SDA 포워딩 North-South 트래픽 흐름 문제 해결
목차
소개
이 문서에서는 SDA(Software Defined Access)의 일부로 남북 트래픽 흐름을 검증하는 방법에 대해 설명합니다.
사전 요구 사항
요구 사항
다음 주제에 대한 지식을 보유하고 있으면 유용합니다.
- IP 전달
- BGP(Border Gateway Protocol)
- 소프트웨어 정의 액세스(SD-Access)
사용되는 구성 요소
이 문서의 정보는 다음 소프트웨어 및 하드웨어 버전을 기반으로 합니다.
Cisco IOS® XE 17.10.1의 C9000v
Cisco IOS® XE 17.3.6의 CSR1Kv
SDA 1.0(LISP PubSub 아님)
이 문서의 정보는 특정 랩 환경의 디바이스를 토대로 작성되었습니다. 이 문서에 사용된 모든 디바이스는 초기화된(기본) 컨피그레이션으로 시작되었습니다. 현재 네트워크가 작동 중인 경우 모든 명령의 잠재적인 영향을 미리 숙지하시기 바랍니다.
관련 제품
이 문서는 다음 하드웨어 및 소프트웨어 버전에서도 사용할 수 있습니다.
- C9200
- C9300
- C9400
- C9500
- C9600
- Cisco IOS® XE 16.12 이상
배경 정보
SDA North-South Traffic Flow는 SDA 패브릭 내에 존재하며 엔드포인트 또는 서버와 통신하려는 엔드포인트, 즉 SDA 패브릭 내에 있지 않은 엔드포인트라는 개념을 의미합니다.
- 먼저 엔드포인트는 패브릭 에지 노드인 기본 게이트웨이에 대한 ARP를 확인합니다
- 그런 다음 엔드포인트는 패브릭 에지 노드의 애니캐스트 게이트웨이인 기본 게이트웨이로 IP 패킷을 전송합니다.
- 패브릭 에지 노드는 Cisco CEF(Express Forwarding)를 사용하여 패킷을 외부로 전송하고, 어떤 LISP(Locator ID Separator Protocol)가 CEF를 구동하는지 확인합니다.
- 패브릭 에지 노드에는 0.0.0.0/0, 기본 경로에 대한 맵 캐시 항목이 있으며, 이 작업은 프록시 PETR(Egress Tunnel Router) 또는 SDA 패브릭 보더 노드를 향해 모든 패킷을 캡슐화하는 것입니다.
- 패브릭 에지 노드는 원래 IP 패킷을 VXLAN에 캡슐화하고 SDA 패브릭 보더 노드를 향해 패킷을 전달합니다.
- 보더 노드는 패킷을 역캡슐화하고 원래 패킷 대상 IP 주소에 대해 IP 조회를 실행한 다음, 적절한 다음 홉으로 패킷을 전달합니다. 다음 홉은 SDA 패브릭에 속하지 않는 업스트림 Fusion Router일 가능성이 높습니다.
- 다음으로, SDA 패브릭 내의 엔드포인트로 향하는 반환 트래픽의 경우, 패킷이 Fusion Router에 의해 수신되며 목적지 IP 주소에 대해 IP 조회를 실행하고 이를 Border 노드인 적절한 다음 홉으로 전달합니다.
- 패브릭 보더 노드는 LISP에서 파생된 CEF를 참조하여 어떤 패브릭 에지 노드가 엔드포인트와 연결되었는지 확인하고 원래 패킷을 VXLAN에 캡슐화하여 전송합니다.
- 패브릭 에지는 패킷을 역캡슐화하고 원래 패킷을 엔드포인트로 전달합니다.
기본 워크플로
참조 토폴로지
이 예의 목적상 C9000v 스위치는 패브릭 에지 및 배치된 경계로 작동합니다. Fusion 라우터 및 인터넷 라우터는 CSR1Kv 라우터입니다. VLAN 1026에 있고 red_vn 가상 네트워크(VN)의 일부인 10.47.4.2의 엔드포인트가 인터넷 라우터에서 루프백0 인터페이스로 존재하는 8.8.8.8을 ping하려고 합니다.
North-South 트래픽 흐름 확인
컨피그레이션 세부사항
Edge-1 구성(10.47.1.12)
! hostname Edge-1 ! vrf definition red_vn ! address-family ipv4 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! ip routing ! ip dhcp relay information option ! ip dhcp snooping vlan 1025-1026 ip dhcp snooping vlan 1025-1026 proxy-bridge ip dhcp snooping vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! license boot level network-advantage addon dna-advantage license smart transport off ! system mtu 8978 diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! vlan 1025 name blue ! vlan 1026 name red ! vlan 2046 name VOICE_VLAN ! lldp run ! policy-map system-cpp-policy ! interface Loopback0 ip address 10.47.1.12 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface L2LISP0 ip access-group SDA-FABRIC-LISP in ip access-group SDA-FABRIC-LISP out ! interface L2LISP0.8188 ! interface L2LISP0.8190 ! interface GigabitEthernet1/0/1 no switchport ip address 10.47.1.1 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2 no switchport ip address 10.47.1.5 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable ! interface Vlan1025 description Configured from Cisco DNA-Center mac-address 0000.0c9f.fb87 vrf forwarding blue_vn ip address 10.47.7.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility blue-IPV4 ! interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 ! router lisp locator-table default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set ! locator default-set rloc_222e1707-175d-4019-a783-060404f8bc2f service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 091B4C08185447475E5A5D7A7970796A61 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 00531107050A5B535A77151E5B4D544E46 etr map-server 10.47.1.11 proxy-reply etr sgt no map-cache away-eids send-map-request use-petr 10.47.1.10 use-petr 10.47.1.11 proxy-itr 10.47.1.12 exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 055C040E201D1E5C4C534E42595855737F etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change dynamic-eid blue-IPV4 database-mapping 10.47.7.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf blue_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 8188 remote-rloc-probe on-route-change service ethernet eid-table vlan 1025 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! ipv4 locator reachability minimum-mask-length 32 ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4012.00 is-type level-2-only domain-password xxxxxx metric-style wide log-adjacency-changes nsf ietf !
Border-1(10.47.1.10)의 컨피그레이션 세부사항
! hostname Border-1 ! vrf definition red_vn rd 1:4099 ! address-family ipv4 route-target export 1:4099 route-target import 1:4099 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! aaa session-id common ! ip routing ! vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso crypto engine compliance shield disable ! vlan 3001 name 3001 ! vlan 3002 name 3002 ! interface Loopback0 ip address 10.47.1.10 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface Loopback1026 description Loopback Border vrf forwarding red_vn ip address 10.47.4.1 255.255.255.255 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface GigabitEthernet1/0/1 description Uplink To Fusion Router 1 switchport mode trunk ! interface GigabitEthernet1/0/2 no switchport no ip address ! interface GigabitEthernet1/0/2.69 encapsulation dot1Q 69 ip address 10.47.1.8 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2.421 encapsulation dot1Q 421 vrf forwarding red_vn ip address 10.47.9.1 255.255.255.252 ! interface GigabitEthernet1/0/3 no switchport ip address 10.47.1.0 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/4 no switchport ip address 10.47.1.2 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface Vlan3002 description vrf interface to External router vrf forwarding red_vn ip address 10.47.2.5 255.255.255.252 no ip redirects ip route-cache same-interface ! router lisp locator-table default locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 IPv4-interface Loopback0 priority 10 weight 10 auto-discover-rlocs exit-locator-set ! locator default-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 124E0716135A5C517F7D7D786161734A53 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr sgt proxy-etr proxy-itr 10.47.1.10 map-server map-resolver exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 0758234D4F5849504244525C567E7A7D7C etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 10190B180446425E5952737B767C626C76 etr map-server 10.47.1.11 proxy-reply etr map-server map-resolver exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change service ipv4 eid-table vrf red_vn database-mapping 10.47.2.4/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-red_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change service ipv4 eid-table vrf blue_vn database-mapping 10.47.2.0/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-blue_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! site site_uci description map-server configured from Cisco DNA-Center authentication-key 7 091B4C08185447475E5A5D7A7970796A61 eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics eid-record instance-id 4099 10.47.4.0/24 accept-more-specifics eid-record instance-id 4100 0.0.0.0/0 accept-more-specifics eid-record instance-id 4100 10.47.7.0/24 accept-more-specifics eid-record instance-id 8188 any-mac eid-record instance-id 8190 any-mac exit-site ! ipv4 locator reachability exclude-default ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4010.00 is-type level-2-only domain-password cisco123 metric-style wide log-adjacency-changes nsf ietf default-information originate ! router bgp 69420 bgp router-id interface Loopback0 bgp log-neighbor-changes bgp graceful-restart ! address-family ipv4 vrf blue_vn bgp aggregate-timer 0 network 10.47.2.0 mask 255.255.255.252 network 10.47.7.1 mask 255.255.255.255 aggregate-address 10.47.7.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.2 remote-as 65531 neighbor 10.47.2.2 update-source Vlan3001 neighbor 10.47.2.2 activate neighbor 10.47.2.2 weight 65535 neighbor 10.47.2.2 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! address-family ipv4 vrf red_vn bgp aggregate-timer 0 network 10.47.2.4 mask 255.255.255.252 network 10.47.4.1 mask 255.255.255.255 aggregate-address 10.47.4.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.6 remote-as 65531 neighbor 10.47.2.6 update-source Vlan3002 neighbor 10.47.2.6 activate neighbor 10.47.2.6 weight 65535 neighbor 10.47.2.6 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! ip community-list 1 permit 655370 ! ip prefix-list deny_0.0.0.0 seq 10 permit 0.0.0.0/0 ! ip prefix-list l3handoff-prefixes seq 914788097 permit 10.47.2.12/30 ip prefix-list l3handoff-prefixes seq 934060929 permit 10.47.2.8/30 ip prefix-list l3handoff-prefixes seq 934208897 permit 10.47.2.4/30 ip prefix-list l3handoff-prefixes seq 934356865 permit 10.47.2.0/30 ! ip prefix-list blue_vn seq 337301377 permit 10.47.7.0/24 ip prefix-list blue_vn seq 629796565 permit 0.0.0.0/0 ! ip prefix-list red_vn seq 629796565 permit 0.0.0.0/0 ip prefix-list red_vn seq 927849985 permit 10.47.4.0/24 ! route-map tag_local_eids permit 5 set community 655370 ! route-map DENY-blue_vn deny 5 match ip address prefix-list blue_vn ! route-map DENY-blue_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-blue_vn deny 15 match community 1 ! route-map DENY-blue_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-blue_vn permit 30 ! route-map DENY-red_vn deny 5 match ip address prefix-list red_vn ! route-map DENY-red_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-red_vn deny 15 match community 1 ! route-map DENY-red_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-red_vn permit 30 ! route-map deny_0.0.0.0 deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map deny_0.0.0.0 permit 30 !
SDA 엔드포인트에 대한 패브릭 에지 확인
IPDT 및 MAC 주소 프로그래밍 확인
IPDT(IP Device-Tracking) 데이터베이스를 확인하여 엔드포인트에 대한 올바른 항목이 있는지 확인합니다
Edge-1#show device-tracking database interface gig1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk 0004:Orig access
0008:Orig trusted trunk 0010:Orig trusted access 0020:DHCP assigned
0040:Cga authenticated 0080:Cert authenticated 0100:Statically assigned
Network Layer Address Link Layer Address Interface vlan prlvl age state Time left
DH4 10.47.4.2 5254.0019.93e9 Gi1/0/3 1026 0024 76s REACHABLE 165 s try 0(21276 s)
**소프트웨어 MAC 주소 프로그래밍**
Edge-1#show mac address-table address 5254.0019.93e9
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.0019.93e9 DYNAMIC Gi1/0/3 <--- Endpoint MAC address learnt dynamically in VLAN 1026
Total Mac Addresses for this criterion: 1
**소프트웨어 FED MAC 주소 프로그래밍**
show platform software fed switch active matm macTable vlan <vlan> mac <mac address> 명령을 사용합니다
Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026 5254.0019.93e9 0x1 9 0 0 0x7f65ec7bda68 0x7f65ec7c21f8 0x0 0x7f65ec6e1368 300 7 GigabitEthernet1/0/3 Yes
======platform hardware details ======
Asic: 0
htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3]
Asic: 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000000
**MAC 주소 macHandle 프로그래밍**
이전 명령의 macHandle 값(0x7f65ec7bda68)을 가져와 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <macHandle> 1에서 활용합니다.
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1
Entry 0: (handle 0x7f65ec95dc68)
Absolute Index: 6778
Time Stamp: 4
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================
**MVID 확인**
이전 출력의 숫자 7은 하드웨어의 MVID(Mapped VLAN ID)입니다. "실제" VLAN과 일치하는지 확인하려면 show platform software fed switch active vlan <vlan number>를 사용합니다
Edge-1#show platform software fed switch active vlan 1026
VLAN Fed Information
Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID
-----------------------------------------------------------------------------------------------------------------------
1026 0x0000000000420011 0x00007f65ec6a08b8 0x00007f65ec6a1138 0x00007f65ec77e838 0x000000000000001d 7
**GPN(Global Port Number) 확인**
GPN을 "실제" 인터페이스와 연계하려면 show platform software fed switch active ifm mappings gpn 명령을 사용합니다
Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table
GPN Interface IF_ID IF_TYPE
--------------------------------------------------------------------------------------------------
1 GigabitEthernet1/0/1 0x0000001a ETHER
2 GigabitEthernet1/0/2 0x0000001b ETHER
3 GigabitEthernet1/0/3 0x0000000b ETHER
**MAC 주소 siHandle 프로그래밍**
이전 명령의 siHandle 값(0x7f65ec7c21f8)을 가져와 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_handle> 1에 활용합니다.
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3 mtu_index/l3u_ri_index0:0x0 index1:0xc3 mtu_index/l3u_ri_index1:0x0
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC
Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core
==============================================================
**MAC 주소 다시 쓰기 인덱스 확인**
이전 명령의 RI 값(0x25)을 가져와 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>에서 활용합니다.
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
**MAC 주소 대상 인덱스 확인**
이전 명령의 DI 값(0x526e)을 가져와 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>에서 활용합니다.
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:
Destination index = 0x526e
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2.
pmap_intf : [GigabitEthernet1/0/3]
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x526e
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
**포트 확인**
이전에 확인한 포트의 상관관계를 분석하려면 show platform software fed switch active ifm 매핑 명령을 사용하고 Port 열을 확인합니다.
Edge-1#show platform software fed switch active ifm mappings
------------------ show platform software fed switch active ifm mappings ------------------
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y
GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y
GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y <-- Matches port 2 from previous output
**하드웨어 FED MAC 주소 확인**
작업/이상적인 시나리오의 이 출력은 macHandle 디코딩이 제공한 것과 일치합니다.
Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 HEAD: MAC address 5254.0019.93e9 in VLAN 1026 KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0 MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0 DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0 Total Mac number of addresses:: 1
- 하드웨어의 VLAN ID(MVID)는 7입니다.
- MAC 주소: 5254.0019.93e9
- GPN: 3
ARP 및 IP 연결 확인
Edge-1#show ip arp vrf red_vn 10.47.4.2 ------------------ show ip arp vrf red_vn 10.47.4.2 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.4.2 156 5254.0019.93e9 ARPA Vlan1026
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 130/145/168 ms
Edge-1#show vlan id 1026 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1026 red active L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026
**L2 LISP 데이터베이스 확인**
L2 LISP 데이터베이스를 확인하려면 show lisp instance-id <L2 LISP ID> ethernet database <mac address> 명령을 사용합니다
Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9 LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 2 5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC Uptime: 2d17h, Last-change: 2d17h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**LISP L2 AR(Address Resolution) 데이터베이스 확인**
L2 AR 데이터베이스를 확인하려면 show lisp instance-id <L2 LISP ID> ethernet database address-resolution <mac address> 명령을 사용합니다
Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9 LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190) (*) -> entry being deleted Hardware Address L3 InstID Host Address 5254.0019.93e9 4099 10.47.4.2/32 <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively
**LISP L3 데이터베이스 확인**
LISP L3 데이터베이스를 확인하려면 show lisp instance-id <L3 LISP ID> ipv4 database <ipv4 address/subnet mask> 명령을 사용합니다
Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32 LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 1 10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address Uptime: 2d18h, Last-change: 2d18h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
Fabric Edge Ingress EPC(Embedded Packet Capture) 연결 엔드포인트
이 시점에서는 VXLAN 캡슐화가 아직 없으므로 실제 IP 주소(8.8.8.8과 통신하는 10.47.4.2)를 필터링하고 일치시킬 수 있습니다. 패킷이 패브릭 에지 노드를 인그레스(ingress)합니다.
Edge-1(config)#ip access-list extended TAC Edge-1(config-ext-nacl)#permit ip host 10.47.4.2 host 8.8.8.8 Edge-1(config-ext-nacl)#permit ip host 8.8.8.8 host 10.47.4.2 Edge-1#monitor capture 1 interface g1/0/3 both access-list TAC Edge-1#monitor capture 1 start Started capture point : 1 Edge-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**brief 키워드로 패킷 캡처 보기**
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.006216 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=0/0, ttl=64 2 0.493181 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=0/0, ttl=253 (request in 1) 3 1.009602 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=1/256, ttl=64 4 1.437506 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=1/256, ttl=253 (request in 3) 5 2.025409 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=2/512, ttl=64 6 2.521520 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=2/512, ttl=253 (request in 5) 7 3.010566 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=3/768, ttl=64 8 3.420162 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=3/768, ttl=253 (request in 7)
**자세한 키워드로 패킷 캡처 보기**
Edge-1#show monitor capture 1 buffer display-filter "icmp.type==8" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) -----> Endpoint SMAC and Anycast GW MAC
Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9b61 (39777)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x8107 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8보더 노드를 향한 패브릭 에지 EPC(Egress Embedded Packet Capture)
이 시점에서 패킷은 VXLAN으로 캡슐화되므로 ACL은 RLOC에서 RLOC로 일치해야 하는 내부 IP 주소(10.47.4.2 및 8.8.8.8)와 일치할 수 없습니다. 그런 다음 Wireshark 필터를 사용하여 내부 주소를 보고 확인할 수 있습니다.
**brief 키워드로 패킷 캡처 보기**
Edge-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.025666 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=3/768, ttl=63 14 0.895095 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=4/1024, ttl=63
**자세한 키워드로 패킷 캡처 보기**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> These are not the real MAC Addresses, does not capture L3 rewrite properly Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x063b (1595) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0x1db9 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.10 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 -----> VXLAN Destination Port Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 1] [Timestamps] [Time since first frame: 0.869429000 seconds] [Time since previous frame: 0.869429000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 -----> L3 LISP Instance ID tied to this VN Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN Header Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> Inner IPv4 Addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x380e (14350) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0xe55a [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 8.8.8.8 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xd8d0 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 4 (0x0004) Sequence number (LE): 1024 (0x0400) Data (56 bytes)
비SDA 클라이언트를 위한 패브릭 에지 경로 확인
Fabric Edge CEF 및 LISP 확인
LISP는 패킷을 전달할 때 CEF가 수행하는 작업을 제어합니다.
Edge-1#show lisp instance-id 4099 ipv4 map-cache 0.0.0.0/0 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 0.0.0.0/0, uptime: 3d02h, expires: never, via static-send-map-request Sources: static-send-map-request State: send-map-request, last modified: 3d02h, map-source: local Exempt, Packets out: 24481(14099580 bytes), counters are not accurate (~ 00:00:46 ago) Configured as EID address space Encapsulating to proxy ETR <-- Send the packet to the Proxy Egress Tunnel Router
Edge-1#show run | include use-petr use-petr 10.47.1.10 <-- These PETRs are used for packet forwarding use-petr 10.47.1.11 <-- These PETRs are used for packet forwarding
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
FMAN RP 경로 확인
FMAN RP 관점에서 경로를 확인하려면 show platform software ip switch active r0 cef prefix <network address/subnet mask> detail 명령을 사용합니다
Edge-1#show platform software ip switch active r0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Convert 0x4f from hex to decimal, result is 79 Prefix Flags: Default OM handle: 0x34802330f0
두 개의 다음 홉을 사용할 수 있으므로 포워딩 테이블에서 로드 밸런싱 객체를 사용하므로 show platform software loadinfo switch active r0 index <convert hex to decimal of OBJ_LOADBALANCE> 명령을 사용합니다.
Edge-1#show platform software loadinfo switch active r0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 OM handle: 0x34803abbf8
이전 명령에서 obj 핸들을 가져와서 show platform software adjacency switch active r0 index <obj handle>에서 사용합니다.
Edge-1#show platform software adjacency switch active r0 index 0x55 Number of adjacency objects: 25 Adjacency id: 0x55 (85) Interface: GigabitEthernet1/0/1, IF index: 26, Link Type: MCP_LINK_IP Encap: 52:54:0:a:42:f3:52:54:0:4:84:b1:8:0 -----> 5254.000a.42f3 (DMAC) 5254.0000.0004.00b1 (SMAC) 0800 (ETYPE) (ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.0 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x3480270910
이전 명령에서 obj 핸들을 가져와서 show platform software adjacency switch active r0 index <obj handle>에서 사용합니다.
Edge-1#show platform software adjacency switch active r0 index 0x4c Number of adjacency objects: 25 Adjacency id: 0x4c (76) Interface: GigabitEthernet1/0/2, IF index: 27, Link Type: MCP_LINK_IP Encap: 52:54:0:1c:7d:e0:52:54:0:4:84:a3:8:0 -----> 5254.001c.7de0 (DMAC) 5254.00004.84a3 (SMAC) 0800(ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.4 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803991c0
ARP 항목은 다음 홉 IP 주소와 일치합니다.
Edge-1#show ip arp g1/0/1 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.1 - 5254.0004.84b1 ARPA GigabitEthernet1/0/1 Internet 10.47.1.0 63 5254.000a.42f3 ARPA GigabitEthernet1/0/1
Edge-1#show ip arp g1/0/2 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.5 - 5254.0004.84a3 ARPA GigabitEthernet1/0/2 Internet 10.47.1.4 47 5254.001c.7de0 ARPA GigabitEthernet1/0/2
FMAN FP 경로 확인
FMAN FP 관점에서 경로를 확인하려면 show platform software ip switch active f0 cef prefix <network/subnet mask> detail 명령을 사용합니다
Edge-1#show platform software ip switch active f0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Matches the OBJ_LOADBALANCE object that FMAN RP had Prefix Flags: Default aom id: 165, HW handle: (nil) (created) -----> Object ID that is used in the next command
이전 명령의 aom id 값을 가져와 show platform software object-manager switch active f0 object <aom id value>에 사용합니다.
Edge-1#show platform software object-manager switch active f0 object 165 Object identifier: 165 Description: PREFIX 0.0.0.0/0 (Table id 0) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0x37e9e498
Edge-1#show platform software object-manager switch active f0 object 165 parents Object identifier: 21 Description: ipv4 table 0 (Default), vrf id 0 Status: Done Object identifier: 1451 Description: uRPF-list(hdl=0x00000052) Status: Done Object identifier: 1452 Description: LB 0x4f -----> This load balance object is the same that was observed in previous output, decimal 79 Status: Done
FMAN RP와 유사하게, show platform software loadinfo switch active f0 <convert hex to decimal of the LB object>를 사용하여 FMAN FP 관점에서 이 정보를 확인합니다
Edge-1#show platform software loadinfo switch active f0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 aom id: 1452, HW handle: (nil)
이전 명령에서 obj 핸들을 가져와서 show platform software adjacency switch active f0 index <obj handle>에서 사용합니다.
Edge-1#show platform software object-manager switch active f0 object 0x55 Object identifier: 85 Description: intf L2LISP0, handle 23, hw handle 23, HW dirty: NONE AOM dirty NONE Obj type id: 31 Obj type: dpidb-config Status: Done, Epoch: 0, Client data: 0x37e8e5f8
Edge-1#show platform software object-manager switch active f0 object 0x4c Object identifier: 76 Description: Tx Channel Vlan1026, handle 29, hw handle 29, flag 0x0, dirty hw: NONE dirty aom NONE Obj type id: 33 Obj type: txchan-config Status: Done, Epoch: 0, Client data: 0x37e896a8
FED 경로 확인
FED 관점에서 경로를 확인하려면 show platform software fed switch active ip route <network/subnet mask> 명령을 사용합니다
Edge-1#show platform software fed switch active ip route 0.0.0.0/0
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 0.0.0.0/0 0x7f65ec862228 0x0 0 0 2023/09/21 05:56:21.484 1
FIB: prefix_hdl:0xdd000001, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 ----> Decimal 79 is hex 0x4F
mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0
modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0
bwalk:[req:0 in_prog:0 nested:0]
AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1)
hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458
ADJ:objid:85 {link_type:IP ifnum:0x1a, adj:0xa7000028, si: 0x7f65ec8b8468 IPv4: 10.47.1.0 } <-- Decimal 85 is hex 0x55
ADJ:objid:76 {link_type:IP ifnum:0x1b, adj:0x62000026, si: 0x7f65ec8a5458 IPv4: 10.47.1.4 } <-- Decimal 76 is hex 0x4c
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**FED 경로 확인 HTM 디코딩**
이전 명령의 htm 값(0x7f65ec86228)을 가져와 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm value> 1에 사용합니다.
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec862228 1 Handle:0x7f65ec862228 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec846388 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f65ec846388) Absolute Index: 92658 Time Stamp: 446 KEY - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 MASK - vrf:4095 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:3 afdLabelOrDestClientId:0 SI:65281 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:1 need_to_learn:1 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:1 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:1 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:1 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**FED 경로 확인 ECR 개체 디코딩**
경로에는 사용 가능한 다음 경로 2개가 필요하므로 show platform software fed switch active ip ecr 명령을 사용하여 ECR(equal-cost-routing)을 확인하고 loadbalance 객체를 obj_id로 찾습니다
Edge-1#show platform software fed switch active ip ecr IPV4 ECR table <snip> Entry 3 obj_id 0x4f Num Choices 0x2 Flags 0x00000000 Index 0x7f65ec8029f8 -----> Hex 0x4f to decimal is 79 LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0 modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0 bwalk:[req:0 in_prog:0 nested:0] AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1) hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458 Adj IP 10.47.1.0 adj_id 0x55 SI 0x7f65ec8b8468 -----> The IPv4 next-hop, this adjacency ID has been seen previously Adj IP 10.47.1.4 adj_id 0x4c SI 0x7f65ec8a5458 -----> The IPv4 next-hop, this adjacency ID has been seen previously <snip>
**FED 경로 확인 ECR 인덱스 디코딩**
이전 명령(0x7f65ec8029f8)에 표시된 인덱스를 사용하여 show platform 하드웨어 fed switch active fwd-asic abstraction print-resource-handle <ecr index> 1 내에서 사용하십시오.
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8029f8 1 Handle:0x7f65ec8029f8 Res-Type:ASIC_RSC_LV2_ECR Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x1 mtu_index/l3u_ri_index0:0x0 index1:0x1 mtu_index/l3u_ri_index1:0x0 Cookie length: 128 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Equal Cost Routing Level2 (ECR lv2) [0x1] lv2StationIndex0 = 0xb1 ------> This Station Index is associated with one next-hop adjacency SI handle0 = 0 lv2StationIndex1 = 0xbc ------> This Station Index is associated with one next-hop adjacency SI handle1 = 0
패브릭 에지 LISP Next-Hop 확인
LISP next-hop을 캡처하려면 VRF에서 CEF의 경로를 확인하십시오
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
LISP Next-Hop 경로 FED 확인
si_hdl 또는 ri_hdl 값을 가져오려면 show platform software fed switch active ip adj 명령을 사용합니다
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
LISP Next-Hop si_hdl 디코딩
si_hdl (0x7f65ec8a9b38)을 가져와서 명령 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1을 활용합니다.
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9b38 1 Handle:0x7f65ec8a9b38 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a9d58Hardware Indices/Handles: index0:0xbf mtu_index/l3u_ri_index0:0x0 index1:0xbf mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD
LISP Next-Hop 재작성 인덱스 디코드
Rewrite Index(0x20)를 디코딩하고 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령을 사용합니다.
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x20 0x20 ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, ----> Dummy VXLAN MAC Address Src IP: 10.47.1.12 ----> FE RLOC Dst IP: 10.47.1.10 ----> BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46
LISP Next-Hop 대상 인덱스 디코딩
대상 인덱스(0x5012)를 디코딩하고 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI> 명령을 사용합니다.
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 al_rsc_cmi ASIC#1: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi
LISP Next-Hop ri_hdl 디코딩
ri_hdl을 디코딩하려면 값 (0x7f65ec8a9d58)을 사용하고 명령 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <di_hdl> 1을 사용합니다
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9d58 1 Handle:0x7f65ec8a9d58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8aa2c8Hardware Indices/Handles: index0:0x20 mtu_index/l3u_ri_index0:0x0 index1:0x20 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ==============================================================
패브릭 에지 언더레이 Next-Hop 확인
LISP next-hop에 도달할 언더레이 next-hop IP 주소를 식별하려면 라우팅 테이블을 확인하십시오
Edge-1#show ip route 10.47.1.10 Routing entry for 10.47.1.10/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.0 on GigabitEthernet1/0/1, 07:10:11 ago Routing Descriptor Blocks: * 10.47.1.0, from 10.47.1.10, 07:10:11 ago, via GigabitEthernet1/0/1 Route metric is 20, traffic share count is 1
Edge-1#show ip route 10.47.1.11 Routing entry for 10.47.1.11/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.4 on GigabitEthernet1/0/2, 1w1d ago Routing Descriptor Blocks: * 10.47.1.4, from 10.47.1.11, 1w1d ago, via GigabitEthernet1/0/2 Route metric is 20, traffic share count is 1
si_hdl을 가져오려면 ri_hdl 정보가 show platform software fed switch active ip adj 명령을 사용합니다
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
Underlay Next-Hop 확인 si_hdl Decode
si_hdl을 디코딩하려면 si_hdl(0x7f65ec8a5458)을 사용하고 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1 명령을 사용합니다
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was already seen RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD -----> Local Data, indicating that this ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was seen previously RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD -----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core. ==============================================================
Underlay Next-Hop Verification Rewrite Index Decode
Rewrite Index(0x1a)를 디코딩하고 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령을 사용합니다.
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38
Underlay Next-Hop 확인 ri_hdl Decode
si_hdl을 디코딩하려면 ri_hdl(0x7f65ec8a4eb8)을 사용하여 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1 명령을 사용합니다
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1 Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a mtu_index/l3u_ri_index0:0x0 index1:0x1a mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ==============================================================
패브릭 에지 노드의 보더 노드 인그레스 EPC
패킷은 현재 VXLAN에서 캡슐화되었으므로 내부 IP 주소에 대해 ACL과 일치시킬 수 없습니다. RLOC에서 RLOC으로 일치시켜야 하며, 그런 다음 Wireshark 필터를 사용하여 내부 IP 주소를 찾아 필터링할 수 있습니다.
Border-1(config)#ip access-list extended TAC Border-1(config-ext-nacl)#permit ip host 10.47.1.12 host 10.47.1.10 Border-1(config-ext-nacl)#permit ip host 10.47.1.10 host 10.47.1.12 Border-1#monitor capture 1 interface g1/0/3 both access-list TAC Border-1#monitor capture 1 start Started capture point : 1 Border-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**brief 키워드로 패킷 캡처 보기**
Border-1#show monitor capture 1 buffer display-filter “icmp.type==8” brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.483114 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 4 0.490667 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 7 1.461263 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 8 1.469756 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 11 2.480293 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=2/512, ttl=63
**자세한 키워드로 패킷 캡처 보기**
Ethernet II, Src: 52:54:00:04:84:b1 (52:54:00:04:84:b1), Dst: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) <--- SMAC (G1/0/1 of FE Node) DMAC (G1/0/3 of BN)
Destination: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC of FE Node, RLOC of BN
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x0490 (1168)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x2064 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.12
Destination: 10.47.1.10
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
Source Port: 65354
Destination Port: 4789 -----> VXLAN Destination Port
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099 -----> L3 LISP ID tied to this VN
Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy Ethernet Header
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> PC Source IP Address Destination IP address
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0xa41e (42014)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x794a [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xfa72 [correct]
[Checksum Status: Good]
Identifier (BE): 30 (0x001e)
Identifier (LE): 7680 (0x1e00)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
비SDA 클라이언트에 대한 보더 노드 경로 확인
Border Node 경로 확인 IOS 프로그래밍
Border-1#show ip route vrf red_vn 8.8.8.8 Routing Table: red_vn Routing entry for 8.8.8.8/32 Known via "bgp 69420", distance 20, metric 0 Tag 65531, type external Redistributing via lisp Last update from 10.47.2.6 03:28:39 ago Routing Descriptor Blocks: * 10.47.2.6, from 10.47.2.6, 03:28:39 ago opaque_ptr 0x7F08285F3C00 Route metric is 0, traffic share count is 1 AS Hops 1 Route tag 65531 MPLS label: none MPLS Flags: NSF
보더 노드 경로 CEF 확인
Border-1#show ip cef vrf red_vn 8.8.8.8 8.8.8.8/32 nexthop 10.47.2.6 Vlan3002
Border-1#show ip vrf detail red_vn | include Table ID Address family ipv4 unicast (Table ID = 0x3): -----> Used in the next command, use the integer that comes after 0x
Border Node Route Programming FMAN RP 확인
Border-1#show platform software ip switch active r0 cef table index 3 prefix 8.8.8.8/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 8.8.8.8/32 OBJ_ADJACENCY 0x1239 -----> Index used in the next command Border-1#show ip arp vrf red_vn vlan 3002 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 142 001e.4982.54bf ARPA Vlan3002 -----> Next Hop
Border Node Route Programming FMAN FP 확인
Border-1#show platform software ip switch active f0 cef table index 3 prefix 8.8.8.8/32 detail Forwarding Table 8.8.8.8/32 -> OBJ_ADJACENCY (0x1239), urpf: 4669 -----> Matches the index from FMAN RP Prefix Flags: unknown aom id: 32123, HW handle: (nil) (created) <-- Used in the next command
보더 노드 경로 프로그래밍 FMAN FP 개체 디코딩
이전 출력의 aom id를 가져와 show platform software object-manager switch active f0 object <aom id> 명령에서 사용합니다.
Border-1#show platform software object-manager switch active f0 object 32123 Object identifier: 32123 Description: PREFIX 8.8.8.8/32 (Table id 3) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0xc630b208 Border-1#show platform software object-manager switch active f0 object 32123 parents Object identifier: 30 Description: ipv4 table 3 (red_vn), vrf id 3 Status: Done Object identifier: 32669 Description: adj 0x1239, Flags None -----> Convert 0x1239 to decimal, get 4665 Status: Done Object identifier: 32675 Description: uRPF-list(hdl=0x0000123d) Status: Done
이전 adj 값을 십진수로 지정하고 show platform software adjacency switch active f0 index <decimal of adj value> 명령에서 사용합니다.
Border-1#show platform software adjacency switch active f0 index 4665 Number of adjacency objects: 27 Adjacency id: 0x1239 (4665) Interface: Vlan3002, IF index: 30, Link Type: MCP_LINK_IP -----> Next-hop interface towards Fusion Router Encap: 0:1e:49:82:54:bf:52:54:0:a:42:e6:8:0 -----> DMAC 001e.4982.54bf SMAC 5254.000a.42e6 0x800 ETYPE Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.2.6 IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 32669, HW handle: (nil) (created)
Border Node 경로 검증 FED 프로그래밍
FED에서 경로를 확인하려면 show platform software fed switch active ip route vrf <vrf name> <network/subnet mask> 명령을 사용합니다.
Border-1#show platform software fed switch active ip route vrf red_vn 8.8.8.8/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
3 8.8.8.8/32 0x7f3c607c3878 0x0 0 0 2023/09/25 14:09:10.866 3
FIB: prefix_hdl:0xd50001e0, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:4665 {link_type:IP ifnum:0x1e, adj:0xdf0000c6, si: 0x7f3c608a8ed8 IPv4: 10.47.2.6 } -----> 4665 matches FMAN FP Object
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Border Node Route Programming FED Verification HTM 디코딩**
htm 값(0x7f3c607c3878)을 가져와서 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <htm> 명령에 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607c3878 1 Handle:0x7f3c607c3878 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c607c9288 Features sharing this resource:Cookie length: 12 08 08 08 08 00 00 03 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c607c9288) Absolute Index: 62770 Time Stamp: 7 KEY - vrf:3 mtr:0 prefix:8.8.8.8 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:1 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:183 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:42 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
VRF에서 dst_mac 확인 ARP를 확인하려면
Border-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.2.6 Vlan3002 001e.4982.54bf 0x7f3c608a8ed8 0x7f3c60ad52c8 0x0 0x1239 2023/09/19 23:22:32.582 Border-1#show ip arp vrf red_vn vlan 3002 ------------------ show ip arp vrf red_vn Vlan3002 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 33 001e.4982.54bf ARPA Vlan3002
**Border Node Route Verification FED Programming si_hdl Decode**
si_hdl 값(0x7f3c608a8ed8)을 가져와서 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1 명령을 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c608a8ed8 1 Handle:0x7f3c608a8ed8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2 priv_ri/priv_si Handle: 0x7f3c60ad52c8Hardware Indices/Handles: index0:0xb7 mtu_index/l3u_ri_index0:0x0 index1:0xb7 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] 57 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xb7] -----> 0xb7 converted from hex to decimal is 183 which was seen on slide 79 RI = 0x1b -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526a -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data. This ASIC is directly connected to the adjacency interface
***Border Node 경로 검증 FED 프로그래밍 재작성 인덱스 디코딩**
RI 값(0x1b)을 가져와서 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령을 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1b 0x1b ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42
***경계 노드 경로 확인 FED 프로그래밍 대상 인덱스 디코딩**
DI 값(0x526a)을 가져와서 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI> 명령을 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526a 0x526a ASIC#0: Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] ASIC#1: Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
***Border Node Route Verification FED Programming ri_hdl Decode**
ri_hdl 값(0x7f3c60ad52c8)을 사용하여 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1에 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60ad52c8 1 Handle:0x7f3c60ad52c8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c6088a538Hardware Indices/Handles: index0:0x1b mtu_index/l3u_ri_index0:0x0 index1:0x1b mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ==============================================================
Border Node Next-Hop MAC 주소 확인
**MAC 주소 확인 IOS 및 FMAN RP**
Border-1#show mac address-table address 001e.4982.54bf Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 3001 001e.4982.54bf DYNAMIC Gi1/0/1 3002 001e.4982.54bf DYNAMIC Gi1/0/1 Total Mac Addresses for this criterion: 2 Border-1#show platform software matm switch active r0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 OM: 0x348038a100 List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 OM: 0x34803a15d0 List of Ports: 9 -----> This indicates if-id 9
**Next-Hop MAC 주소 확인 FMAN FP**
Border-1#show platform software matm switch active f0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 32668 created List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 32653 created List of Ports: 9
Border-1#show platform software object-manager switch active f0 object 32653 Object identifier: 32653 Description: matm mac entry type VLAN, id 3002, 001e.4982.54bf Obj type id: 455 Obj type: MATM mac entry Status: Done, Epoch: 0, Client data: 0xc6300468
Border-1#show platform software object-manager switch active f0 object 32653 parents Object identifier: 40 Description: intf GigabitEthernet1/0/1, handle 9, hw handle 9, HW dirty: NONE AOM dirty NONE Status: Done Object identifier: 133 Description: matm table type VLAN, id 3002 Status: Done
Border-1#show platform software fed switch active ifm if-id 9 Interface IF_ID : 0x0000000000000009 Interface Name : GigabitEthernet1/0/1
**Next-Hop MAC 주소 확인 FED**
Border-1#show platform software fed switch active matm macTable vlan 3002 mac 001e.4982.54bf VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3002 001e.4982.54bf 0x1 13 0 0 0x7f3c607bcee8 0x7f3c608a8ed8 0x0 0x7f3c606a76c8 300 13 GigabitEthernet1/0/1 Yes Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c606a76c8 1 Handle:0x7f3c606a76c8 Res-Type:ASIC_RSC_DI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_IFM Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x526a mtu_index/l3u_ri_index0:0x0 index1:0x526a mtu_index/l3u_ri_index1:0x0 Cookie length: 56 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
Fusion Router로 향하는 Border Node Egress EPC
이 시점에서 원래 IP 주소에 대해 필터링할 수 있습니다. VXLAN 헤더가 제거되고 정상적으로 Fusion Router를 향해 전달됩니다.
Border-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.050 UTC Tue Sep 26 2023 Starting the packet display ........ Press Ctrl + Shift + 6 to exit Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.057 UTC Tue Sep 26 2023 22 7.280477 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=0/0, ttl=63 23 7.316435 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=1/256, ttl=63 30 8.307929 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=2/512, ttl=63 37 9.743485 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=3/768, ttl=63 40 10.312823 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=4/1024, ttl=63
**자세한 키워드로 패킷 캡처 보기**
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) -----> Does not capture L3 rewrite properly
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: CiscoMetaData (0x8909)
Cisco MetaData
Version: 1
Length: 1
Options: 0x0001
SGT: 0
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> True IPv4 source and destination
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x97b1 (38833)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x85b7 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xade9 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 4 (0x0004)
Sequence number (LE): 1024 (0x0400)
Data (56 bytes)
Fusion Router의 Border Node Ingress EPC
이 시점에서 원래 IP 주소에 대해 필터링할 수 있습니다. VXLAN 헤더가 제거되고 정상적으로 Fusion Router를 향해 전달됩니다.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 26 7.486005 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=0/0, ttl=254 (request in 22) 28 7.602492 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=1/256, ttl=254 (request in 23) 31 8.418010 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=2/512, ttl=254 (request in 30)
**자세한 키워드로 패킷 캡처 보기**
Ethernet II, Src: 00:1e:49:82:54:bf (00:1e:49:82:54:bf), Dst: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Destination: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Address: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
Address: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 3002
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 1011 1011 1010 = ID: 3002
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9767 (38759)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0xc700 [validation disabled]
[Header checksum status: Unverified]
Source: 8.8.8.8
Destination: 10.47.4.2
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x4509 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 22]
[Response time: 205.528 ms]
Data (56 bytes)
보더 노드 이그레스 EPC를 패브릭 에지 노드로 이동
이제 패킷은 VXLAN에서 캡슐화됩니다. RLOC에서 RLOC으로 필터링해야 합니다. EPC의 일부로 사용되는 ACL에서 내부 IP 주소를 필터링하고 일치시킬 수 없습니다.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 21 39.264201 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=0/0, ttl=253 (request in 20) 25 40.291940 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=1/256, ttl=253 (request in 24) 29 41.339627 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=2/512, ttl=253 (request in 28) 37 43.626400 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=3/768, ttl=253 (request in 34)
**자세한 키워드로 패킷 캡처 보기**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> Does not properly capture L3 rewrite
Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x00d3 (211)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: UDP (17)
Header checksum: 0x6520 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.10
Destination: 10.47.1.12
User Datagram Protocol, Src Port: 65345, Dst Port: 4789
Source Port: 65345
Destination Port: 4789
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099
Reserved: 0
Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:71:00 (00:00:00:00:71:00)
Address: 00:00:00:00:71:00 (00:00:00:00:71:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IPv4 addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x6f66 (28518)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
SDA 엔드포인트에 대한 경계 노드 확인
SDA 엔드포인트에 대한 보더 노드 LISP 확인
Border-1#show lisp instance-id 4099 ipv4 map-cache 10.47.4.2 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 10.47.4.2/32, uptime: 6d17h, expires: 23:08:02, via map-reply, complete Sources: map-reply, site-registration State: complete, last modified: 5d12h, map-source: 10.47.1.12 Exempt, Packets out: 58101(33464626 bytes), counters are not accurate (~ 00:00:09 ago) Configured as EID address space Locator Uptime State Pri/Wgt Encap-IID 10.47.1.12 5d12h up 10/10 - <-- RLOC of the FE node Last up-down state change: 5d12h, state change count: 1 Last route reachability change: 5d12h, state change count: 1 Last priority / weight change: never/never RLOC-probing loc-status algorithm: Last RLOC-probe sent: 00:51:57 (rtt 266ms)
Border Node CEF 및 FMAN RP 경로 확인
엔드포인트로 향하는 경로를 확인하려면 CEF를 확인한 다음 후속 명령에서 사용되는 VRF ID를 확인합니다
Border-1#show ip cef vrf red_vn 10.47.4.2 10.47.4.2/32 nexthop 10.47.1.12 LISP0.4099
Border-1#show ip vrf detail red_vn | i VRF Id VRF red_vn (VRF Id = 3); default RD 1:4099; default VPNID <-- VRF Id is used later
Border-1#show platform software ip switch active r0 cef table index 3 prefix 10.47.4.2/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 10.47.4.2/32 OBJ_PUSH_COUNTE 0x124c <-- Use in the next command
Border Node FMAN FP 경로 확인
인덱스(0x124c)를 가져와서 show platform software push-counter switch active f0 index <index> 명령을 사용합니다.
Border-1#show platform software push-counter switch active f0 index 0x124c Number of Push Counter oce entries: 6 Index Type Next Object Index Cef Misc Data ------------------------------------------------------------------------------------------------ 0x124c PPC OBJ_ADJACENCY 0x130c aom id: 32712, HW info: (nil) (created) <-- Index is used in the next command
객체의 FMAN RP를 확인하려면 show platform software adjacency switch active r0 index <index> 명령을 사용합니다
Border-1#show platform software adjacency switch active r0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803a0c18
개체의 FMAN FP를 확인하려면 show platform software adjacency switch active f0 index <index> 명령을 사용합니다
Border-1#show platform software adjacency switch active f0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 33287, HW handle: (nil) (created)
Border Node 경로 검증 FED 프로그래밍
FED를 확인하려면 show platform software fed switch active ip route <ip address/subnet mask> 명령을 사용합니다
Border-1#show platform software fed switch active ip route 10.47.1.12/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 10.47.1.12/32 0x7f3c607b1fa8 0x0 0 0 2023/09/21 05:56:18.346 3
FIB: prefix_hdl:0xcd000023, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:79 {link_type:IP ifnum:0x1b, adj:0x90000026, si: 0x7f3c60989008 IPv4: 10.47.1.1 }
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Border Node 경로 확인 FED 프로그래밍 HTM 디코딩**
활성 fwd-asic 추상화 print-resource-handle <htm value> 1로 제공된 플랫폼 하드웨어를 show 명령에 HTM 값(0x7f3c607b1fa8)을 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607b1fa8 1 Handle:0x7f3c607b1fa8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c60888ed8 Features sharing this resource:Cookie length: 12 0c 01 2f 0a 00 00 00 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c60888ed8) Absolute Index: 62678 Time Stamp: 5 KEY - vrf:0 mtr:0 prefix:10.47.1.12 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:180 destined_to_us:0 hw_stats_idx:1 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:38 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**경계 노드 경로 확인 si_hdl 디코딩**
si_hdl, ri_hdl을 가져오려면 show platform software fed switch active ip adj <IP address> 명령을 사용합니다.
Border-1#show platform software fed switch active ip adj 10.47.1.12 IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.12 LISP0.4099 4500.0000.0000 0x7f3c607e17f8 0x7f3c60b09f88 0x60 0x130c 2023/09/21 05:56:31.052
si_hdl (0x7f3c607e17f8)을 가져와서 명령 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1에 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607e17f8 1 Handle:0x7f3c607e17f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60b09f88Hardware Indices/Handles: index0:0xbe mtu_index/l3u_ri_index0:0x0 index1:0xbe mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 48 65 84 60 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface
**경계 노드 경로 확인 재작성 인덱스 디코딩**
RI(0x24)를 가져와서 명령표시플랫폼 하드웨어 공급 스위치 활성 fwd-asic 리소스 asic all rewrite-index range <RI> <RI>를 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x24 0x24 ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 ASIC#:1 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
**경계 노드 경로 확인 대상 인덱스 디코딩**
DI(0x5012)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI> 명령을 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0
**경계 노드 경로 확인 ri_hdl 디코딩**
ri_hdl (0x7f3c60b09f88)을 가져와서 명령 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1에 사용합니다.
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60b09f88 1 Handle:0x7f3c60b09f88 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60807728Hardware Indices/Handles: index0:0x24 mtu_index/l3u_ri_index0:0x0 index1:0x24 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2d 00 00 00 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
보더 노드의 패브릭 에지 인그레스 PCAP
패킷은 여전히 VXLAN에서 캡슐화됩니다. 계속해서 내부 IP 주소가 아닌 RLOC와 일치하는 ACL을 사용하여 캡처를 필터링합니다.
Edge-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 12 0.876204 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=3/768, ttl=253 (request in 3) 17 2.614814 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=4/1024, ttl=253 (request in 14)
Ethernet II, Src: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3), Dst: 52:54:00:04:84:b1 (52:54:00:04:84:b1) -----> True MAC addresses Destination: 52:54:00:04:84:b1 (52:54:00:04:84:b1) Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x00e0 (224) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: UDP (17) Header checksum: 0x6613 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.10 Destination: 10.47.1.12 User Datagram Protocol, Src Port: 65345, Dst Port: 4789 Source Port: 65345 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.876204000 seconds] [Time since previous frame: 0.457213000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 Reserved: 0 Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:71:00 (00:00:00:00:71:00) Address: 00:00:00:00:71:00 (00:00:00:00:71:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x37ca (14282) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: ICMP (1) Header checksum: 0x279e [validation disabled] [Header checksum status: Unverified] Source: 8.8.8.8 Destination: 10.47.4.2 Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x2e16 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 3 (0x0003) Sequence number (LE): 768 (0x0300) [Request frame: 3] [Response time: 850.538 ms] Data (56 bytes)
개정 이력
| 개정 | 게시 날짜 | 의견 |
|---|---|---|
1.0 |
16-Mar-2026
|
최초 릴리스 |
피드백