:04:84:b1 (52:54:00:04:84:b1) Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x00e0 (224) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: UDP (17) Header checksum: 0x6613 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.10 Destination: 10.47.1.12 User Datagram Protocol, Src Port: 65345, Dst Port: 4789 Source Port: 65345 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.876204000 seconds] [Time since previous frame: 0.457213000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 Reserved: 0 Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:71:00 (00:00:00:00:71:00) Address: 00:00:00:00:71:00 (00:00:00:00:71:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x37ca (14282) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: ICMP (1) Header checksum: 0x279e [validation disabled] [Header checksum status: Unverified] Source: 8.8.8.8 Destination: 10.47.4.2 Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x2e16 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 3 (0x0003) Sequence number (LE): 768 (0x0300) [Request frame: 3] [Response time: 850.538 ms] Data (56 bytes)
Historique de révision
| Révision | Date de publication | Commentaires |
|---|---|---|
1.0 |
16-Mar-2026
|
Première publication |
CommentairesContacter Cisco
- Ouvrir un dossier d’assistance
- (Un contrat de service de Cisco est requis)