SDAフォワーディングのノースサウストラフィックフローのトラブルシューティング
内容
はじめに
このドキュメントでは、ソフトウェア定義アクセス(SDA)の一部としてノースサウス(N-South)トラフィックフローを検証する方法について説明します。
前提条件
要 件
次の項目に関する知識があることが推奨されます。
- IP転送
- ボーダー ゲートウェイ プロトコル(BGP)
- ソフトウェア定義アクセス(SDアクセス)
使用するコンポーネント
このドキュメントの情報は、次のソフトウェアとハードウェアのバージョンに基づいています。
Cisco IOS® XE 17.10.1上のC9000v
Cisco IOS® XE 17.3.6上のCSR1Kv
SDA 1.0(LISP PubSub以外)
このドキュメントの情報は、特定のラボ環境にあるデバイスに基づいて作成されたものです。このドキュメントで使用するすべてのデバイスは、クリアな(デフォルト)設定で作業を開始しています。本稼働中のネットワークでは、各コマンドによって起こる可能性がある影響を十分確認してください。
関連製品
このドキュメントは、次のバージョンのハードウェアとソフトウェアにも使用できます。
- C9200
- C9300
- C9400
- C9500
- C9600
- Cisco IOS® XE 16.12以降
バックグラウンド情報
SDAのノースサウス(North-South)トラフィックフローは、SDAファブリック内に存在し、SDAファブリック内にないエンドポイントまたはサーバと通信することを望むエンドポイントの概念を指します。
- 最初に、エンドポイントはデフォルトゲートウェイ(ファブリックエッジノード)のARPを解決します
- 次に、エンドポイントはIPパケットをデフォルトゲートウェイ(ファブリックエッジノード上のエニーキャストゲートウェイ)に送信します。
- ファブリックエッジノードはCisco Express Forwarding(CEF)を使用してパケットを送信し、Locator ID Separator Protocol(LISP)がCEFを駆動します。
- ファブリックエッジノードには0.0.0.0/0のデフォルトルートのマップキャッシュエントリがあり、アクションはプロキシ出力トンネルルータ(PETR)またはSDAファブリック境界ノードに向かうすべてのパケットをカプセル化することです。
- ファブリックエッジノードは、元のIPパケットをVXLANにカプセル化し、SDAファブリック境界ノードにパケットを転送します。
- ボーダーノードはパケットをカプセル化解除し、元のパケットの宛先IPアドレスに対してIPルックアップを実行し、適切なネクストホップにパケットを転送します。このネクストホップは、おそらくSDAファブリックの一部ではないアップストリームFusionルータです。
- 次に、SDAファブリック内のエンドポイントに戻るリターントラフィックの場合、パケットはFusionルータによって受信され、宛先IPアドレスに対してIPルックアップも実行されて、適切なネクストホップ(境界ノード)に転送されます。
- ファブリックボーダーノードは、LISPから派生したCEFを参照して、エンドポイントに関連付けられているファブリックエッジノードを判別し、元のパケットをVXLANでカプセル化して送信します。
- ファブリックエッジはパケットのカプセルを解除し、元のパケットをエンドポイントに転送します。
基本ワークフロー
参照トポロジ
この例では、C9000vスイッチはファブリックエッジおよびコロケート境界として機能します。FusionルータとインターネットルータはCSR1Kvルータです。VLAN 1026にあり、red_vn仮想ネットワーク(VN)の一部である10.47.4.2のエンドポイントが、インターネットルータのLoopback0インターフェイスとして存在する8.8.8.8へのpingを試みています。
ノース – サウスのトラフィックフローの確認
設定の詳細
Edge-1の設定(10.47.1.12)
! hostname Edge-1 ! vrf definition red_vn ! address-family ipv4 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! ip routing ! ip dhcp relay information option ! ip dhcp snooping vlan 1025-1026 ip dhcp snooping vlan 1025-1026 proxy-bridge ip dhcp snooping vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! license boot level network-advantage addon dna-advantage license smart transport off ! system mtu 8978 diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! vlan 1025 name blue ! vlan 1026 name red ! vlan 2046 name VOICE_VLAN ! lldp run ! policy-map system-cpp-policy ! interface Loopback0 ip address 10.47.1.12 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface L2LISP0 ip access-group SDA-FABRIC-LISP in ip access-group SDA-FABRIC-LISP out ! interface L2LISP0.8188 ! interface L2LISP0.8190 ! interface GigabitEthernet1/0/1 no switchport ip address 10.47.1.1 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2 no switchport ip address 10.47.1.5 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable ! interface Vlan1025 description Configured from Cisco DNA-Center mac-address 0000.0c9f.fb87 vrf forwarding blue_vn ip address 10.47.7.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility blue-IPV4 ! interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 ! router lisp locator-table default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set ! locator default-set rloc_222e1707-175d-4019-a783-060404f8bc2f service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 091B4C08185447475E5A5D7A7970796A61 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 00531107050A5B535A77151E5B4D544E46 etr map-server 10.47.1.11 proxy-reply etr sgt no map-cache away-eids send-map-request use-petr 10.47.1.10 use-petr 10.47.1.11 proxy-itr 10.47.1.12 exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 055C040E201D1E5C4C534E42595855737F etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change dynamic-eid blue-IPV4 database-mapping 10.47.7.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf blue_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 8188 remote-rloc-probe on-route-change service ethernet eid-table vlan 1025 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! ipv4 locator reachability minimum-mask-length 32 ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4012.00 is-type level-2-only domain-password xxxxxx metric-style wide log-adjacency-changes nsf ietf !
Border-1の設定の詳細(10.47.1.10)
! hostname Border-1 ! vrf definition red_vn rd 1:4099 ! address-family ipv4 route-target export 1:4099 route-target import 1:4099 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! aaa session-id common ! ip routing ! vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso crypto engine compliance shield disable ! vlan 3001 name 3001 ! vlan 3002 name 3002 ! interface Loopback0 ip address 10.47.1.10 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface Loopback1026 description Loopback Border vrf forwarding red_vn ip address 10.47.4.1 255.255.255.255 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface GigabitEthernet1/0/1 description Uplink To Fusion Router 1 switchport mode trunk ! interface GigabitEthernet1/0/2 no switchport no ip address ! interface GigabitEthernet1/0/2.69 encapsulation dot1Q 69 ip address 10.47.1.8 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2.421 encapsulation dot1Q 421 vrf forwarding red_vn ip address 10.47.9.1 255.255.255.252 ! interface GigabitEthernet1/0/3 no switchport ip address 10.47.1.0 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/4 no switchport ip address 10.47.1.2 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface Vlan3002 description vrf interface to External router vrf forwarding red_vn ip address 10.47.2.5 255.255.255.252 no ip redirects ip route-cache same-interface ! router lisp locator-table default locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 IPv4-interface Loopback0 priority 10 weight 10 auto-discover-rlocs exit-locator-set ! locator default-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 124E0716135A5C517F7D7D786161734A53 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr sgt proxy-etr proxy-itr 10.47.1.10 map-server map-resolver exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 0758234D4F5849504244525C567E7A7D7C etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 10190B180446425E5952737B767C626C76 etr map-server 10.47.1.11 proxy-reply etr map-server map-resolver exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change service ipv4 eid-table vrf red_vn database-mapping 10.47.2.4/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-red_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change service ipv4 eid-table vrf blue_vn database-mapping 10.47.2.0/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-blue_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! site site_uci description map-server configured from Cisco DNA-Center authentication-key 7 091B4C08185447475E5A5D7A7970796A61 eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics eid-record instance-id 4099 10.47.4.0/24 accept-more-specifics eid-record instance-id 4100 0.0.0.0/0 accept-more-specifics eid-record instance-id 4100 10.47.7.0/24 accept-more-specifics eid-record instance-id 8188 any-mac eid-record instance-id 8190 any-mac exit-site ! ipv4 locator reachability exclude-default ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4010.00 is-type level-2-only domain-password cisco123 metric-style wide log-adjacency-changes nsf ietf default-information originate ! router bgp 69420 bgp router-id interface Loopback0 bgp log-neighbor-changes bgp graceful-restart ! address-family ipv4 vrf blue_vn bgp aggregate-timer 0 network 10.47.2.0 mask 255.255.255.252 network 10.47.7.1 mask 255.255.255.255 aggregate-address 10.47.7.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.2 remote-as 65531 neighbor 10.47.2.2 update-source Vlan3001 neighbor 10.47.2.2 activate neighbor 10.47.2.2 weight 65535 neighbor 10.47.2.2 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! address-family ipv4 vrf red_vn bgp aggregate-timer 0 network 10.47.2.4 mask 255.255.255.252 network 10.47.4.1 mask 255.255.255.255 aggregate-address 10.47.4.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.6 remote-as 65531 neighbor 10.47.2.6 update-source Vlan3002 neighbor 10.47.2.6 activate neighbor 10.47.2.6 weight 65535 neighbor 10.47.2.6 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! ip community-list 1 permit 655370 ! ip prefix-list deny_0.0.0.0 seq 10 permit 0.0.0.0/0 ! ip prefix-list l3handoff-prefixes seq 914788097 permit 10.47.2.12/30 ip prefix-list l3handoff-prefixes seq 934060929 permit 10.47.2.8/30 ip prefix-list l3handoff-prefixes seq 934208897 permit 10.47.2.4/30 ip prefix-list l3handoff-prefixes seq 934356865 permit 10.47.2.0/30 ! ip prefix-list blue_vn seq 337301377 permit 10.47.7.0/24 ip prefix-list blue_vn seq 629796565 permit 0.0.0.0/0 ! ip prefix-list red_vn seq 629796565 permit 0.0.0.0/0 ip prefix-list red_vn seq 927849985 permit 10.47.4.0/24 ! route-map tag_local_eids permit 5 set community 655370 ! route-map DENY-blue_vn deny 5 match ip address prefix-list blue_vn ! route-map DENY-blue_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-blue_vn deny 15 match community 1 ! route-map DENY-blue_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-blue_vn permit 30 ! route-map DENY-red_vn deny 5 match ip address prefix-list red_vn ! route-map DENY-red_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-red_vn deny 15 match community 1 ! route-map DENY-red_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-red_vn permit 30 ! route-map deny_0.0.0.0 deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map deny_0.0.0.0 permit 30 !
SDAエンドポイントへのファブリックエッジの検証
IPDTおよびMACアドレスプログラミングの確認
IPデバイストラッキング(IPDT)データベースを確認して、エンドポイントに有効なエントリがあることを確認します
Edge-1#show device-tracking database interface gig1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk 0004:Orig access
0008:Orig trusted trunk 0010:Orig trusted access 0020:DHCP assigned
0040:Cga authenticated 0080:Cert authenticated 0100:Statically assigned
Network Layer Address Link Layer Address Interface vlan prlvl age state Time left
DH4 10.47.4.2 5254.0019.93e9 Gi1/0/3 1026 0024 76s REACHABLE 165 s try 0(21276 s)
**ソフトウェアMACアドレスプログラミング**
Edge-1#show mac address-table address 5254.0019.93e9
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.0019.93e9 DYNAMIC Gi1/0/3 <--- Endpoint MAC address learnt dynamically in VLAN 1026
Total Mac Addresses for this criterion: 1
**ソフトウェアFED MACアドレスプログラミング**
show platform software fed switch active matm macTable vlan <vlan> mac <mac address>コマンドを使用します。
Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026 5254.0019.93e9 0x1 9 0 0 0x7f65ec7bda68 0x7f65ec7c21f8 0x0 0x7f65ec6e1368 300 7 GigabitEthernet1/0/3 Yes
======platform hardware details ======
Asic: 0
htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3]
Asic: 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000000
**MACアドレスmacHandleプログラミング**
前のコマンド(0x7f65ec7bda68)のmacHandle値を取得し、show platform hardware fed switch active fwd-asic abstraction print-resource-handle <macHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1
Entry 0: (handle 0x7f65ec95dc68)
Absolute Index: 6778
Time Stamp: 4
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================
**MVIDの検証**
上記の出力の数値7は、ハードウェア内のMapped VLAN ID(MVID)です。これらが「実際の」vlanに一致することを確認するには、show platform software fed switch active vlan <vlan number>を使用します。
Edge-1#show platform software fed switch active vlan 1026
VLAN Fed Information
Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID
-----------------------------------------------------------------------------------------------------------------------
1026 0x0000000000420011 0x00007f65ec6a08b8 0x00007f65ec6a1138 0x00007f65ec77e838 0x000000000000001d 7
**グローバルポート番号(GPN)の確認**
GPNを「実際の」インターフェイスに関連付けるには、show platform software fed switch active ifm mappings gpnコマンドを使用します。
Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table
GPN Interface IF_ID IF_TYPE
--------------------------------------------------------------------------------------------------
1 GigabitEthernet1/0/1 0x0000001a ETHER
2 GigabitEthernet1/0/2 0x0000001b ETHER
3 GigabitEthernet1/0/3 0x0000000b ETHER
**MACアドレスsiHandleプログラミング**
前のコマンド(0x7f65ec7c21f8)のsiHandle値を取得し、show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_handle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3 mtu_index/l3u_ri_index0:0x0 index1:0xc3 mtu_index/l3u_ri_index1:0x0
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC
Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core
==============================================================
**MACアドレス書き換えインデックスの検証**
前のコマンドのRI値(0x25)を取得し、show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>で使用します
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
**MACアドレス宛先インデックスの検証**
前のコマンド(0x526e)のDI値を取り、show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>で使用します
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:
Destination index = 0x526e
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2.
pmap_intf : [GigabitEthernet1/0/3]
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x526e
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
**ポートの検証**
以前に検出されたポートを関連付けるには、show platform software fed switch active ifm mappings コマンドを使用し、Port列を確認します。
Edge-1#show platform software fed switch active ifm mappings
------------------ show platform software fed switch active ifm mappings ------------------
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y
GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y
GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y <-- Matches port 2 from previous output
**ハードウェアFED MACアドレス検証**
正常/理想的なシナリオのこの出力は、macHandleのデコードの内容と一致します。
Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 HEAD: MAC address 5254.0019.93e9 in VLAN 1026 KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0 MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0 DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0 Total Mac number of addresses:: 1
- ハードウェア(MVID)のVLAN IDは7です
- MACアドレス:5254.0019.93e9
- GPN: 3
ARPとIP接続の確認
Edge-1#show ip arp vrf red_vn 10.47.4.2 ------------------ show ip arp vrf red_vn 10.47.4.2 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.4.2 156 5254.0019.93e9 ARPA Vlan1026
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 130/145/168 ms
Edge-1#show vlan id 1026 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1026 red active L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026
**L2 LISPデータベースの検証**
L2 LISPデータベースを確認するには、show lisp instance-id <L2 LISP ID> ethernet database <mac address>コマンドを使用します。
Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9 LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 2 5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC Uptime: 2d17h, Last-change: 2d17h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**LISP L2アドレス解決(AR)データベースの検証**
L2 ARデータベースを確認するには、コマンドshow lisp instance-id <L2 LISP ID> ethernet database address-resolution <mac address>を使用します。
Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9 LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190) (*) -> entry being deleted Hardware Address L3 InstID Host Address 5254.0019.93e9 4099 10.47.4.2/32 <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively
**LISP L3データベースの検証**
LISP L3データベースを確認するには、コマンドshow lisp instance-id <L3 LISP IID> ipv4 database <ipv4アドレス/サブネットマスク>を使用します。
Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32 LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 1 10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address Uptime: 2d18h, Last-change: 2d18h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
ファブリックエッジのエンドポイント側の入力側Embedded Packet Capture(EPC)
この時点では、VXLANカプセル化はまだ存在しないため、実際のIPアドレス(8.8.8.8と通信している10.47.4.2)に対してフィルタリングと照合を行うことができます。パケットがファブリックエッジノードに入っています。
Edge-1(config)#ip access-list extended TAC Edge-1(config-ext-nacl)#permit ip host 10.47.4.2 host 8.8.8.8 Edge-1(config-ext-nacl)#permit ip host 8.8.8.8 host 10.47.4.2 Edge-1#monitor capture 1 interface g1/0/3 both access-list TAC Edge-1#monitor capture 1 start Started capture point : 1 Edge-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**briefキーワードによるパケットキャプチャの表示**
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.006216 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=0/0, ttl=64 2 0.493181 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=0/0, ttl=253 (request in 1) 3 1.009602 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=1/256, ttl=64 4 1.437506 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=1/256, ttl=253 (request in 3) 5 2.025409 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=2/512, ttl=64 6 2.521520 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=2/512, ttl=253 (request in 5) 7 3.010566 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=3/768, ttl=64 8 3.420162 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=3/768, ttl=253 (request in 7)
**detailedキーワードによるパケットキャプチャの表示**
Edge-1#show monitor capture 1 buffer display-filter "icmp.type==8" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) -----> Endpoint SMAC and Anycast GW MAC
Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9b61 (39777)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x8107 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8境界ノードへのファブリックエッジ出力組み込みパケットキャプチャ(EPC)
この時点で、パケットはVXLANカプセル化され、ACLは内部IPアドレス(10.47.4.2および8.8.8.8)と照合できません。RLOCとRLOCを照合する必要があります。その後、Wiresharkフィルタを使用して内部アドレスを表示および確認できます。
**briefキーワードによるパケットキャプチャの表示**
Edge-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.025666 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=3/768, ttl=63 14 0.895095 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=4/1024, ttl=63
**detailedキーワードによるパケットキャプチャの表示**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> These are not the real MAC Addresses, does not capture L3 rewrite properly Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x063b (1595) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0x1db9 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.10 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 -----> VXLAN Destination Port Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 1] [Timestamps] [Time since first frame: 0.869429000 seconds] [Time since previous frame: 0.869429000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 -----> L3 LISP Instance ID tied to this VN Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN Header Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> Inner IPv4 Addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x380e (14350) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0xe55a [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 8.8.8.8 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xd8d0 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 4 (0x0004) Sequence number (LE): 1024 (0x0400) Data (56 bytes)
非SDAクライアントへのファブリックエッジルートの検証
ファブリックエッジCEFおよびLISPの検証
LISPは、パケット転送時にCEFが行う動作を制御します
Edge-1#show lisp instance-id 4099 ipv4 map-cache 0.0.0.0/0 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 0.0.0.0/0, uptime: 3d02h, expires: never, via static-send-map-request Sources: static-send-map-request State: send-map-request, last modified: 3d02h, map-source: local Exempt, Packets out: 24481(14099580 bytes), counters are not accurate (~ 00:00:46 ago) Configured as EID address space Encapsulating to proxy ETR <-- Send the packet to the Proxy Egress Tunnel Router
Edge-1#show run | include use-petr use-petr 10.47.1.10 <-- These PETRs are used for packet forwarding use-petr 10.47.1.11 <-- These PETRs are used for packet forwarding
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
FMAN RPルートの確認
FMAN RPの観点からルートを確認するには、コマンドshow platform software ip switch active r0 cef prefix <network address/subnet mask> detail
Edge-1#show platform software ip switch active r0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Convert 0x4f from hex to decimal, result is 79 Prefix Flags: Default OM handle: 0x34802330f0
使用可能なネクストホップが2つあるため、転送テーブルではロードバランシングオブジェクトを使用し、コマンドshow platform software loadinfo switch active r0 index <16進数からOBJ_LOADBALANCEの10進数への変換>
Edge-1#show platform software loadinfo switch active r0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 OM handle: 0x34803abbf8
前のコマンドからobjハンドルを取得し、show platform software adjacency switch active r0 index <obj handle>で使用します。
Edge-1#show platform software adjacency switch active r0 index 0x55 Number of adjacency objects: 25 Adjacency id: 0x55 (85) Interface: GigabitEthernet1/0/1, IF index: 26, Link Type: MCP_LINK_IP Encap: 52:54:0:a:42:f3:52:54:0:4:84:b1:8:0 -----> 5254.000a.42f3 (DMAC) 5254.0000.0004.00b1 (SMAC) 0800 (ETYPE) (ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.0 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x3480270910
前のコマンドからobjハンドルを取得し、show platform software adjacency switch active r0 index <obj handle>で使用します。
Edge-1#show platform software adjacency switch active r0 index 0x4c Number of adjacency objects: 25 Adjacency id: 0x4c (76) Interface: GigabitEthernet1/0/2, IF index: 27, Link Type: MCP_LINK_IP Encap: 52:54:0:1c:7d:e0:52:54:0:4:84:a3:8:0 -----> 5254.001c.7de0 (DMAC) 5254.00004.84a3 (SMAC) 0800(ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.4 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803991c0
ARPエントリがネクストホップIPアドレスに一致する
Edge-1#show ip arp g1/0/1 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.1 - 5254.0004.84b1 ARPA GigabitEthernet1/0/1 Internet 10.47.1.0 63 5254.000a.42f3 ARPA GigabitEthernet1/0/1
Edge-1#show ip arp g1/0/2 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.5 - 5254.0004.84a3 ARPA GigabitEthernet1/0/2 Internet 10.47.1.4 47 5254.001c.7de0 ARPA GigabitEthernet1/0/2
FMAN FPルート検証
FMAN FPの観点からルートを確認するには、コマンドshow platform software ip switch active f0 cef prefix <network/subnet mask> detailを使用します。
Edge-1#show platform software ip switch active f0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Matches the OBJ_LOADBALANCE object that FMAN RP had Prefix Flags: Default aom id: 165, HW handle: (nil) (created) -----> Object ID that is used in the next command
前のコマンドからaom id値を取得し、show platform software object-manager switch active f0 object <aom id value>で使用します。
Edge-1#show platform software object-manager switch active f0 object 165 Object identifier: 165 Description: PREFIX 0.0.0.0/0 (Table id 0) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0x37e9e498
Edge-1#show platform software object-manager switch active f0 object 165 parents Object identifier: 21 Description: ipv4 table 0 (Default), vrf id 0 Status: Done Object identifier: 1451 Description: uRPF-list(hdl=0x00000052) Status: Done Object identifier: 1452 Description: LB 0x4f -----> This load balance object is the same that was observed in previous output, decimal 79 Status: Done
FMAN RPと同様に、show platform software loadinfo switch active f0 <convert hex to decimal of the LB object> を使用して、FMAN FPの観点からこの情報を表示します
Edge-1#show platform software loadinfo switch active f0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 aom id: 1452, HW handle: (nil)
前のコマンドからobjハンドルを取得し、show platform software adjacency switch active f0 index <obj handle>で使用します
Edge-1#show platform software object-manager switch active f0 object 0x55 Object identifier: 85 Description: intf L2LISP0, handle 23, hw handle 23, HW dirty: NONE AOM dirty NONE Obj type id: 31 Obj type: dpidb-config Status: Done, Epoch: 0, Client data: 0x37e8e5f8
Edge-1#show platform software object-manager switch active f0 object 0x4c Object identifier: 76 Description: Tx Channel Vlan1026, handle 29, hw handle 29, flag 0x0, dirty hw: NONE dirty aom NONE Obj type id: 33 Obj type: txchan-config Status: Done, Epoch: 0, Client data: 0x37e896a8
FEDルートの検証
FEDの観点からルートを確認するには、コマンドを使用します:show platform software fed switch active ip route <network/subnet mask>
Edge-1#show platform software fed switch active ip route 0.0.0.0/0
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 0.0.0.0/0 0x7f65ec862228 0x0 0 0 2023/09/21 05:56:21.484 1
FIB: prefix_hdl:0xdd000001, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 ----> Decimal 79 is hex 0x4F
mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0
modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0
bwalk:[req:0 in_prog:0 nested:0]
AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1)
hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458
ADJ:objid:85 {link_type:IP ifnum:0x1a, adj:0xa7000028, si: 0x7f65ec8b8468 IPv4: 10.47.1.0 } <-- Decimal 85 is hex 0x55
ADJ:objid:76 {link_type:IP ifnum:0x1b, adj:0x62000026, si: 0x7f65ec8a5458 IPv4: 10.47.1.4 } <-- Decimal 76 is hex 0x4c
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**FEDルート検証HTMデコード**
前のコマンドのhtm値(0x7f65ec862228)を取得し、show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm value> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec862228 1 Handle:0x7f65ec862228 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec846388 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f65ec846388) Absolute Index: 92658 Time Stamp: 446 KEY - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 MASK - vrf:4095 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:3 afdLabelOrDestClientId:0 SI:65281 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:1 need_to_learn:1 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:1 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:1 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:1 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**FEDルート検証ECRオブジェクトのデコード**
ルートは使用可能な次の2つのパスを使用するため、show platform software fed switch active ip ecr コマンドを使用して等コストルーティング(ECR)を確認し、obj_idとしてロードバランスオブジェクトを検索します
Edge-1#show platform software fed switch active ip ecr IPV4 ECR table <snip> Entry 3 obj_id 0x4f Num Choices 0x2 Flags 0x00000000 Index 0x7f65ec8029f8 -----> Hex 0x4f to decimal is 79 LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0 modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0 bwalk:[req:0 in_prog:0 nested:0] AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1) hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458 Adj IP 10.47.1.0 adj_id 0x55 SI 0x7f65ec8b8468 -----> The IPv4 next-hop, this adjacency ID has been seen previously Adj IP 10.47.1.4 adj_id 0x4c SI 0x7f65ec8a5458 -----> The IPv4 next-hop, this adjacency ID has been seen previously <snip>
**FEDルート検証ECRインデックスデコード**
前のコマンドで表示されたインデックス(0x7f65ec8029f8)を取得し、show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ecr index> 1内で使用します。
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8029f8 1 Handle:0x7f65ec8029f8 Res-Type:ASIC_RSC_LV2_ECR Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x1 mtu_index/l3u_ri_index0:0x0 index1:0x1 mtu_index/l3u_ri_index1:0x0 Cookie length: 128 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Equal Cost Routing Level2 (ECR lv2) [0x1] lv2StationIndex0 = 0xb1 ------> This Station Index is associated with one next-hop adjacency SI handle0 = 0 lv2StationIndex1 = 0xbc ------> This Station Index is associated with one next-hop adjacency SI handle1 = 0
Fabric Edge LISPネクストホップの検証
LISPネクストホップをキャプチャするには、VRFのCEFでルートをチェックします
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
LISPネクストホップルートFEDの検証
si_hdlまたはri_hdlの値を取得するには、show platform software fed switch active ip adjコマンドを使用します。
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
LISPネクストホップsi_hdlデコード
si_hdl(0x7f65ec8a9b38)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9b38 1 Handle:0x7f65ec8a9b38 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a9d58Hardware Indices/Handles: index0:0xbf mtu_index/l3u_ri_index0:0x0 index1:0xbf mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD
LISPネクストホップ書き換えインデックスデコード
Rewrite Index(0x20)をデコードし、コマンドで使用するには、show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x20 0x20 ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, ----> Dummy VXLAN MAC Address Src IP: 10.47.1.12 ----> FE RLOC Dst IP: 10.47.1.10 ----> BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46
LISPネクストホップ宛先インデックスのデコード
宛先インデックス(0x5012)をデコードし、コマンドで使用するには、show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 al_rsc_cmi ASIC#1: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi
LISPネクストホップri_hdlデコード
ri_hdlをデコードするには、値(0x7f65ec8a9d58)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <di_hdl> 1で使用します
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9d58 1 Handle:0x7f65ec8a9d58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8aa2c8Hardware Indices/Handles: index0:0x20 mtu_index/l3u_ri_index0:0x0 index1:0x20 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ==============================================================
ファブリックエッジアンダーレイのネクストホップの確認
LISPネクストホップに到達するためのアンダーレイのネクストホップIPアドレスを特定するには、ルーティングテーブルを確認します
Edge-1#show ip route 10.47.1.10 Routing entry for 10.47.1.10/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.0 on GigabitEthernet1/0/1, 07:10:11 ago Routing Descriptor Blocks: * 10.47.1.0, from 10.47.1.10, 07:10:11 ago, via GigabitEthernet1/0/1 Route metric is 20, traffic share count is 1
Edge-1#show ip route 10.47.1.11 Routing entry for 10.47.1.11/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.4 on GigabitEthernet1/0/2, 1w1d ago Routing Descriptor Blocks: * 10.47.1.4, from 10.47.1.11, 1w1d ago, via GigabitEthernet1/0/2 Route metric is 20, traffic share count is 1
si_hdl、ri_hdl情報を取得するには、コマンドshow platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
アンダーレイのネクストホップ検証si_hdlのデコード
si_hdlをデコードするには、si_hdl(0x7f65ec8a5458)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1で使用します
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was already seen RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD -----> Local Data, indicating that this ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was seen previously RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD -----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core. ==============================================================
アンダーレイのネクストホップ検証書き換えインデックスデコード
Rewrite Index(0x1a)をデコードし、コマンドで使用するには、show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38
アンダーレイのネクストホップ検証ri_hdlデコード
si_hdlをデコードするには、ri_hdl(0x7f65ec8a4eb8)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1 Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a mtu_index/l3u_ri_index0:0x0 index1:0x1a mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ==============================================================
ファブリックエッジノードからのボーダーノード入力EPC
パケットは現在VXLANカプセル化が行われており、内側のIPアドレスに対してACLと照合することはできません。RLOCとRLOCを照合する必要があり、その後Wiresharkフィルタを使用して内側のIPアドレスを検索してフィルタリングすることができます。
Border-1(config)#ip access-list extended TAC Border-1(config-ext-nacl)#permit ip host 10.47.1.12 host 10.47.1.10 Border-1(config-ext-nacl)#permit ip host 10.47.1.10 host 10.47.1.12 Border-1#monitor capture 1 interface g1/0/3 both access-list TAC Border-1#monitor capture 1 start Started capture point : 1 Border-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**briefキーワードを使用したパケットキャプチャの表示**
Border-1#show monitor capture 1 buffer display-filter “icmp.type==8” brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.483114 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 4 0.490667 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 7 1.461263 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 8 1.469756 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 11 2.480293 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=2/512, ttl=63
**detailedキーワードによるパケットキャプチャの表示**
Ethernet II, Src: 52:54:00:04:84:b1 (52:54:00:04:84:b1), Dst: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) <--- SMAC (G1/0/1 of FE Node) DMAC (G1/0/3 of BN)
Destination: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC of FE Node, RLOC of BN
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x0490 (1168)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x2064 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.12
Destination: 10.47.1.10
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
Source Port: 65354
Destination Port: 4789 -----> VXLAN Destination Port
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099 -----> L3 LISP ID tied to this VN
Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy Ethernet Header
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> PC Source IP Address Destination IP address
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0xa41e (42014)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x794a [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xfa72 [correct]
[Checksum Status: Good]
Identifier (BE): 30 (0x001e)
Identifier (LE): 7680 (0x1e00)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
非SDAクライアントへのボーダーノードルートの検証
Border Node Route Verification IOSプログラミング
Border-1#show ip route vrf red_vn 8.8.8.8 Routing Table: red_vn Routing entry for 8.8.8.8/32 Known via "bgp 69420", distance 20, metric 0 Tag 65531, type external Redistributing via lisp Last update from 10.47.2.6 03:28:39 ago Routing Descriptor Blocks: * 10.47.2.6, from 10.47.2.6, 03:28:39 ago opaque_ptr 0x7F08285F3C00 Route metric is 0, traffic share count is 1 AS Hops 1 Route tag 65531 MPLS label: none MPLS Flags: NSF
ボーダーノードルートCEFの検証
Border-1#show ip cef vrf red_vn 8.8.8.8 8.8.8.8/32 nexthop 10.47.2.6 Vlan3002
Border-1#show ip vrf detail red_vn | include Table ID Address family ipv4 unicast (Table ID = 0x3): -----> Used in the next command, use the integer that comes after 0x
ボーダーノードルートプログラミングFMAN RPの検証
Border-1#show platform software ip switch active r0 cef table index 3 prefix 8.8.8.8/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 8.8.8.8/32 OBJ_ADJACENCY 0x1239 -----> Index used in the next command Border-1#show ip arp vrf red_vn vlan 3002 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 142 001e.4982.54bf ARPA Vlan3002 -----> Next Hop
ボーダーノードルートプログラミングFMAN FP検証
Border-1#show platform software ip switch active f0 cef table index 3 prefix 8.8.8.8/32 detail Forwarding Table 8.8.8.8/32 -> OBJ_ADJACENCY (0x1239), urpf: 4669 -----> Matches the index from FMAN RP Prefix Flags: unknown aom id: 32123, HW handle: (nil) (created) <-- Used in the next command
ボーダーノードルートプログラミングFMAN FPオブジェクトデコード
前の出力からaom idを取得し、コマンドshow platform software object-manager switch active f0 object <aom id>で使用します。
Border-1#show platform software object-manager switch active f0 object 32123 Object identifier: 32123 Description: PREFIX 8.8.8.8/32 (Table id 3) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0xc630b208 Border-1#show platform software object-manager switch active f0 object 32123 parents Object identifier: 30 Description: ipv4 table 3 (red_vn), vrf id 3 Status: Done Object identifier: 32669 Description: adj 0x1239, Flags None -----> Convert 0x1239 to decimal, get 4665 Status: Done Object identifier: 32675 Description: uRPF-list(hdl=0x0000123d) Status: Done
前のadj値を10進数で取り、show platform software adjacency switch active f0 index <decimal of adj value>コマンドで使用します。
Border-1#show platform software adjacency switch active f0 index 4665 Number of adjacency objects: 27 Adjacency id: 0x1239 (4665) Interface: Vlan3002, IF index: 30, Link Type: MCP_LINK_IP -----> Next-hop interface towards Fusion Router Encap: 0:1e:49:82:54:bf:52:54:0:a:42:e6:8:0 -----> DMAC 001e.4982.54bf SMAC 5254.000a.42e6 0x800 ETYPE Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.2.6 IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 32669, HW handle: (nil) (created)
Border Node Route Verification FEDプログラミング
FEDでのルートを確認するには、コマンドshow platform software fed switch active ip route vrf <vrf name> <network/subnet mask>を使用します。
Border-1#show platform software fed switch active ip route vrf red_vn 8.8.8.8/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
3 8.8.8.8/32 0x7f3c607c3878 0x0 0 0 2023/09/25 14:09:10.866 3
FIB: prefix_hdl:0xd50001e0, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:4665 {link_type:IP ifnum:0x1e, adj:0xdf0000c6, si: 0x7f3c608a8ed8 IPv4: 10.47.2.6 } -----> 4665 matches FMAN FP Object
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Border Node Route Programming FED Verification HTM Decode**
htm値(0x7f3c607c3878)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607c3878 1 Handle:0x7f3c607c3878 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c607c9288 Features sharing this resource:Cookie length: 12 08 08 08 08 00 00 03 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c607c9288) Absolute Index: 62770 Time Stamp: 7 KEY - vrf:3 mtr:0 prefix:8.8.8.8 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:1 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:183 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:42 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
dst_macを確認するには、VRFでARPをチェックします
Border-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.2.6 Vlan3002 001e.4982.54bf 0x7f3c608a8ed8 0x7f3c60ad52c8 0x0 0x1239 2023/09/19 23:22:32.582 Border-1#show ip arp vrf red_vn vlan 3002 ------------------ show ip arp vrf red_vn Vlan3002 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 33 001e.4982.54bf ARPA Vlan3002
**Border Node Route Verification FED Programming si_hdl Decode**
si_hdl値(0x7f3c608a8ed8)を取得し、show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1コマンドで使用します。
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c608a8ed8 1 Handle:0x7f3c608a8ed8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2 priv_ri/priv_si Handle: 0x7f3c60ad52c8Hardware Indices/Handles: index0:0xb7 mtu_index/l3u_ri_index0:0x0 index1:0xb7 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] 57 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xb7] -----> 0xb7 converted from hex to decimal is 183 which was seen on slide 79 RI = 0x1b -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526a -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data. This ASIC is directly connected to the adjacency interface
***ボーダーノードルート検証FEDプログラミングリライトインデックスデコード**
RI値(0x1b)を取得し、コマンドshow platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>で使用します
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1b 0x1b ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42
***ボーダーノードルート検証FEDプログラミング宛先インデックスデコード**
DI値(0x526a)を取得し、コマンドshow platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>で使用します
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526a 0x526a ASIC#0: Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] ASIC#1: Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
***Border Node Route Verification FED Programming ri_hdl Decode**
ri_hdl値(0x7f3c60ad52c8)を取得し、show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1で使用します
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60ad52c8 1 Handle:0x7f3c60ad52c8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c6088a538Hardware Indices/Handles: index0:0x1b mtu_index/l3u_ri_index0:0x0 index1:0x1b mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ==============================================================
ボーダーノードのネクストホップMACアドレスの検証
**MACアドレス検証IOSおよびFMAN RP**
Border-1#show mac address-table address 001e.4982.54bf Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 3001 001e.4982.54bf DYNAMIC Gi1/0/1 3002 001e.4982.54bf DYNAMIC Gi1/0/1 Total Mac Addresses for this criterion: 2 Border-1#show platform software matm switch active r0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 OM: 0x348038a100 List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 OM: 0x34803a15d0 List of Ports: 9 -----> This indicates if-id 9
**ネクストホップMACアドレス検証FMAN FP**
Border-1#show platform software matm switch active f0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 32668 created List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 32653 created List of Ports: 9
Border-1#show platform software object-manager switch active f0 object 32653 Object identifier: 32653 Description: matm mac entry type VLAN, id 3002, 001e.4982.54bf Obj type id: 455 Obj type: MATM mac entry Status: Done, Epoch: 0, Client data: 0xc6300468
Border-1#show platform software object-manager switch active f0 object 32653 parents Object identifier: 40 Description: intf GigabitEthernet1/0/1, handle 9, hw handle 9, HW dirty: NONE AOM dirty NONE Status: Done Object identifier: 133 Description: matm table type VLAN, id 3002 Status: Done
Border-1#show platform software fed switch active ifm if-id 9 Interface IF_ID : 0x0000000000000009 Interface Name : GigabitEthernet1/0/1
**ネクストホップMACアドレス検証FED**
Border-1#show platform software fed switch active matm macTable vlan 3002 mac 001e.4982.54bf VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3002 001e.4982.54bf 0x1 13 0 0 0x7f3c607bcee8 0x7f3c608a8ed8 0x0 0x7f3c606a76c8 300 13 GigabitEthernet1/0/1 Yes Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c606a76c8 1 Handle:0x7f3c606a76c8 Res-Type:ASIC_RSC_DI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_IFM Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x526a mtu_index/l3u_ri_index0:0x0 index1:0x526a mtu_index/l3u_ri_index1:0x0 Cookie length: 56 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
Fusionルータへのボーダーノード出力EPC
この時点で、元のIPアドレスに対してフィルタリングを行うことができます。VXLANヘッダーは取り除かれ、通常どおりFusionルータに転送されます。
Border-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.050 UTC Tue Sep 26 2023 Starting the packet display ........ Press Ctrl + Shift + 6 to exit Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.057 UTC Tue Sep 26 2023 22 7.280477 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=0/0, ttl=63 23 7.316435 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=1/256, ttl=63 30 8.307929 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=2/512, ttl=63 37 9.743485 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=3/768, ttl=63 40 10.312823 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=4/1024, ttl=63
**detailedキーワードによるパケットキャプチャの表示**
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) -----> Does not capture L3 rewrite properly
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: CiscoMetaData (0x8909)
Cisco MetaData
Version: 1
Length: 1
Options: 0x0001
SGT: 0
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> True IPv4 source and destination
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x97b1 (38833)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x85b7 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xade9 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 4 (0x0004)
Sequence number (LE): 1024 (0x0400)
Data (56 bytes)
Fusionルータからのボーダーノード入力EPC
この時点で、元のIPアドレスに対してフィルタリングを行うことができます。VXLANヘッダーは取り除かれ、通常どおりFusionルータに転送されます。
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 26 7.486005 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=0/0, ttl=254 (request in 22) 28 7.602492 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=1/256, ttl=254 (request in 23) 31 8.418010 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=2/512, ttl=254 (request in 30)
**detailedキーワードによるパケットキャプチャの表示**
Ethernet II, Src: 00:1e:49:82:54:bf (00:1e:49:82:54:bf), Dst: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Destination: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Address: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
Address: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 3002
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 1011 1011 1010 = ID: 3002
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9767 (38759)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0xc700 [validation disabled]
[Header checksum status: Unverified]
Source: 8.8.8.8
Destination: 10.47.4.2
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x4509 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 22]
[Response time: 205.528 ms]
Data (56 bytes)
ファブリックエッジノードへのボーダーノード出力EPC
この時点で、パケットはVXLANカプセル化になり、RLOCからRLOCにフィルタリングする必要があります。EPCの一部として使用されるACLの内側のIPアドレスではフィルタリングと照合ができません。
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 21 39.264201 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=0/0, ttl=253 (request in 20) 25 40.291940 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=1/256, ttl=253 (request in 24) 29 41.339627 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=2/512, ttl=253 (request in 28) 37 43.626400 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=3/768, ttl=253 (request in 34)
**detailedキーワードによるパケットキャプチャの表示**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> Does not properly capture L3 rewrite
Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x00d3 (211)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: UDP (17)
Header checksum: 0x6520 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.10
Destination: 10.47.1.12
User Datagram Protocol, Src Port: 65345, Dst Port: 4789
Source Port: 65345
Destination Port: 4789
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099
Reserved: 0
Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:71:00 (00:00:00:00:71:00)
Address: 00:00:00:00:71:00 (00:00:00:00:71:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IPv4 addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x6f66 (28518)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
SDAエンドポイントへのボーダーノードの検証
SDAエンドポイントに対するボーダーノードLISPの検証
Border-1#show lisp instance-id 4099 ipv4 map-cache 10.47.4.2 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 10.47.4.2/32, uptime: 6d17h, expires: 23:08:02, via map-reply, complete Sources: map-reply, site-registration State: complete, last modified: 5d12h, map-source: 10.47.1.12 Exempt, Packets out: 58101(33464626 bytes), counters are not accurate (~ 00:00:09 ago) Configured as EID address space Locator Uptime State Pri/Wgt Encap-IID 10.47.1.12 5d12h up 10/10 - <-- RLOC of the FE node Last up-down state change: 5d12h, state change count: 1 Last route reachability change: 5d12h, state change count: 1 Last priority / weight change: never/never RLOC-probing loc-status algorithm: Last RLOC-probe sent: 00:51:57 (rtt 266ms)
ボーダーノードCEFおよびFMAN RPルートの検証
エンドポイントへのルートを確認するには、CEFを確認し、後続のコマンドで使用されるVRF IDも決定します
Border-1#show ip cef vrf red_vn 10.47.4.2 10.47.4.2/32 nexthop 10.47.1.12 LISP0.4099
Border-1#show ip vrf detail red_vn | i VRF Id VRF red_vn (VRF Id = 3); default RD 1:4099; default VPNID <-- VRF Id is used later
Border-1#show platform software ip switch active r0 cef table index 3 prefix 10.47.4.2/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 10.47.4.2/32 OBJ_PUSH_COUNTE 0x124c <-- Use in the next command
ボーダーノードFMAN FPルート検証
インデックス(0x124c)を取得し、show platform software push-counter switch active f0 index <index>
Border-1#show platform software push-counter switch active f0 index 0x124c Number of Push Counter oce entries: 6 Index Type Next Object Index Cef Misc Data ------------------------------------------------------------------------------------------------ 0x124c PPC OBJ_ADJACENCY 0x130c aom id: 32712, HW info: (nil) (created) <-- Index is used in the next command
オブジェクトのFMAN RPを確認するには、コマンドshow platform software adjacency switch active r0 index <index>
Border-1#show platform software adjacency switch active r0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803a0c18
オブジェクトのFMAN FPを確認するには、show platform software adjacency switch active f0 index <index>コマンドを使用します。
Border-1#show platform software adjacency switch active f0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 33287, HW handle: (nil) (created)
Border Node Route Verification FEDプログラミング
FEDを確認するには、コマンドshow platform software fed switch active ip route <ip address/subnet mask>を使用します。
Border-1#show platform software fed switch active ip route 10.47.1.12/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 10.47.1.12/32 0x7f3c607b1fa8 0x0 0 0 2023/09/21 05:56:18.346 3
FIB: prefix_hdl:0xcd000023, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:79 {link_type:IP ifnum:0x1b, adj:0x90000026, si: 0x7f3c60989008 IPv4: 10.47.1.1 }
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Border Node Route Verification FED Programming HTM Decode**
コマンドshow platform hardware fed swith active fwd-asic abstraction print-resource-handle <htm value> 1で、HTM値(0x7f3c607b1fa8)を使用します
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607b1fa8 1 Handle:0x7f3c607b1fa8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c60888ed8 Features sharing this resource:Cookie length: 12 0c 01 2f 0a 00 00 00 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c60888ed8) Absolute Index: 62678 Time Stamp: 5 KEY - vrf:0 mtr:0 prefix:10.47.1.12 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:180 destined_to_us:0 hw_stats_idx:1 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:38 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**ボーダーノードルート検証si_hdlデコード**
si_hdl(ri_hdl)を取得するには、show platform software fed switch active ip adj <IP address>コマンドを使用します。
Border-1#show platform software fed switch active ip adj 10.47.1.12 IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.12 LISP0.4099 4500.0000.0000 0x7f3c607e17f8 0x7f3c60b09f88 0x60 0x130c 2023/09/21 05:56:31.052
si_hdl(0x7f3c607e17f8)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607e17f8 1 Handle:0x7f3c607e17f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60b09f88Hardware Indices/Handles: index0:0xbe mtu_index/l3u_ri_index0:0x0 index1:0xbe mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 48 65 84 60 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface
**ボーダーノードルート検証リライトインデックスデコード**
RI(0x24)を取り、commandshow platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>内で使用します
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x24 0x24 ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 ASIC#:1 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
**ボーダーノードルート検証宛先インデックスデコード**
DI(0x5012)を取り、コマンドshow platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>で使用します
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0
**ボーダーノードルート検証ri_hdlデコード**
ri_hdl(0x7f3c60b09f88)を取得し、コマンドshow platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60b09f88 1 Handle:0x7f3c60b09f88 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60807728Hardware Indices/Handles: index0:0x24 mtu_index/l3u_ri_index0:0x0 index1:0x24 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2d 00 00 00 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
境界ノードからのファブリックエッジ入力PCAP
パケットはまだVXLANでカプセル化されており、内部IPアドレスに対してではなく、RLOCからRLOCに一致するACLを使用してキャプチャのフィルタリングを続行します。
Edge-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 12 0.876204 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=3/768, ttl=253 (request in 3) 17 2.614814 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=4/1024, ttl=253 (request in 14)
Ethernet II, Src: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3), Dst: 52:54:00:04:84:b1 (52:54:00:04:84:b1) -----> True MAC addresses Destination: 52:54:00:04:84:b1 (52:54:00:04:84:b1) Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x00e0 (224) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: UDP (17) Header checksum: 0x6613 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.10 Destination: 10.47.1.12 User Datagram Protocol, Src Port: 65345, Dst Port: 4789 Source Port: 65345 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.876204000 seconds] [Time since previous frame: 0.457213000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 Reserved: 0 Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:71:00 (00:00:00:00:71:00) Address: 00:00:00:00:71:00 (00:00:00:00:71:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x37ca (14282) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: ICMP (1) Header checksum: 0x279e [validation disabled] [Header checksum status: Unverified] Source: 8.8.8.8 Destination: 10.47.4.2 Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x2e16 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 3 (0x0003) Sequence number (LE): 768 (0x0300) [Request frame: 3] [Response time: 850.538 ms] Data (56 bytes)
更新履歴
| 改定 | 発行日 | コメント |
|---|---|---|
1.0 |
16-Mar-2026
|
初版 |
フィードバック