Risoluzione dei problemi relativi al flusso del traffico nord-sud con inoltro SDA
Sommario
Introduzione
Questo documento descrive come convalidare il flusso del traffico da nord a sud come parte di SDA (Software Defined Access).
Prerequisiti
Requisiti
Cisco raccomanda la conoscenza dei seguenti argomenti:
- Inoltro IP
- Border Gateway Protocol (BGP)
- Accesso definito dal software (SD-Access)
Componenti usati
Le informazioni fornite in questo documento si basano sulle seguenti versioni software e hardware:
C9000v su Cisco IOS® XE 17.10.1
CSR1Kv su Cisco IOS® XE 17.3.6
SDA 1.0 (non LISP PubSub)
Le informazioni discusse in questo documento fanno riferimento a dispositivi usati in uno specifico ambiente di emulazione. Su tutti i dispositivi menzionati nel documento la configurazione è stata ripristinata ai valori predefiniti. Se la rete è operativa, valutare attentamente eventuali conseguenze derivanti dall'uso dei comandi.
Prodotti correlati
Il presente documento può essere utilizzato anche per le seguenti versioni hardware e software:
- C9200
- C9300
- C9400
- C9500
- C9600
- Cisco IOS® XE 16.12 e versioni successive
Premesse
Il flusso del traffico nord-sud SDA si riferisce al concetto in base al quale un endpoint esistente all'interno del fabric SDA e che desidera comunicare con un endpoint o un server non si trova all'interno del fabric SDA.
- In primo luogo, l'endpoint risolve ARP per il gateway predefinito, ovvero il nodo Fabric Edge
- Quindi, l'endpoint invia il pacchetto IP al gateway predefinito, ossia il gateway Anycast sul nodo Fabric Edge.
- Il nodo Fabric Edge utilizza Cisco Express Forwarding (CEF) per inviare il pacchetto in uscita, che Locator ID Separator Protocol (LISP) guida CEF.
- Il nodo Fabric Edge ha una voce map-cache per 0.0.0.0/0, il percorso predefinito e l'azione consiste nell'incapsulare tutti i pacchetti verso il router PETR (Proxy Egress Tunnel Router) o i nodi del bordo dell'infrastruttura SDA.
- Il nodo Fabric Edge incapsula il pacchetto IP originale nella VXLAN e inoltra il pacchetto verso i nodi del bordo del fabric SDA.
- Il nodo di bordo decapsula il pacchetto ed esegue una ricerca IP sull'indirizzo IP di destinazione del pacchetto originale e inoltra il pacchetto verso l'hop successivo appropriato, che molto probabilmente è un router Fusion upstream che non fa parte del fabric SDA.
- Successivamente, per il traffico di ritorno verso l'endpoint all'interno dell'infrastruttura SDA, il pacchetto viene ricevuto dal router Fusion ed esegue una ricerca IP sull'indirizzo IP di destinazione e lo inoltra all'hop successivo appropriato, che è un nodo di bordo.
- Il nodo Fabric Border consulta il CEF derivato da LISP per determinare il nodo Fabric Edge associato all'endpoint, incapsulare il pacchetto originale nella VXLAN e inviarlo.
- Fabric Edge decapsula il pacchetto e inoltra il pacchetto originale all'endpoint.
Workflow di base
Topologia di riferimento
Ai fini di questo esempio, gli switch C9000v funzionano come Fabric Edge e come Collocated Borders. I router per la fusione e i router Internet sono router CSR1Kv. L'endpoint con versione 10.47.4.2 della VLAN 1026 e parte di red_vn Virtual Network (VN) sta tentando di eseguire il ping con versione 8.8.8.8 esistente come interfaccia Loopback0 sul router Internet.
Verifica flusso traffico nord-sud
Dettagli configurazione
Configurazione di Edge-1 (10.47.1.12)
! hostname Edge-1 ! vrf definition red_vn ! address-family ipv4 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! ip routing ! ip dhcp relay information option ! ip dhcp snooping vlan 1025-1026 ip dhcp snooping vlan 1025-1026 proxy-bridge ip dhcp snooping vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! license boot level network-advantage addon dna-advantage license smart transport off ! system mtu 8978 diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! vlan 1025 name blue ! vlan 1026 name red ! vlan 2046 name VOICE_VLAN ! lldp run ! policy-map system-cpp-policy ! interface Loopback0 ip address 10.47.1.12 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface L2LISP0 ip access-group SDA-FABRIC-LISP in ip access-group SDA-FABRIC-LISP out ! interface L2LISP0.8188 ! interface L2LISP0.8190 ! interface GigabitEthernet1/0/1 no switchport ip address 10.47.1.1 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2 no switchport ip address 10.47.1.5 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable ! interface Vlan1025 description Configured from Cisco DNA-Center mac-address 0000.0c9f.fb87 vrf forwarding blue_vn ip address 10.47.7.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility blue-IPV4 ! interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 ! router lisp locator-table default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set ! locator default-set rloc_222e1707-175d-4019-a783-060404f8bc2f service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 091B4C08185447475E5A5D7A7970796A61 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 00531107050A5B535A77151E5B4D544E46 etr map-server 10.47.1.11 proxy-reply etr sgt no map-cache away-eids send-map-request use-petr 10.47.1.10 use-petr 10.47.1.11 proxy-itr 10.47.1.12 exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 055C040E201D1E5C4C534E42595855737F etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change dynamic-eid blue-IPV4 database-mapping 10.47.7.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf blue_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 8188 remote-rloc-probe on-route-change service ethernet eid-table vlan 1025 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! ipv4 locator reachability minimum-mask-length 32 ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4012.00 is-type level-2-only domain-password xxxxxx metric-style wide log-adjacency-changes nsf ietf !
Dettagli di configurazione di Border-1 (10.47.1.10)
! hostname Border-1 ! vrf definition red_vn rd 1:4099 ! address-family ipv4 route-target export 1:4099 route-target import 1:4099 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! aaa session-id common ! ip routing ! vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso crypto engine compliance shield disable ! vlan 3001 name 3001 ! vlan 3002 name 3002 ! interface Loopback0 ip address 10.47.1.10 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface Loopback1026 description Loopback Border vrf forwarding red_vn ip address 10.47.4.1 255.255.255.255 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface GigabitEthernet1/0/1 description Uplink To Fusion Router 1 switchport mode trunk ! interface GigabitEthernet1/0/2 no switchport no ip address ! interface GigabitEthernet1/0/2.69 encapsulation dot1Q 69 ip address 10.47.1.8 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2.421 encapsulation dot1Q 421 vrf forwarding red_vn ip address 10.47.9.1 255.255.255.252 ! interface GigabitEthernet1/0/3 no switchport ip address 10.47.1.0 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/4 no switchport ip address 10.47.1.2 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface Vlan3002 description vrf interface to External router vrf forwarding red_vn ip address 10.47.2.5 255.255.255.252 no ip redirects ip route-cache same-interface ! router lisp locator-table default locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 IPv4-interface Loopback0 priority 10 weight 10 auto-discover-rlocs exit-locator-set ! locator default-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 124E0716135A5C517F7D7D786161734A53 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr sgt proxy-etr proxy-itr 10.47.1.10 map-server map-resolver exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 0758234D4F5849504244525C567E7A7D7C etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 10190B180446425E5952737B767C626C76 etr map-server 10.47.1.11 proxy-reply etr map-server map-resolver exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change service ipv4 eid-table vrf red_vn database-mapping 10.47.2.4/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-red_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change service ipv4 eid-table vrf blue_vn database-mapping 10.47.2.0/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-blue_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! site site_uci description map-server configured from Cisco DNA-Center authentication-key 7 091B4C08185447475E5A5D7A7970796A61 eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics eid-record instance-id 4099 10.47.4.0/24 accept-more-specifics eid-record instance-id 4100 0.0.0.0/0 accept-more-specifics eid-record instance-id 4100 10.47.7.0/24 accept-more-specifics eid-record instance-id 8188 any-mac eid-record instance-id 8190 any-mac exit-site ! ipv4 locator reachability exclude-default ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4010.00 is-type level-2-only domain-password cisco123 metric-style wide log-adjacency-changes nsf ietf default-information originate ! router bgp 69420 bgp router-id interface Loopback0 bgp log-neighbor-changes bgp graceful-restart ! address-family ipv4 vrf blue_vn bgp aggregate-timer 0 network 10.47.2.0 mask 255.255.255.252 network 10.47.7.1 mask 255.255.255.255 aggregate-address 10.47.7.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.2 remote-as 65531 neighbor 10.47.2.2 update-source Vlan3001 neighbor 10.47.2.2 activate neighbor 10.47.2.2 weight 65535 neighbor 10.47.2.2 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! address-family ipv4 vrf red_vn bgp aggregate-timer 0 network 10.47.2.4 mask 255.255.255.252 network 10.47.4.1 mask 255.255.255.255 aggregate-address 10.47.4.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.6 remote-as 65531 neighbor 10.47.2.6 update-source Vlan3002 neighbor 10.47.2.6 activate neighbor 10.47.2.6 weight 65535 neighbor 10.47.2.6 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! ip community-list 1 permit 655370 ! ip prefix-list deny_0.0.0.0 seq 10 permit 0.0.0.0/0 ! ip prefix-list l3handoff-prefixes seq 914788097 permit 10.47.2.12/30 ip prefix-list l3handoff-prefixes seq 934060929 permit 10.47.2.8/30 ip prefix-list l3handoff-prefixes seq 934208897 permit 10.47.2.4/30 ip prefix-list l3handoff-prefixes seq 934356865 permit 10.47.2.0/30 ! ip prefix-list blue_vn seq 337301377 permit 10.47.7.0/24 ip prefix-list blue_vn seq 629796565 permit 0.0.0.0/0 ! ip prefix-list red_vn seq 629796565 permit 0.0.0.0/0 ip prefix-list red_vn seq 927849985 permit 10.47.4.0/24 ! route-map tag_local_eids permit 5 set community 655370 ! route-map DENY-blue_vn deny 5 match ip address prefix-list blue_vn ! route-map DENY-blue_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-blue_vn deny 15 match community 1 ! route-map DENY-blue_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-blue_vn permit 30 ! route-map DENY-red_vn deny 5 match ip address prefix-list red_vn ! route-map DENY-red_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-red_vn deny 15 match community 1 ! route-map DENY-red_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-red_vn permit 30 ! route-map deny_0.0.0.0 deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map deny_0.0.0.0 permit 30 !
Verifica del perimetro della struttura verso l'endpoint SDA
Verifica della programmazione degli indirizzi IPDT e MAC
Verificare che il database IPDT (IP Device-Tracking) contenga una voce valida per l'endpoint
Edge-1#show device-tracking database interface gig1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk 0004:Orig access
0008:Orig trusted trunk 0010:Orig trusted access 0020:DHCP assigned
0040:Cga authenticated 0080:Cert authenticated 0100:Statically assigned
Network Layer Address Link Layer Address Interface vlan prlvl age state Time left
DH4 10.47.4.2 5254.0019.93e9 Gi1/0/3 1026 0024 76s REACHABLE 165 s try 0(21276 s)
**Programmazione dell'indirizzo MAC del software**
Edge-1#show mac address-table address 5254.0019.93e9
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.0019.93e9 DYNAMIC Gi1/0/3 <--- Endpoint MAC address learnt dynamically in VLAN 1026
Total Mac Addresses for this criterion: 1
**Programmazione indirizzo MAC FED software**
Usare il comando show platform software fed switch active matm macTable vlan <vlan> mac <indirizzo mac>
Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026 5254.0019.93e9 0x1 9 0 0 0x7f65ec7bda68 0x7f65ec7c21f8 0x0 0x7f65ec6e1368 300 7 GigabitEthernet1/0/3 Yes
======platform hardware details ======
Asic: 0
htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3]
Asic: 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000000
**Programmazione macHandle indirizzo MAC**
Prendere il valore macHandle dal comando precedente (0x7f65ec7bda68) e utilizzare nello switch alimentato dall'hardware della piattaforma show platform l'astrazione fwd-asic attiva handle della risorsa di stampa <macHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1
Entry 0: (handle 0x7f65ec95dc68)
Absolute Index: 6778
Time Stamp: 4
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================
**Verifica MVID**
Il numero 7 nell'output precedente è l'ID della VLAN mappata (MVID) nell'hardware. Per verificare che corrispondano alla vlan "reale", usare il comando show platform software fed switch active vlan<vlan number>
Edge-1#show platform software fed switch active vlan 1026
VLAN Fed Information
Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID
-----------------------------------------------------------------------------------------------------------------------
1026 0x0000000000420011 0x00007f65ec6a08b8 0x00007f65ec6a1138 0x00007f65ec77e838 0x000000000000001d 7
**Verifica GPN (Global Port Number)**
Per correlare il GPN a un'interfaccia "reale", usare il comando show platform software fed switch active ifm mappings gpn
Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table
GPN Interface IF_ID IF_TYPE
--------------------------------------------------------------------------------------------------
1 GigabitEthernet1/0/1 0x0000001a ETHER
2 GigabitEthernet1/0/2 0x0000001b ETHER
3 GigabitEthernet1/0/3 0x0000000b ETHER
**Programmazione siHandle indirizzo MAC**
Sfruttare il valore siHandle del comando precedente (0x7f65ec7c21f8) e utilizzare nello switch con alimentatore hardware della piattaforma show platform active fwd-asic abstraction print-resource-handle <si_handle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3 mtu_index/l3u_ri_index0:0x0 index1:0xc3 mtu_index/l3u_ri_index1:0x0
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC
Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core
==============================================================
**Verifica dell'indice di riscrittura dell'indirizzo MAC**
Prendere il valore RI del comando precedente (0x25) e utilizzarlo nel comando show platform hardware feed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
**Verifica indice destinazione indirizzo MAC**
Accettare il valore DI dall'interfaccia del comando precedente (0x526e) e utilizzare nello switch basato su hardware della piattaforma show platform la risorsa fwd-asic asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:
Destination index = 0x526e
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2.
pmap_intf : [GigabitEthernet1/0/3]
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x526e
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
**Verifica porta**
Per correlare la porta rilevata in precedenza, utilizzare il comando show platform software fed switch active ifm mapping e controllare la colonna Porta.
Edge-1#show platform software fed switch active ifm mappings
------------------ show platform software fed switch active ifm mappings ------------------
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y
GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y
GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y <-- Matches port 2 from previous output
**Verifica indirizzo MAC FED hardware**
Questo output in uno scenario di funzionamento/ideale corrisponde a quello fornito dalla decodifica macHandle.
Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 HEAD: MAC address 5254.0019.93e9 in VLAN 1026 KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0 MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0 DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0 Total Mac number of addresses:: 1
- L'ID VLAN nell'hardware (MVID) è 7
- Indirizzo MAC: 5254.0019.93e9
- GPN: 3
Verifica della connettività ARP e IP
Edge-1#show ip arp vrf red_vn 10.47.4.2 ------------------ show ip arp vrf red_vn 10.47.4.2 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.4.2 156 5254.0019.93e9 ARPA Vlan1026
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 130/145/168 ms
Edge-1#show vlan id 1026 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1026 red active L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026
**Verifica del database LISP L2**
Per controllare il database L2 LISP, utilizzare il comando show lisp instance-id <ID ID LISP L2> ethernet database <indirizzo MAC>
Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9 LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 2 5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC Uptime: 2d17h, Last-change: 2d17h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**Verifica del database LISP L2 Address Resolution (AR)**
Per controllare il database L2 AR, utilizzare il comando show lisp instance-id <ID ID LISP L2> ethernet database address-resolution <indirizzo MAC>
Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9 LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190) (*) -> entry being deleted Hardware Address L3 InstID Host Address 5254.0019.93e9 4099 10.47.4.2/32 <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively
**Verifica del database LISP L3**
Per verificare il database LISP L3, usare il comando show lisp instance-id <L3 LISP ID> database ipv4 <indirizzo ipv4/subnet mask>
Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32 LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 1 10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address Uptime: 2d18h, Last-change: 2d18h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
Endpoint con interfaccia Fabric Edge Ingress Embedded Packet Capture (EPC)
A questo punto, è possibile filtrare e confrontare gli indirizzi IP reali (10.47.4.2 per la versione 8.8.8.8) perché non è stato ancora eseguito l'incapsulamento VXLAN. Il pacchetto sta entrando nel nodo del perimetro della struttura.
Edge-1(config)#ip access-list extended TAC Edge-1(config-ext-nacl)#permit ip host 10.47.4.2 host 8.8.8.8 Edge-1(config-ext-nacl)#permit ip host 8.8.8.8 host 10.47.4.2 Edge-1#monitor capture 1 interface g1/0/3 both access-list TAC Edge-1#monitor capture 1 start Started capture point : 1 Edge-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**Visualizzazione dell'acquisizione del pacchetto con una breve parola chiave**
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.006216 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=0/0, ttl=64 2 0.493181 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=0/0, ttl=253 (request in 1) 3 1.009602 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=1/256, ttl=64 4 1.437506 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=1/256, ttl=253 (request in 3) 5 2.025409 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=2/512, ttl=64 6 2.521520 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=2/512, ttl=253 (request in 5) 7 3.010566 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=3/768, ttl=64 8 3.420162 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=3/768, ttl=253 (request in 7)
**Visualizzazione dell'acquisizione del pacchetto con la parola chiave dettagliata**
Edge-1#show monitor capture 1 buffer display-filter "icmp.type==8" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) -----> Endpoint SMAC and Anycast GW MAC
Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9b61 (39777)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x8107 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8EPC (Fabric Edge Outbound Embedded Packet Capture) verso i nodi del bordo
A questo punto, il pacchetto è incapsulato nella VXLAN. L'ACL non può corrispondere agli indirizzi IP interni (10.47.4.2 e 8.8.8.8). È necessario confrontare il pacchetto con la RLOC e la RLOC. A questo punto, è possibile utilizzare i filtri Wireshark per visualizzare e visualizzare gli indirizzi interni.
**Visualizzazione dell'acquisizione del pacchetto con una breve parola chiave**
Edge-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.025666 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=3/768, ttl=63 14 0.895095 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=4/1024, ttl=63
**Visualizzazione dell'acquisizione del pacchetto con la parola chiave dettagliata**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> These are not the real MAC Addresses, does not capture L3 rewrite properly Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x063b (1595) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0x1db9 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.10 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 -----> VXLAN Destination Port Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 1] [Timestamps] [Time since first frame: 0.869429000 seconds] [Time since previous frame: 0.869429000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 -----> L3 LISP Instance ID tied to this VN Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN Header Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> Inner IPv4 Addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x380e (14350) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0xe55a [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 8.8.8.8 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xd8d0 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 4 (0x0004) Sequence number (LE): 1024 (0x0400) Data (56 bytes)
Verifica Fabric Edge Route verso client non SDA
Verifica Fabric Edge CEF e LISP
LISP guida l'attività del CEF durante l'inoltro del pacchetto
Edge-1#show lisp instance-id 4099 ipv4 map-cache 0.0.0.0/0 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 0.0.0.0/0, uptime: 3d02h, expires: never, via static-send-map-request Sources: static-send-map-request State: send-map-request, last modified: 3d02h, map-source: local Exempt, Packets out: 24481(14099580 bytes), counters are not accurate (~ 00:00:46 ago) Configured as EID address space Encapsulating to proxy ETR <-- Send the packet to the Proxy Egress Tunnel Router
Edge-1#show run | include use-petr use-petr 10.47.1.10 <-- These PETRs are used for packet forwarding use-petr 10.47.1.11 <-- These PETRs are used for packet forwarding
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
Verifica route FMAN RP
Per verificare la route dalla prospettiva di un RP FMAN, usare il comando show platform software ip switch active r0 cef prefix <indirizzo di rete/subnet mask> detail
Edge-1#show platform software ip switch active r0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Convert 0x4f from hex to decimal, result is 79 Prefix Flags: Default OM handle: 0x34802330f0
Poiché sono disponibili due hop successivi, la tabella di inoltro utilizza un oggetto loadbalancing, utilizzare il comando show platform software loadinfo switch active r0 index <convert hex to decimal of OBJ_LOADBALANCE>
Edge-1#show platform software loadinfo switch active r0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 OM handle: 0x34803abbf8
Prendere la maniglia obj del comando precedente e utilizzare in show platform software adiacency switch active r0 index <maniglia obj>
Edge-1#show platform software adjacency switch active r0 index 0x55 Number of adjacency objects: 25 Adjacency id: 0x55 (85) Interface: GigabitEthernet1/0/1, IF index: 26, Link Type: MCP_LINK_IP Encap: 52:54:0:a:42:f3:52:54:0:4:84:b1:8:0 -----> 5254.000a.42f3 (DMAC) 5254.0000.0004.00b1 (SMAC) 0800 (ETYPE) (ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.0 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x3480270910
Prendere la maniglia obj del comando precedente e utilizzare in show platform software adiacency switch active r0 index <maniglia obj>
Edge-1#show platform software adjacency switch active r0 index 0x4c Number of adjacency objects: 25 Adjacency id: 0x4c (76) Interface: GigabitEthernet1/0/2, IF index: 27, Link Type: MCP_LINK_IP Encap: 52:54:0:1c:7d:e0:52:54:0:4:84:a3:8:0 -----> 5254.001c.7de0 (DMAC) 5254.00004.84a3 (SMAC) 0800(ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.4 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803991c0
Le voci ARP corrispondono agli indirizzi IP dell'hop successivo
Edge-1#show ip arp g1/0/1 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.1 - 5254.0004.84b1 ARPA GigabitEthernet1/0/1 Internet 10.47.1.0 63 5254.000a.42f3 ARPA GigabitEthernet1/0/1
Edge-1#show ip arp g1/0/2 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.5 - 5254.0004.84a3 ARPA GigabitEthernet1/0/2 Internet 10.47.1.4 47 5254.001c.7de0 ARPA GigabitEthernet1/0/2
Verifica route FP FMAN
Per verificare la route da una prospettiva FP di FMAN, usare il comando show platform software ip switch active f0 cef prefix <network/subnet mask> detail
Edge-1#show platform software ip switch active f0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Matches the OBJ_LOADBALANCE object that FMAN RP had Prefix Flags: Default aom id: 165, HW handle: (nil) (created) -----> Object ID that is used in the next command
Prendere il valore aom id del comando precedente e usarlo in show platform software object-manager switch active f0 object <aom id value>
Edge-1#show platform software object-manager switch active f0 object 165 Object identifier: 165 Description: PREFIX 0.0.0.0/0 (Table id 0) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0x37e9e498
Edge-1#show platform software object-manager switch active f0 object 165 parents Object identifier: 21 Description: ipv4 table 0 (Default), vrf id 0 Status: Done Object identifier: 1451 Description: uRPF-list(hdl=0x00000052) Status: Done Object identifier: 1452 Description: LB 0x4f -----> This load balance object is the same that was observed in previous output, decimal 79 Status: Done
Analogamente a FMAN RP, utilizzare show platform software loadinfo switch active f0 <converte hex in decimale dell'oggetto LB> per visualizzare queste informazioni da una prospettiva FP di FMAN
Edge-1#show platform software loadinfo switch active f0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 aom id: 1452, HW handle: (nil)
Prendere la maniglia obj del comando precedente e utilizzare in show platform software adiacency switch active f0 index <maniglia obj>
Edge-1#show platform software object-manager switch active f0 object 0x55 Object identifier: 85 Description: intf L2LISP0, handle 23, hw handle 23, HW dirty: NONE AOM dirty NONE Obj type id: 31 Obj type: dpidb-config Status: Done, Epoch: 0, Client data: 0x37e8e5f8
Edge-1#show platform software object-manager switch active f0 object 0x4c Object identifier: 76 Description: Tx Channel Vlan1026, handle 29, hw handle 29, flag 0x0, dirty hw: NONE dirty aom NONE Obj type id: 33 Obj type: txchan-config Status: Done, Epoch: 0, Client data: 0x37e896a8
Verifica route FED
Per verificare la route da una prospettiva FED, usare il comando show platform software fed switch active ip route <network/subnet mask>
Edge-1#show platform software fed switch active ip route 0.0.0.0/0
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 0.0.0.0/0 0x7f65ec862228 0x0 0 0 2023/09/21 05:56:21.484 1
FIB: prefix_hdl:0xdd000001, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 ----> Decimal 79 is hex 0x4F
mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0
modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0
bwalk:[req:0 in_prog:0 nested:0]
AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1)
hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458
ADJ:objid:85 {link_type:IP ifnum:0x1a, adj:0xa7000028, si: 0x7f65ec8b8468 IPv4: 10.47.1.0 } <-- Decimal 85 is hex 0x55
ADJ:objid:76 {link_type:IP ifnum:0x1b, adj:0x62000026, si: 0x7f65ec8a5458 IPv4: 10.47.1.4 } <-- Decimal 76 is hex 0x4c
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Decodifica HTM verifica route FED**
Prendere il valore htm del comando precedente (0x7f65ec862228) e usarlo nello switch basato su hardware della piattaforma show platform active fwd-asic abstraction print-resource-handle <htm valore> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec862228 1 Handle:0x7f65ec862228 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec846388 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f65ec846388) Absolute Index: 92658 Time Stamp: 446 KEY - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 MASK - vrf:4095 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:3 afdLabelOrDestClientId:0 SI:65281 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:1 need_to_learn:1 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:1 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:1 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:1 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**Verifica route FED - Decodifica oggetto ECR**
Poiché il percorso richiede due percorsi successivi disponibili, controllare l'ECR (equal-cost-routing) con il comando show platform software fed switch active ip ecr e cercare l'oggetto loadbalance come obj_id
Edge-1#show platform software fed switch active ip ecr IPV4 ECR table <snip> Entry 3 obj_id 0x4f Num Choices 0x2 Flags 0x00000000 Index 0x7f65ec8029f8 -----> Hex 0x4f to decimal is 79 LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0 modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0 bwalk:[req:0 in_prog:0 nested:0] AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1) hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458 Adj IP 10.47.1.0 adj_id 0x55 SI 0x7f65ec8b8468 -----> The IPv4 next-hop, this adjacency ID has been seen previously Adj IP 10.47.1.4 adj_id 0x4c SI 0x7f65ec8a5458 -----> The IPv4 next-hop, this adjacency ID has been seen previously <snip>
**Decodifica indice ECR verifica route FED**
Usare l'indice illustrato nel comando precedente (0x7f65ec8029f8) e usare lo switch alimentato dall'hardware della piattaforma active fwd-asic abstraction print-resource-handle <ecr index> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8029f8 1 Handle:0x7f65ec8029f8 Res-Type:ASIC_RSC_LV2_ECR Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x1 mtu_index/l3u_ri_index0:0x0 index1:0x1 mtu_index/l3u_ri_index1:0x0 Cookie length: 128 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Equal Cost Routing Level2 (ECR lv2) [0x1] lv2StationIndex0 = 0xb1 ------> This Station Index is associated with one next-hop adjacency SI handle0 = 0 lv2StationIndex1 = 0xbc ------> This Station Index is associated with one next-hop adjacency SI handle1 = 0
Verifica Next-Hop LISP Fabric Edge
Per acquisire gli hop successivi LISP, controllare il percorso in CEF nel VRF
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
Verifica feed route FED LISP Next-Hop
Per ottenere i valori si_hdl o ri_hdl, usare il comando show platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
LISP Next-Hop si_hdl Decodifica
Prendere il si_hdl (0x7f65ec8a9b38) e usare nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9b38 1 Handle:0x7f65ec8a9b38 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a9d58Hardware Indices/Handles: index0:0xbf mtu_index/l3u_ri_index0:0x0 index1:0xbf mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD
Decodifica indice riscrittura hop successivo LISP
Per decodificare l'indice di riscrittura (0x20) e usare nel comando show platform hardware feed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x20 0x20 ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, ----> Dummy VXLAN MAC Address Src IP: 10.47.1.12 ----> FE RLOC Dst IP: 10.47.1.10 ----> BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46
Decodifica indice destinazione LISP Next-Hop
Per decodificare l'indice di destinazione (0x5012) e usare nel comando show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 al_rsc_cmi ASIC#1: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi
LISP Next-Hop ri_hdl Decodifica
Per decodificare il ri_hdl, prendere il valore (0x7f65ec8a9d58) e usare nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <di_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9d58 1 Handle:0x7f65ec8a9d58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8aa2c8Hardware Indices/Handles: index0:0x20 mtu_index/l3u_ri_index0:0x0 index1:0x20 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ==============================================================
Verifica Next-Hop Underlay Spigolo Fabric
Per identificare gli indirizzi IP dell'hop successivo sottostanti che devono raggiungere gli hop successivi LISP, controllare la tabella di routing
Edge-1#show ip route 10.47.1.10 Routing entry for 10.47.1.10/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.0 on GigabitEthernet1/0/1, 07:10:11 ago Routing Descriptor Blocks: * 10.47.1.0, from 10.47.1.10, 07:10:11 ago, via GigabitEthernet1/0/1 Route metric is 20, traffic share count is 1
Edge-1#show ip route 10.47.1.11 Routing entry for 10.47.1.11/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.4 on GigabitEthernet1/0/2, 1w1d ago Routing Descriptor Blocks: * 10.47.1.4, from 10.47.1.11, 1w1d ago, via GigabitEthernet1/0/2 Route metric is 20, traffic share count is 1
Per ottenere si_hdl, usare il comando show platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
Decodifica si_hdl verifica hop successivo sottostante
Per decodificare si_hdl, usare si_hdl (0x7f65ec8a5458) e usare nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was already seen RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD -----> Local Data, indicating that this ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was seen previously RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD -----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core. ==============================================================
Decodifica indice riscrittura verifica hop successivo sottostante
Per decodificare l'indice di riscrittura (0x1a) e usare nel comando show platform hardware feed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38
Decodifica ri_hdl verifica hop successivo sottostante
Per decodificare si_hdl, usare ri_hdl (0x7f65ec8a4eb8) e nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1 Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a mtu_index/l3u_ri_index0:0x0 index1:0x1a mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ==============================================================
EPC in entrata nodo di bordo da nodo di bordo fabric
Tenere presente che al momento il pacchetto è incapsulato dalla VXLAN, che non è possibile stabilire una corrispondenza tra un ACL e gli indirizzi IP interni, che è necessario stabilire una corrispondenza tra RLOC e RLOC e quindi utilizzare i filtri Wireshark per cercare e filtrare gli indirizzi IP interni.
Border-1(config)#ip access-list extended TAC Border-1(config-ext-nacl)#permit ip host 10.47.1.12 host 10.47.1.10 Border-1(config-ext-nacl)#permit ip host 10.47.1.10 host 10.47.1.12 Border-1#monitor capture 1 interface g1/0/3 both access-list TAC Border-1#monitor capture 1 start Started capture point : 1 Border-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**Visualizzazione dell'acquisizione dei pacchetti con una breve parola chiave**
Border-1#show monitor capture 1 buffer display-filter “icmp.type==8” brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.483114 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 4 0.490667 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 7 1.461263 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 8 1.469756 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 11 2.480293 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=2/512, ttl=63
**Visualizzazione dell'acquisizione dei pacchetti con la parola chiave dettagliata**
Ethernet II, Src: 52:54:00:04:84:b1 (52:54:00:04:84:b1), Dst: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) <--- SMAC (G1/0/1 of FE Node) DMAC (G1/0/3 of BN)
Destination: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC of FE Node, RLOC of BN
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x0490 (1168)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x2064 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.12
Destination: 10.47.1.10
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
Source Port: 65354
Destination Port: 4789 -----> VXLAN Destination Port
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099 -----> L3 LISP ID tied to this VN
Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy Ethernet Header
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> PC Source IP Address Destination IP address
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0xa41e (42014)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x794a [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xfa72 [correct]
[Checksum Status: Good]
Identifier (BE): 30 (0x001e)
Identifier (LE): 7680 (0x1e00)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
Verifica percorso nodo di confine verso client non SDA
Programmazione IOS di verifica route nodo di bordo
Border-1#show ip route vrf red_vn 8.8.8.8 Routing Table: red_vn Routing entry for 8.8.8.8/32 Known via "bgp 69420", distance 20, metric 0 Tag 65531, type external Redistributing via lisp Last update from 10.47.2.6 03:28:39 ago Routing Descriptor Blocks: * 10.47.2.6, from 10.47.2.6, 03:28:39 ago opaque_ptr 0x7F08285F3C00 Route metric is 0, traffic share count is 1 AS Hops 1 Route tag 65531 MPLS label: none MPLS Flags: NSF
Verifica CEF route nodo di bordo
Border-1#show ip cef vrf red_vn 8.8.8.8 8.8.8.8/32 nexthop 10.47.2.6 Vlan3002
Border-1#show ip vrf detail red_vn | include Table ID Address family ipv4 unicast (Table ID = 0x3): -----> Used in the next command, use the integer that comes after 0x
Verifica RP FMAN per la programmazione dei nodi di bordo
Border-1#show platform software ip switch active r0 cef table index 3 prefix 8.8.8.8/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 8.8.8.8/32 OBJ_ADJACENCY 0x1239 -----> Index used in the next command Border-1#show ip arp vrf red_vn vlan 3002 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 142 001e.4982.54bf ARPA Vlan3002 -----> Next Hop
Verifica FP FMAN per la programmazione dei nodi di bordo
Border-1#show platform software ip switch active f0 cef table index 3 prefix 8.8.8.8/32 detail Forwarding Table 8.8.8.8/32 -> OBJ_ADJACENCY (0x1239), urpf: 4669 -----> Matches the index from FMAN RP Prefix Flags: unknown aom id: 32123, HW handle: (nil) (created) <-- Used in the next command
Decodifica oggetto FP FMAN per la programmazione della route del nodo di bordo
Prendere l'id aom dall'output precedente e usare il comando show platform software object-manager switch active f0 object <id aom>
Border-1#show platform software object-manager switch active f0 object 32123 Object identifier: 32123 Description: PREFIX 8.8.8.8/32 (Table id 3) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0xc630b208 Border-1#show platform software object-manager switch active f0 object 32123 parents Object identifier: 30 Description: ipv4 table 3 (red_vn), vrf id 3 Status: Done Object identifier: 32669 Description: adj 0x1239, Flags None -----> Convert 0x1239 to decimal, get 4665 Status: Done Object identifier: 32675 Description: uRPF-list(hdl=0x0000123d) Status: Done
Prendere il valore di regolazione precedente in decimale e usare nel comando show platform software adiacency switch active f0 index <decimal of adj value>
Border-1#show platform software adjacency switch active f0 index 4665 Number of adjacency objects: 27 Adjacency id: 0x1239 (4665) Interface: Vlan3002, IF index: 30, Link Type: MCP_LINK_IP -----> Next-hop interface towards Fusion Router Encap: 0:1e:49:82:54:bf:52:54:0:a:42:e6:8:0 -----> DMAC 001e.4982.54bf SMAC 5254.000a.42e6 0x800 ETYPE Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.2.6 IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 32669, HW handle: (nil) (created)
Programmazione FED di verifica route nodo di bordo
Per verificare la route nel feed, utilizzare il comando show platform software fed switch active ip route vrf <nome vrf> <rete/subnet mask>
Border-1#show platform software fed switch active ip route vrf red_vn 8.8.8.8/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
3 8.8.8.8/32 0x7f3c607c3878 0x0 0 0 2023/09/25 14:09:10.866 3
FIB: prefix_hdl:0xd50001e0, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:4665 {link_type:IP ifnum:0x1e, adj:0xdf0000c6, si: 0x7f3c608a8ed8 IPv4: 10.47.2.6 } -----> 4665 matches FMAN FP Object
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Decodifica HTM verifica FED programmazione nodi di bordo**
Utilizzare il valore htm (0x7f3c607c3878) e il comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607c3878 1 Handle:0x7f3c607c3878 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c607c9288 Features sharing this resource:Cookie length: 12 08 08 08 08 00 00 03 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c607c9288) Absolute Index: 62770 Time Stamp: 7 KEY - vrf:3 mtr:0 prefix:8.8.8.8 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:1 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:183 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:42 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
Per verificare dst_mac, controllare ARP nel VRF
Border-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.2.6 Vlan3002 001e.4982.54bf 0x7f3c608a8ed8 0x7f3c60ad52c8 0x0 0x1239 2023/09/19 23:22:32.582 Border-1#show ip arp vrf red_vn vlan 3002 ------------------ show ip arp vrf red_vn Vlan3002 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 33 001e.4982.54bf ARPA Vlan3002
**Decodifica si_hdl verifica FED verifica route nodi bordo**
Prendere il valore si_hdl (0x7f3c608a8ed8) e usarlo nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c608a8ed8 1 Handle:0x7f3c608a8ed8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2 priv_ri/priv_si Handle: 0x7f3c60ad52c8Hardware Indices/Handles: index0:0xb7 mtu_index/l3u_ri_index0:0x0 index1:0xb7 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] 57 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xb7] -----> 0xb7 converted from hex to decimal is 183 which was seen on slide 79 RI = 0x1b -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526a -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data. This ASIC is directly connected to the adjacency interface
***Decodifica indice riscrittura programmazione FED verifica route nodo di bordo**
Utilizzare il valore RI (0x1b) e il comando show platform hardware feed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1b 0x1b ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42
***Decodifica indice destinazione programmazione FED verifica route nodo bordo**
Prendere il valore DI (0x526a) e usare nel comando show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526a 0x526a ASIC#0: Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] ASIC#1: Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
***Decodifica ri_hdl verifica FED di routing del nodo di bordo**
Prendere il valore ri_hdl (0x7f3c60ad52c8) e usarlo in show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60ad52c8 1 Handle:0x7f3c60ad52c8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c6088a538Hardware Indices/Handles: index0:0x1b mtu_index/l3u_ri_index0:0x0 index1:0x1b mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ==============================================================
Verifica indirizzo MAC hop successivo nodo di bordo
**Verifica indirizzo MAC IOS e FMAN RP**
Border-1#show mac address-table address 001e.4982.54bf Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 3001 001e.4982.54bf DYNAMIC Gi1/0/1 3002 001e.4982.54bf DYNAMIC Gi1/0/1 Total Mac Addresses for this criterion: 2 Border-1#show platform software matm switch active r0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 OM: 0x348038a100 List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 OM: 0x34803a15d0 List of Ports: 9 -----> This indicates if-id 9
**Verifica indirizzo MAC Next-Hop FMAN FP**
Border-1#show platform software matm switch active f0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 32668 created List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 32653 created List of Ports: 9
Border-1#show platform software object-manager switch active f0 object 32653 Object identifier: 32653 Description: matm mac entry type VLAN, id 3002, 001e.4982.54bf Obj type id: 455 Obj type: MATM mac entry Status: Done, Epoch: 0, Client data: 0xc6300468
Border-1#show platform software object-manager switch active f0 object 32653 parents Object identifier: 40 Description: intf GigabitEthernet1/0/1, handle 9, hw handle 9, HW dirty: NONE AOM dirty NONE Status: Done Object identifier: 133 Description: matm table type VLAN, id 3002 Status: Done
Border-1#show platform software fed switch active ifm if-id 9 Interface IF_ID : 0x0000000000000009 Interface Name : GigabitEthernet1/0/1
**FED verifica indirizzo MAC hop successivo**
Border-1#show platform software fed switch active matm macTable vlan 3002 mac 001e.4982.54bf VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3002 001e.4982.54bf 0x1 13 0 0 0x7f3c607bcee8 0x7f3c608a8ed8 0x0 0x7f3c606a76c8 300 13 GigabitEthernet1/0/1 Yes Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c606a76c8 1 Handle:0x7f3c606a76c8 Res-Type:ASIC_RSC_DI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_IFM Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x526a mtu_index/l3u_ri_index0:0x0 index1:0x526a mtu_index/l3u_ri_index1:0x0 Cookie length: 56 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
EPC in uscita dal nodo di confine verso il router di fusione
A questo punto è possibile applicare un filtro in base agli indirizzi IP originali. L'intestazione VXLAN è stata eliminata e inoltrata normalmente verso il router di fusione.
Border-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.050 UTC Tue Sep 26 2023 Starting the packet display ........ Press Ctrl + Shift + 6 to exit Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.057 UTC Tue Sep 26 2023 22 7.280477 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=0/0, ttl=63 23 7.316435 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=1/256, ttl=63 30 8.307929 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=2/512, ttl=63 37 9.743485 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=3/768, ttl=63 40 10.312823 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=4/1024, ttl=63
**Visualizzazione dell'acquisizione del pacchetto con la parola chiave dettagliata**
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) -----> Does not capture L3 rewrite properly
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: CiscoMetaData (0x8909)
Cisco MetaData
Version: 1
Length: 1
Options: 0x0001
SGT: 0
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> True IPv4 source and destination
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x97b1 (38833)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x85b7 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xade9 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 4 (0x0004)
Sequence number (LE): 1024 (0x0400)
Data (56 bytes)
EPC in entrata nel nodo di bordo dal router di fusione
A questo punto è possibile applicare un filtro in base agli indirizzi IP originali. L'intestazione VXLAN è stata eliminata e inoltrata normalmente verso il router di fusione.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 26 7.486005 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=0/0, ttl=254 (request in 22) 28 7.602492 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=1/256, ttl=254 (request in 23) 31 8.418010 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=2/512, ttl=254 (request in 30)
**Visualizzazione dell'acquisizione del pacchetto con la parola chiave dettagliata**
Ethernet II, Src: 00:1e:49:82:54:bf (00:1e:49:82:54:bf), Dst: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Destination: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Address: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
Address: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 3002
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 1011 1011 1010 = ID: 3002
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9767 (38759)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0xc700 [validation disabled]
[Header checksum status: Unverified]
Source: 8.8.8.8
Destination: 10.47.4.2
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x4509 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 22]
[Response time: 205.528 ms]
Data (56 bytes)
EPC in uscita dal nodo di bordo verso Fabric Edge Node
Il pacchetto è ora incapsulato in VXLAN, è necessario filtrare da RLOC a RLOC, non è possibile filtrare gli indirizzi IP interni nell'ACL usato come parte dell'EPC e trovare le corrispondenze.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 21 39.264201 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=0/0, ttl=253 (request in 20) 25 40.291940 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=1/256, ttl=253 (request in 24) 29 41.339627 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=2/512, ttl=253 (request in 28) 37 43.626400 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=3/768, ttl=253 (request in 34)
**Visualizzazione dell'acquisizione del pacchetto con la parola chiave dettagliata**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> Does not properly capture L3 rewrite
Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x00d3 (211)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: UDP (17)
Header checksum: 0x6520 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.10
Destination: 10.47.1.12
User Datagram Protocol, Src Port: 65345, Dst Port: 4789
Source Port: 65345
Destination Port: 4789
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099
Reserved: 0
Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:71:00 (00:00:00:00:71:00)
Address: 00:00:00:00:71:00 (00:00:00:00:71:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IPv4 addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x6f66 (28518)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
Verifica del nodo di confine verso l'endpoint SDA
Verifica LISP nodo di confine verso endpoint SDA
Border-1#show lisp instance-id 4099 ipv4 map-cache 10.47.4.2 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 10.47.4.2/32, uptime: 6d17h, expires: 23:08:02, via map-reply, complete Sources: map-reply, site-registration State: complete, last modified: 5d12h, map-source: 10.47.1.12 Exempt, Packets out: 58101(33464626 bytes), counters are not accurate (~ 00:00:09 ago) Configured as EID address space Locator Uptime State Pri/Wgt Encap-IID 10.47.1.12 5d12h up 10/10 - <-- RLOC of the FE node Last up-down state change: 5d12h, state change count: 1 Last route reachability change: 5d12h, state change count: 1 Last priority / weight change: never/never RLOC-probing loc-status algorithm: Last RLOC-probe sent: 00:51:57 (rtt 266ms)
Verifica route CEF e FMAN RP del nodo di bordo
Per verificare il percorso verso l'endpoint, controllare CEF e quindi determinare anche l'ID VRF utilizzato nei comandi successivi
Border-1#show ip cef vrf red_vn 10.47.4.2 10.47.4.2/32 nexthop 10.47.1.12 LISP0.4099
Border-1#show ip vrf detail red_vn | i VRF Id VRF red_vn (VRF Id = 3); default RD 1:4099; default VPNID <-- VRF Id is used later
Border-1#show platform software ip switch active r0 cef table index 3 prefix 10.47.4.2/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 10.47.4.2/32 OBJ_PUSH_COUNTE 0x124c <-- Use in the next command
Verifica route FP FMAN del nodo di bordo
Prendere l'indice (0x124c) e usarlo nel comando show platform software push-counter switch active f0 index <index>
Border-1#show platform software push-counter switch active f0 index 0x124c Number of Push Counter oce entries: 6 Index Type Next Object Index Cef Misc Data ------------------------------------------------------------------------------------------------ 0x124c PPC OBJ_ADJACENCY 0x130c aom id: 32712, HW info: (nil) (created) <-- Index is used in the next command
Per verificare l'RP FMAN dell'oggetto, usare il comando show platform software adiacency switch active r0 index <index>
Border-1#show platform software adjacency switch active r0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803a0c18
Per verificare l'FP FMAN dell'oggetto, usare il comando show platform software adiacency switch active f0 index <index>
Border-1#show platform software adjacency switch active f0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 33287, HW handle: (nil) (created)
Programmazione FED di verifica route nodo di bordo
Per verificare il valore FED, usare il comando show platform software fed switch active ip route <indirizzo ip/subnet mask>
Border-1#show platform software fed switch active ip route 10.47.1.12/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 10.47.1.12/32 0x7f3c607b1fa8 0x0 0 0 2023/09/21 05:56:18.346 3
FIB: prefix_hdl:0xcd000023, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:79 {link_type:IP ifnum:0x1b, adj:0x90000026, si: 0x7f3c60989008 IPv4: 10.47.1.1 }
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Decodifica HTM di programmazione FED di verifica route del nodo di bordo**
Utilizzare il valore HTM (0x7f3c607b1fa8) nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm valore> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607b1fa8 1 Handle:0x7f3c607b1fa8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c60888ed8 Features sharing this resource:Cookie length: 12 0c 01 2f 0a 00 00 00 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c60888ed8) Absolute Index: 62678 Time Stamp: 5 KEY - vrf:0 mtr:0 prefix:10.47.1.12 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:180 destined_to_us:0 hw_stats_idx:1 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:38 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**Verifica route nodo di bordo si_hdl Decode**
Per ottenere si_hdl, ri_hdl, usare il comando show platform software fed switch active ip adj <indirizzo IP>
Border-1#show platform software fed switch active ip adj 10.47.1.12 IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.12 LISP0.4099 4500.0000.0000 0x7f3c607e17f8 0x7f3c60b09f88 0x60 0x130c 2023/09/21 05:56:31.052
Prendere il si_hdl (0x7f3c607e17f8) e usarlo nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607e17f8 1 Handle:0x7f3c607e17f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60b09f88Hardware Indices/Handles: index0:0xbe mtu_index/l3u_ri_index0:0x0 index1:0xbe mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 48 65 84 60 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface
**Decodifica indice di riscrittura verifica route nodo bordo**
Prendere il comando RI (0x24) e usarlo nel comando show platform hardware feed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x24 0x24 ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 ASIC#:1 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
**Decodifica indice destinazione verifica route nodo bordo**
Utilizzare l'ID (0x5012) e il comando show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0
**Verifica route nodo di bordo ri_hdl Decode**
Prendere il ri_hdl (0x7f3c60b09f88) e usarlo nel comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60b09f88 1 Handle:0x7f3c60b09f88 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60807728Hardware Indices/Handles: index0:0x24 mtu_index/l3u_ri_index0:0x0 index1:0x24 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2d 00 00 00 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
PCAP in entrata bordo fabric edge da nodo di bordo
Il pacchetto è ancora incapsulato dalla VXLAN. Continuare a filtrare l'acquisizione con ACL che corrispondano a RLOC a RLOC, non sugli indirizzi IP interni.
Edge-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 12 0.876204 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=3/768, ttl=253 (request in 3) 17 2.614814 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=4/1024, ttl=253 (request in 14)
Ethernet II, Src: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3), Dst: 52:54:00:04:84:b1 (52:54:00:04:84:b1) -----> True MAC addresses Destination: 52:54:00:04:84:b1 (52:54:00:04:84:b1) Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x00e0 (224) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: UDP (17) Header checksum: 0x6613 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.10 Destination: 10.47.1.12 User Datagram Protocol, Src Port: 65345, Dst Port: 4789 Source Port: 65345 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.876204000 seconds] [Time since previous frame: 0.457213000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 Reserved: 0 Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:71:00 (00:00:00:00:71:00) Address: 00:00:00:00:71:00 (00:00:00:00:71:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x37ca (14282) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: ICMP (1) Header checksum: 0x279e [validation disabled] [Header checksum status: Unverified] Source: 8.8.8.8 Destination: 10.47.4.2 Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x2e16 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 3 (0x0003) Sequence number (LE): 768 (0x0300) [Request frame: 3] [Response time: 850.538 ms] Data (56 bytes)
Cronologia delle revisioni
| Revisione | Data di pubblicazione | Commenti |
|---|---|---|
1.0 |
16-Mar-2026
|
Versione iniziale |
Feedback