Identificar e Solucionar Problemas de Fluxo de Tráfego Norte-Sul de Encaminhamento SDA
Contents
Introdução
Este documento descreve como validar o fluxo de tráfego norte-sul como parte do SDA (Software Defined Access).
Pré-requisitos
Requisitos
A Cisco recomenda que você tenha conhecimento destes tópicos:
- Encaminhamento de IP
- Protocolo de gateway de borda (BGP)
- Acesso definido por software (SD-Access)
Componentes Utilizados
As informações neste documento são baseadas nestas versões de software e hardware:
C9000v no Cisco IOS® XE 17.10.1
CSR1Kv no Cisco IOS® XE 17.3.6
SDA 1.0 (não LISP PubSub)
As informações neste documento foram criadas a partir de dispositivos em um ambiente de laboratório específico. Todos os dispositivos utilizados neste documento foram iniciados com uma configuração (padrão) inicial. Se a rede estiver ativa, certifique-se de que você entenda o impacto potencial de qualquer comando.
Produtos Relacionados
Este documento também pode ser usado com as seguintes versões de hardware e software:
- C9200
- C9300
- C9400
- C9500
- C9600
- Cisco IOS® XE 16.12 e posterior
Informações de Apoio
O Fluxo de Tráfego Norte-Sul do SDA refere-se ao conceito em que um endpoint que existe na estrutura do SDA e deseja se comunicar com um endpoint ou servidor, que não está na estrutura do SDA.
- Primeiro, o endpoint resolve o ARP para seu gateway padrão, que é o nó de borda de malha
- Em seguida, o ponto final envia o pacote IP em direção ao gateway padrão, que é o gateway Anycast no nó Borda de estrutura.
- O nó Borda de estrutura usa o Cisco Express Forwarding (CEF) para enviar o pacote, que o Locator ID Separator Protocol (LISP) direciona para o CEF.
- O nó Fabric Edge tem uma entrada map-cache para 0.0.0.0/0, rota padrão e a ação é encapsular todos os pacotes em direção ao Proxy Egress Tunnel Router (PETR) ou ao(s) SDA Fabric Border Node(s).
- O nó Fabric Edge encapsula o pacote IP original em VXLAN e encaminha o pacote para o(s) SDA Fabric Border Node(s).
- O nó de borda desencapsula o pacote e executa uma pesquisa de IP no endereço IP de destino do pacote original e encaminha o pacote para o próximo salto apropriado, que provavelmente é um roteador de fusão de upstream que não faz parte da estrutura do SDA.
- Em seguida, para o tráfego de retorno direcionado de volta para o ponto final dentro da Estrutura SDA, o pacote é recebido pelo Roteador Fusion e também executa uma pesquisa de IP no endereço IP de destino e o encaminha para o próximo salto apropriado, que é um nó de borda.
- O nó de borda de malha consulta o CEF derivado do LISP para determinar qual nó de borda de malha está associado ao ponto final, encapsula o pacote original em VXLAN e o envia para fora.
- A Borda de estrutura desencapsula o pacote e encaminha o pacote original para o endpoint.
Fluxo de trabalho básico
Topologia de referência
Para a finalidade deste exemplo, os switches C9000v funcionam como Borda de estrutura e Bordas agrupadas. Os Fusion Routers e o Internet Router são roteadores CSR1Kv. O ponto final em 10.47.4.2, que está na VLAN 1026 e parte da red_vn Virtual Network (VN), está tentando fazer ping em 8.8.8.8, que existe como uma interface Loopback0 no roteador de Internet.
Verificar o fluxo de tráfego norte-sul
Detalhes da configuração
Configuração de Edge-1 (10.47.1.12)
! hostname Edge-1 ! vrf definition red_vn ! address-family ipv4 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! ip routing ! ip dhcp relay information option ! ip dhcp snooping vlan 1025-1026 ip dhcp snooping vlan 1025-1026 proxy-bridge ip dhcp snooping vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! license boot level network-advantage addon dna-advantage license smart transport off ! system mtu 8978 diagnostic bootup level minimal ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso ! vlan 1025 name blue ! vlan 1026 name red ! vlan 2046 name VOICE_VLAN ! lldp run ! policy-map system-cpp-policy ! interface Loopback0 ip address 10.47.1.12 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface L2LISP0 ip access-group SDA-FABRIC-LISP in ip access-group SDA-FABRIC-LISP out ! interface L2LISP0.8188 ! interface L2LISP0.8190 ! interface GigabitEthernet1/0/1 no switchport ip address 10.47.1.1 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2 no switchport ip address 10.47.1.5 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable ! interface Vlan1025 description Configured from Cisco DNA-Center mac-address 0000.0c9f.fb87 vrf forwarding blue_vn ip address 10.47.7.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility blue-IPV4 ! interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 ! router lisp locator-table default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set ! locator default-set rloc_222e1707-175d-4019-a783-060404f8bc2f service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 091B4C08185447475E5A5D7A7970796A61 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 00531107050A5B535A77151E5B4D544E46 etr map-server 10.47.1.11 proxy-reply etr sgt no map-cache away-eids send-map-request use-petr 10.47.1.10 use-petr 10.47.1.11 proxy-itr 10.47.1.12 exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 055C040E201D1E5C4C534E42595855737F etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change dynamic-eid blue-IPV4 database-mapping 10.47.7.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf blue_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 8188 remote-rloc-probe on-route-change service ethernet eid-table vlan 1025 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 broadcast-underlay 239.0.17.2 flood arp-nd flood unknown-unicast database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! ipv4 locator reachability minimum-mask-length 32 ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4012.00 is-type level-2-only domain-password xxxxxx metric-style wide log-adjacency-changes nsf ietf !
Detalhes de configuração de Border-1 (10.47.1.10)
! hostname Border-1 ! vrf definition red_vn rd 1:4099 ! address-family ipv4 route-target export 1:4099 route-target import 1:4099 exit-address-family ! aaa new-model ! aaa authentication login default local aaa authorization exec default local if-authenticated ! aaa session-id common ! ip routing ! vtp mode transparent ! device-tracking tracking ! device-tracking policy IPDT_POLICY no protocol udp tracking enable ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! redundancy mode sso crypto engine compliance shield disable ! vlan 3001 name 3001 ! vlan 3002 name 3002 ! interface Loopback0 ip address 10.47.1.10 255.255.255.255 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 ! interface Loopback1026 description Loopback Border vrf forwarding red_vn ip address 10.47.4.1 255.255.255.255 ! interface LISP0 ! interface LISP0.4099 vrf forwarding red_vn ! interface LISP0.4100 vrf forwarding blue_vn ! interface GigabitEthernet1/0/1 description Uplink To Fusion Router 1 switchport mode trunk ! interface GigabitEthernet1/0/2 no switchport no ip address ! interface GigabitEthernet1/0/2.69 encapsulation dot1Q 69 ip address 10.47.1.8 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/2.421 encapsulation dot1Q 421 vrf forwarding red_vn ip address 10.47.9.1 255.255.255.252 ! interface GigabitEthernet1/0/3 no switchport ip address 10.47.1.0 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface GigabitEthernet1/0/4 no switchport ip address 10.47.1.2 255.255.255.254 no ip redirects ip pim sparse-mode ip router isis clns mtu 1400 isis network point-to-point ! interface Vlan3002 description vrf interface to External router vrf forwarding red_vn ip address 10.47.2.5 255.255.255.252 no ip redirects ip route-cache same-interface ! router lisp locator-table default locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 IPv4-interface Loopback0 priority 10 weight 10 auto-discover-rlocs exit-locator-set ! locator default-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 service ipv4 encapsulation vxlan itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 etr map-server 10.47.1.10 key 7 124E0716135A5C517F7D7D786161734A53 etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 040C09070E701C1B5C4F5C47405F5D5D7E etr map-server 10.47.1.11 proxy-reply etr sgt proxy-etr proxy-itr 10.47.1.10 map-server map-resolver exit-service-ipv4 ! service ethernet itr map-resolver 10.47.1.10 itr map-resolver 10.47.1.11 itr etr map-server 10.47.1.10 key 7 0758234D4F5849504244525C567E7A7D7C etr map-server 10.47.1.10 proxy-reply etr map-server 10.47.1.11 key 7 10190B180446425E5952737B767C626C76 etr map-server 10.47.1.11 proxy-reply etr map-server map-resolver exit-service-ethernet ! instance-id 4099 remote-rloc-probe on-route-change service ipv4 eid-table vrf red_vn database-mapping 10.47.2.4/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-red_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! instance-id 4100 remote-rloc-probe on-route-change service ipv4 eid-table vrf blue_vn database-mapping 10.47.2.0/30 locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 route-import database bgp 69420 route-map DENY-blue_vn locator-set rloc_9080ed56-a6c6-482d-9f46-28eda0e18501 sgt distribution sgt route-export site-registrations distance site-registrations 250 map-cache site-registration exit-service-ipv4 ! exit-instance-id ! site site_uci description map-server configured from Cisco DNA-Center authentication-key 7 091B4C08185447475E5A5D7A7970796A61 eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics eid-record instance-id 4099 10.47.4.0/24 accept-more-specifics eid-record instance-id 4100 0.0.0.0/0 accept-more-specifics eid-record instance-id 4100 10.47.7.0/24 accept-more-specifics eid-record instance-id 8188 any-mac eid-record instance-id 8190 any-mac exit-site ! ipv4 locator reachability exclude-default ipv4 source-locator Loopback0 exit-router-lisp ! router isis net 49.0000.1047.0000.4010.00 is-type level-2-only domain-password cisco123 metric-style wide log-adjacency-changes nsf ietf default-information originate ! router bgp 69420 bgp router-id interface Loopback0 bgp log-neighbor-changes bgp graceful-restart ! address-family ipv4 vrf blue_vn bgp aggregate-timer 0 network 10.47.2.0 mask 255.255.255.252 network 10.47.7.1 mask 255.255.255.255 aggregate-address 10.47.7.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.2 remote-as 65531 neighbor 10.47.2.2 update-source Vlan3001 neighbor 10.47.2.2 activate neighbor 10.47.2.2 weight 65535 neighbor 10.47.2.2 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! address-family ipv4 vrf red_vn bgp aggregate-timer 0 network 10.47.2.4 mask 255.255.255.252 network 10.47.4.1 mask 255.255.255.255 aggregate-address 10.47.4.0 255.255.255.0 summary-only redistribute lisp metric 10 neighbor 10.47.2.6 remote-as 65531 neighbor 10.47.2.6 update-source Vlan3002 neighbor 10.47.2.6 activate neighbor 10.47.2.6 weight 65535 neighbor 10.47.2.6 allowas-in neighbor 10.47.9.2 remote-as 69420 neighbor 10.47.9.2 activate neighbor 10.47.9.2 send-community both neighbor 10.47.9.2 next-hop-self neighbor 10.47.9.2 route-map tag_local_eids out exit-address-family ! ip community-list 1 permit 655370 ! ip prefix-list deny_0.0.0.0 seq 10 permit 0.0.0.0/0 ! ip prefix-list l3handoff-prefixes seq 914788097 permit 10.47.2.12/30 ip prefix-list l3handoff-prefixes seq 934060929 permit 10.47.2.8/30 ip prefix-list l3handoff-prefixes seq 934208897 permit 10.47.2.4/30 ip prefix-list l3handoff-prefixes seq 934356865 permit 10.47.2.0/30 ! ip prefix-list blue_vn seq 337301377 permit 10.47.7.0/24 ip prefix-list blue_vn seq 629796565 permit 0.0.0.0/0 ! ip prefix-list red_vn seq 629796565 permit 0.0.0.0/0 ip prefix-list red_vn seq 927849985 permit 10.47.4.0/24 ! route-map tag_local_eids permit 5 set community 655370 ! route-map DENY-blue_vn deny 5 match ip address prefix-list blue_vn ! route-map DENY-blue_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-blue_vn deny 15 match community 1 ! route-map DENY-blue_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-blue_vn permit 30 ! route-map DENY-red_vn deny 5 match ip address prefix-list red_vn ! route-map DENY-red_vn deny 10 match ip address prefix-list l3handoff-prefixes ! route-map DENY-red_vn deny 15 match community 1 ! route-map DENY-red_vn deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map DENY-red_vn permit 30 ! route-map deny_0.0.0.0 deny 25 match ip address prefix-list deny_0.0.0.0 ! route-map deny_0.0.0.0 permit 30 !
Verificação da borda da malha em direção ao endpoint SDA
Verificar a programação de endereços IPDT e MAC
Verifique o banco de dados IP Device-Tracking (IPDT) para garantir que haja uma entrada válida para o endpoint
Edge-1#show device-tracking database interface gig1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk 0004:Orig access
0008:Orig trusted trunk 0010:Orig trusted access 0020:DHCP assigned
0040:Cga authenticated 0080:Cert authenticated 0100:Statically assigned
Network Layer Address Link Layer Address Interface vlan prlvl age state Time left
DH4 10.47.4.2 5254.0019.93e9 Gi1/0/3 1026 0024 76s REACHABLE 165 s try 0(21276 s)
**Software MAC Address Programming**
Edge-1#show mac address-table address 5254.0019.93e9
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.0019.93e9 DYNAMIC Gi1/0/3 <--- Endpoint MAC address learnt dynamically in VLAN 1026
Total Mac Addresses for this criterion: 1
**Software FED MAC Address Programming**
Use o comando show platform software fed switch ative matm macTable vlan <vlan> mac <endereço mac>
Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026 5254.0019.93e9 0x1 9 0 0 0x7f65ec7bda68 0x7f65ec7c21f8 0x0 0x7f65ec6e1368 300 7 GigabitEthernet1/0/3 Yes
======platform hardware details ======
Asic: 0
htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3]
Asic: 1
SI = 0xc3 RI = 0x25 DI = 0x526e
DI = 0x526e pmap = 0x00000000 0x00000000
**MAC Address macHandle Programming**
Pegue o valor macHandle do comando anterior (0x7f65ec7bda68) e utilize no comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <macHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1
Entry 0: (handle 0x7f65ec95dc68)
Absolute Index: 6778
Time Stamp: 4
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================
**Verificação de MVID**
O número 7 na saída anterior é a ID da VLAN mapeada (MVID) no hardware. Para verificar se eles correspondem à vlan "real", use show platform software fed switch ative vlan <vlan number>
Edge-1#show platform software fed switch active vlan 1026
VLAN Fed Information
Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID
-----------------------------------------------------------------------------------------------------------------------
1026 0x0000000000420011 0x00007f65ec6a08b8 0x00007f65ec6a1138 0x00007f65ec77e838 0x000000000000001d 7
**Verificação do Número de Porta Global (GPN - Global Port Number)**
Para correlacionar o GPN com uma interface "real", use o comando show platform software fed switch ative ifm mappings gpn
Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table
GPN Interface IF_ID IF_TYPE
--------------------------------------------------------------------------------------------------
1 GigabitEthernet1/0/1 0x0000001a ETHER
2 GigabitEthernet1/0/2 0x0000001b ETHER
3 GigabitEthernet1/0/3 0x0000000b ETHER
**Programação de siHandle de Endereço MAC**
Pegue o valor siHandle do comando anterior (0x7f65ec7c21f8) e utilize o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <si_handle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3 mtu_index/l3u_ri_index0:0x0 index1:0xc3 mtu_index/l3u_ri_index1:0x0
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC
Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI)
RI = 0x25 <-- Rewrite Index contains the forwarding information
DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core
==============================================================
**Verificação de Índice de Regravação de Endereço MAC**
Pegue o valor de RI do comando anterior (0x25) e utilize no recurso básico fwd-asic ativo do switch alimentado por hardware show platform all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
**Verificação do Índice de Destino do Endereço MAC**
Pegue o valor de DI do comando anterior (0x526e) e utilize no fwd-asic resource asic do switch alimentado por hardware da plataforma todos os intervalos de índice de destino <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:
Destination index = 0x526e
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2.
pmap_intf : [GigabitEthernet1/0/3]
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x526e
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
**Verificação de porta**
Para correlacionar a porta vista anteriormente, use o comando show platform software fed switch ative ifm mappings e observe a coluna Port.
Edge-1#show platform software fed switch active ifm mappings
------------------ show platform software fed switch active ifm mappings ------------------
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y
GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y
GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y <-- Matches port 2 from previous output
**Verificação de Endereço MAC Alimentado por Hardware**
Esta saída em um cenário de trabalho/ideal corresponde ao que a decodificação macHandle forneceu.
Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 HEAD: MAC address 5254.0019.93e9 in VLAN 1026 KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0 MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0 DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0 Total Mac number of addresses:: 1
- O ID da VLAN no hardware (MVID) é 7
- Endereço MAC: 5254.0019.93e9
- GPN: 3
Verificar a conectividade ARP e IP
Edge-1#show ip arp vrf red_vn 10.47.4.2 ------------------ show ip arp vrf red_vn 10.47.4.2 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.4.2 156 5254.0019.93e9 ARPA Vlan1026
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 130/145/168 ms
Edge-1#show vlan id 1026 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1026 red active L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026
**Verificação do banco de dados L2 LISP**
Para verificar o banco de dados L2 LISP, use o comando show lisp instance-id <L2 LISP IID> ethernet database <mac address>
Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9 LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 2 5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC Uptime: 2d17h, Last-change: 2d17h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**Verificação do Banco de Dados de Resolução de Endereços (AR) L2 do LISP**
Para verificar o banco de dados L2 AR, use o comando show lisp instance-id <L2 LISP IID> ethernet database address-resolution <mac address>
Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9 LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190) (*) -> entry being deleted Hardware Address L3 InstID Host Address 5254.0019.93e9 4099 10.47.4.2/32 <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively
**Verificação do Banco de Dados L3 do LISP**
Para verificar o banco de dados L3 do LISP, use o comando show lisp instance-id <L3 LISP IID> ipv4 database <ipv4 address/subnet mask>
Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32 LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 1 10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address Uptime: 2d18h, Last-change: 2d18h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
Endpoint voltado para EPC (Embedded Packet Capture) de entrada da borda da estrutura
Neste ponto, você pode filtrar e fazer correspondência com os endereços IP verdadeiros (10.47.4.2 falando com 8.8.8.8), pois ainda não houve encapsulamento VXLAN. O pacote está ingressando no nó de borda de malha.
Edge-1(config)#ip access-list extended TAC Edge-1(config-ext-nacl)#permit ip host 10.47.4.2 host 8.8.8.8 Edge-1(config-ext-nacl)#permit ip host 8.8.8.8 host 10.47.4.2 Edge-1#monitor capture 1 interface g1/0/3 both access-list TAC Edge-1#monitor capture 1 start Started capture point : 1 Edge-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**Exibindo a captura de pacotes com uma breve palavra-chave**
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.006216 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=0/0, ttl=64 2 0.493181 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=0/0, ttl=253 (request in 1) 3 1.009602 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=1/256, ttl=64 4 1.437506 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=1/256, ttl=253 (request in 3) 5 2.025409 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=2/512, ttl=64 6 2.521520 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=2/512, ttl=253 (request in 5) 7 3.010566 10.47.4.2 -> 8.8.8.8 ICMP 98 Echo (ping) request id=0x000f, seq=3/768, ttl=64 8 3.420162 8.8.8.8 -> 10.47.4.2 ICMP 106 Echo (ping) reply id=0x000f, seq=3/768, ttl=253 (request in 7)
**Exibindo a captura de pacotes com palavra-chave detalhada**
Edge-1#show monitor capture 1 buffer display-filter "icmp.type==8" detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) -----> Endpoint SMAC and Anycast GW MAC
Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9b61 (39777)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x8107 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8EPC (Embedded Packet Capture, captura de pacotes incorporada) de saída da estrutura para nós de borda
Neste ponto, o pacote é encapsulado por VXLAN, sua ACL não pode corresponder aos endereços IP internos (10.47.4.2 e 8.8.8.8), você deve corresponder ao RLOC ao RLOC. Depois disso, você pode utilizar filtros do Wireshark para visualizar e examinar os endereços internos.
**Exibindo a captura de pacotes com uma breve palavra-chave**
Edge-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.025666 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=3/768, ttl=63 14 0.895095 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x0027, seq=4/1024, ttl=63
**Exibindo a captura de pacotes com palavra-chave detalhada**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> These are not the real MAC Addresses, does not capture L3 rewrite properly Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x063b (1595) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0x1db9 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.10 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 -----> VXLAN Destination Port Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 1] [Timestamps] [Time since first frame: 0.869429000 seconds] [Time since previous frame: 0.869429000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 -----> L3 LISP Instance ID tied to this VN Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN Header Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> Inner IPv4 Addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x380e (14350) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0xe55a [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 8.8.8.8 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xd8d0 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 4 (0x0004) Sequence number (LE): 1024 (0x0400) Data (56 bytes)
Verificação de Rota de Borda de Malha para Cliente Não SDA
Verificação de CEF e LISP de borda de malha
LISP direciona o que o CEF faz ao encaminhar o pacote
Edge-1#show lisp instance-id 4099 ipv4 map-cache 0.0.0.0/0 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 0.0.0.0/0, uptime: 3d02h, expires: never, via static-send-map-request Sources: static-send-map-request State: send-map-request, last modified: 3d02h, map-source: local Exempt, Packets out: 24481(14099580 bytes), counters are not accurate (~ 00:00:46 ago) Configured as EID address space Encapsulating to proxy ETR <-- Send the packet to the Proxy Egress Tunnel Router
Edge-1#show run | include use-petr use-petr 10.47.1.10 <-- These PETRs are used for packet forwarding use-petr 10.47.1.11 <-- These PETRs are used for packet forwarding
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
Verificação de rota FMAN RP
Para verificar a rota de uma perspectiva FMAN RP, use o comando show platform software ip switch ative r0 cef prefix <network address/subnet mask> detail
Edge-1#show platform software ip switch active r0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Convert 0x4f from hex to decimal, result is 79 Prefix Flags: Default OM handle: 0x34802330f0
Como há dois próximos saltos disponíveis, a tabela de encaminhamento usa um objeto de balanceamento de carga, use o comando show platform software loadinfo switch ative r0 index <convert hex to decimal of OBJ_LOADBALANCE>
Edge-1#show platform software loadinfo switch active r0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 OM handle: 0x34803abbf8
Pegue o identificador obj do comando anterior e utilize em show platform software adjacency switch ative r0 index <obj handle>
Edge-1#show platform software adjacency switch active r0 index 0x55 Number of adjacency objects: 25 Adjacency id: 0x55 (85) Interface: GigabitEthernet1/0/1, IF index: 26, Link Type: MCP_LINK_IP Encap: 52:54:0:a:42:f3:52:54:0:4:84:b1:8:0 -----> 5254.000a.42f3 (DMAC) 5254.0000.0004.00b1 (SMAC) 0800 (ETYPE) (ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.0 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x3480270910
Pegue o identificador obj do comando anterior e utilize em show platform software adjacency switch ative r0 index <obj handle>
Edge-1#show platform software adjacency switch active r0 index 0x4c Number of adjacency objects: 25 Adjacency id: 0x4c (76) Interface: GigabitEthernet1/0/2, IF index: 27, Link Type: MCP_LINK_IP Encap: 52:54:0:1c:7d:e0:52:54:0:4:84:a3:8:0 -----> 5254.001c.7de0 (DMAC) 5254.00004.84a3 (SMAC) 0800(ETYPE) Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.1.4 IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803991c0
As entradas ARP correspondem aos endereços IP do próximo salto
Edge-1#show ip arp g1/0/1 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.1 - 5254.0004.84b1 ARPA GigabitEthernet1/0/1 Internet 10.47.1.0 63 5254.000a.42f3 ARPA GigabitEthernet1/0/1
Edge-1#show ip arp g1/0/2 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.1.5 - 5254.0004.84a3 ARPA GigabitEthernet1/0/2 Internet 10.47.1.4 47 5254.001c.7de0 ARPA GigabitEthernet1/0/2
Verificação de rota FMAN FP
Para verificar a rota de uma perspectiva FMAN FP, use o comando show platform software ip switch ative f0 cef prefix <network/subnet mask> detail
Edge-1#show platform software ip switch active f0 cef prefix 0.0.0.0/0 detail Forwarding Table 0.0.0.0/0 -> OBJ_LOADBALANCE (0x4f), urpf: 82 -----> Matches the OBJ_LOADBALANCE object that FMAN RP had Prefix Flags: Default aom id: 165, HW handle: (nil) (created) -----> Object ID that is used in the next command
Pegue o valor de id de aom do comando anterior e use em show platform software object-manager switch ative f0 object <aom id value>
Edge-1#show platform software object-manager switch active f0 object 165 Object identifier: 165 Description: PREFIX 0.0.0.0/0 (Table id 0) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0x37e9e498
Edge-1#show platform software object-manager switch active f0 object 165 parents Object identifier: 21 Description: ipv4 table 0 (Default), vrf id 0 Status: Done Object identifier: 1451 Description: uRPF-list(hdl=0x00000052) Status: Done Object identifier: 1452 Description: LB 0x4f -----> This load balance object is the same that was observed in previous output, decimal 79 Status: Done
Semelhante ao FMAN RP, use show platform software loadinfo switch ative f0 <convert hex to decimal of the LB object> para ver essas informações de uma perspectiva FMAN FP
Edge-1#show platform software loadinfo switch active f0 index 79 Number of loadinfo objects: 5 Index: 0x4f, Flags: unknown, Hash Algorithm: , Number of Paths: 2, Number of buckets: 16 Anti-polarising Factor: 0xc90f3ff0 Next Object Type: OBJ_ADJACENCY, OBJ_ADJACENCY Next obj handle: 0x55, 0x4c -----> These objects are used in the next command Hash Buckets: 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1 Color Buckets Map: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 aom id: 1452, HW handle: (nil)
Pegue o identificador obj do comando anterior e utilize em show platform software adjacency switch ative f0 index <obj handle>
Edge-1#show platform software object-manager switch active f0 object 0x55 Object identifier: 85 Description: intf L2LISP0, handle 23, hw handle 23, HW dirty: NONE AOM dirty NONE Obj type id: 31 Obj type: dpidb-config Status: Done, Epoch: 0, Client data: 0x37e8e5f8
Edge-1#show platform software object-manager switch active f0 object 0x4c Object identifier: 76 Description: Tx Channel Vlan1026, handle 29, hw handle 29, flag 0x0, dirty hw: NONE dirty aom NONE Obj type id: 33 Obj type: txchan-config Status: Done, Epoch: 0, Client data: 0x37e896a8
Verificação de rota de FED
Para verificar a rota de uma perspectiva de FED, use o comando show platform software fed switch ative ip route <network/subnet mask>
Edge-1#show platform software fed switch active ip route 0.0.0.0/0
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 0.0.0.0/0 0x7f65ec862228 0x0 0 0 2023/09/21 05:56:21.484 1
FIB: prefix_hdl:0xdd000001, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 ----> Decimal 79 is hex 0x4F
mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0
modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0
bwalk:[req:0 in_prog:0 nested:0]
AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1)
hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458
ADJ:objid:85 {link_type:IP ifnum:0x1a, adj:0xa7000028, si: 0x7f65ec8b8468 IPv4: 10.47.1.0 } <-- Decimal 85 is hex 0x55
ADJ:objid:76 {link_type:IP ifnum:0x1b, adj:0x62000026, si: 0x7f65ec8a5458 IPv4: 10.47.1.4 } <-- Decimal 76 is hex 0x4c
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Decodificação HTM de Verificação de Rota FED**
Pegue o valor htm do comando anterior (0x7f65ec86228) e use no comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <valor htm> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec862228 1 Handle:0x7f65ec862228 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec846388 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f65ec846388) Absolute Index: 92658 Time Stamp: 446 KEY - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 MASK - vrf:4095 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:3 afdLabelOrDestClientId:0 SI:65281 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:1 need_to_learn:1 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:1 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:1 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:1 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**Decodificação de Objeto ECR de Verificação de Rota FED**
Como a rota usa dois próximos caminhos disponíveis, verifique o roteamento de custo igual (ECR) com o comando show platform software fed switch ative ip ecr e procure o objeto de balanceamento de carga como um obj_id
Edge-1#show platform software fed switch active ip ecr IPV4 ECR table <snip> Entry 3 obj_id 0x4f Num Choices 0x2 Flags 0x00000000 Index 0x7f65ec8029f8 -----> Hex 0x4f to decimal is 79 LB:obj_id:79 ecr_map_objid:0 link_type:IP num_choices:2 Flags:0 mpls_ecr:0 local_label:1048576 path_inhw:2 ecrh:0x7500000c old_ecrh:0 modify_cnt:0 bwalk_cnt:0 subwalk_cnt:0 finish_cnt:0 bwalk:[req:0 in_prog:0 nested:0] AAL: ecr:id:1962934284 af:0 ecr_type:0 ref:1 ecrh:0x7f65ec8029f8(28:1) hwhdl:3967822328 ::0x7f65ec8b8468,0x7f65ec8a5458,0x7f65ec8b8468,0x7f65ec8a5458 Adj IP 10.47.1.0 adj_id 0x55 SI 0x7f65ec8b8468 -----> The IPv4 next-hop, this adjacency ID has been seen previously Adj IP 10.47.1.4 adj_id 0x4c SI 0x7f65ec8a5458 -----> The IPv4 next-hop, this adjacency ID has been seen previously <snip>
**Decodificação do Índice ECR de Verificação de Rota FED**
Pegue o índice visto no comando anterior (0x7f65ec8029f8) e use em show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <ecr index> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8029f8 1 Handle:0x7f65ec8029f8 Res-Type:ASIC_RSC_LV2_ECR Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x1 mtu_index/l3u_ri_index0:0x0 index1:0x1 mtu_index/l3u_ri_index1:0x0 Cookie length: 128 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 68 84 8b ec 65 7f 00 00 58 54 8a ec 65 7f 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Equal Cost Routing Level2 (ECR lv2) [0x1] lv2StationIndex0 = 0xb1 ------> This Station Index is associated with one next-hop adjacency SI handle0 = 0 lv2StationIndex1 = 0xbc ------> This Station Index is associated with one next-hop adjacency SI handle1 = 0
Verificação de próximo salto LISP de borda de malha
Para capturar os próximos saltos do LISP, verifique a rota no CEF no VRF
Edge-1#show ip cef vrf red_vn 8.8.8.8 0.0.0.0/0 nexthop 10.47.1.10 LISP0.4099 nexthop 10.47.1.11 LISP0.4099
Verificação LISP Next-Hop Route FED
Para obter valores si_hdl ou ri_hdl, use o comando show platform software fed switch ative ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
Decodificação si_hdl do próximo salto LISP
Pegue o si_hdl (0x7f65ec8a9b38) e utilize no comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9b38 1 Handle:0x7f65ec8a9b38 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a9d58Hardware Indices/Handles: index0:0xbf mtu_index/l3u_ri_index0:0x0 index1:0xbf mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbf] -----> Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x20 -----> Rewrite Index = Rewrite information for L3 forwarding DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD
Decodificação do índice de regravação do próximo salto do LISP
Para decodificar o índice de regravação (0x20) e utilizar no comando show platform hardware fed switch ative fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x20 0x20 ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, ----> Dummy VXLAN MAC Address Src IP: 10.47.1.12 ----> FE RLOC Dst IP: 10.47.1.10 ----> BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46
Decodificação do Índice de Destino do Próximo Salto do LISP
Para decodificar o Índice de Destino (0x5012) e utilizar no comando show platform hardware fed switch ative fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 al_rsc_cmi ASIC#1: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port used for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi
Decodificação ri_hdl do próximo salto LISP
Para decodificar o ri_hdl, pegue o valor (0x7f65ec8a9d58) e utilize no comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <di_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a9d58 1 Handle:0x7f65ec8a9d58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8aa2c8Hardware Indices/Handles: index0:0x20 mtu_index/l3u_ri_index0:0x0 index1:0x20 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0a ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:32 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, <-- Dummy VXLAN MAC Src IP: 10.47.1.12 <-- FE RLOC Dst IP: 10.47.1.10 <-- BN RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ==============================================================
Verificação de Próximo Salto da Estrutura de Borda Subjacente
Para identificar os endereços IP do próximo salto subjacente para acessar os próximos saltos do LISP, verifique a tabela de roteamento
Edge-1#show ip route 10.47.1.10 Routing entry for 10.47.1.10/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.0 on GigabitEthernet1/0/1, 07:10:11 ago Routing Descriptor Blocks: * 10.47.1.0, from 10.47.1.10, 07:10:11 ago, via GigabitEthernet1/0/1 Route metric is 20, traffic share count is 1
Edge-1#show ip route 10.47.1.11 Routing entry for 10.47.1.11/32 Known via "isis", distance 115, metric 20, type level-2 Redistributing via isis Last update from 10.47.1.4 on GigabitEthernet1/0/2, 1w1d ago Routing Descriptor Blocks: * 10.47.1.4, from 10.47.1.11, 1w1d ago, via GigabitEthernet1/0/2 Route metric is 20, traffic share count is 1
Para obter as informações do si_hdl, use o comando show platform software fed switch ative ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4099 4500.0000.0000 0x7f65ec8a9b38 0x7f65ec8a9d58 0x60 0x26 2023/09/19 17:57:35.214 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.1.11 LISP0.4099 4500.0000.0000 0x7f65ec7bb498 0x7f65ec7ba608 0x60 0x29 2023/09/19 17:57:35.214
Subjacente à Decodificação si_hdl da Verificação de Próximo Salto
Para decodificar o si_hdl, use o si_hdl (0x7f65ec8a5458) e use o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was already seen RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD -----> Local Data, indicating that this ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbc] -----> The 0xbc Station Index was seen previously RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD -----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core. ==============================================================
Decodificação Subjacente do Índice de Regravação da Verificação do Próximo Salto
Para decodificar o índice de regravação (0x1a) e utilizar no comando show platform hardware fed switch ative fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38
Subjacente à Decodificação ri_hdl da Verificação do Próximo Salto
Para decodificar o si_hdl, use o ri_hdl (0x7f65ec8a4eb8) e use o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <ri_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1 Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a mtu_index/l3u_ri_index0:0x0 index1:0x1a mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ==============================================================
EPC de ingresso de nó de borda do nó de borda de malha
Lembre-se, o pacote é VXLAN encapsulado agora, você não pode fazer a correspondência com uma ACL nos endereços IP internos, você deve fazer a correspondência com RLOC para RLOC e, em seguida, você pode usar filtros do Wireshark para procurar e filtrar os endereços IP internos.
Border-1(config)#ip access-list extended TAC Border-1(config-ext-nacl)#permit ip host 10.47.1.12 host 10.47.1.10 Border-1(config-ext-nacl)#permit ip host 10.47.1.10 host 10.47.1.12 Border-1#monitor capture 1 interface g1/0/3 both access-list TAC Border-1#monitor capture 1 start Started capture point : 1 Border-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 14 seconds Packets received - 16 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected
**Visualização da captura de pacotes com uma breve palavra-chave**
Border-1#show monitor capture 1 buffer display-filter “icmp.type==8” brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 3 0.483114 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 4 0.490667 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=0/0, ttl=63 7 1.461263 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 8 1.469756 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=1/256, ttl=63 11 2.480293 10.47.4.2 -> 8.8.8.8 ICMP 148 Echo (ping) request id=0x001e, seq=2/512, ttl=63
**Visualização da captura de pacotes com palavra-chave detalhada**
Ethernet II, Src: 52:54:00:04:84:b1 (52:54:00:04:84:b1), Dst: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) <--- SMAC (G1/0/1 of FE Node) DMAC (G1/0/3 of BN)
Destination: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.10 -----> RLOC of FE Node, RLOC of BN
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x0490 (1168)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x2064 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.12
Destination: 10.47.1.10
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
Source Port: 65354
Destination Port: 4789 -----> VXLAN Destination Port
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099 -----> L3 LISP ID tied to this VN
Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy Ethernet Header
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> PC Source IP Address Destination IP address
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0xa41e (42014)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x794a [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xfa72 [correct]
[Checksum Status: Good]
Identifier (BE): 30 (0x001e)
Identifier (LE): 7680 (0x1e00)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (56 bytes)
Verificação de Rota de Nó de Borda para Cliente Não SDA
Verificação de Rota de Nó de Borda Programação IOS
Border-1#show ip route vrf red_vn 8.8.8.8 Routing Table: red_vn Routing entry for 8.8.8.8/32 Known via "bgp 69420", distance 20, metric 0 Tag 65531, type external Redistributing via lisp Last update from 10.47.2.6 03:28:39 ago Routing Descriptor Blocks: * 10.47.2.6, from 10.47.2.6, 03:28:39 ago opaque_ptr 0x7F08285F3C00 Route metric is 0, traffic share count is 1 AS Hops 1 Route tag 65531 MPLS label: none MPLS Flags: NSF
Verificação CEF de Rota de Nó de Borda
Border-1#show ip cef vrf red_vn 8.8.8.8 8.8.8.8/32 nexthop 10.47.2.6 Vlan3002
Border-1#show ip vrf detail red_vn | include Table ID Address family ipv4 unicast (Table ID = 0x3): -----> Used in the next command, use the integer that comes after 0x
Verificação FMAN RP de programação de rota de nó de borda
Border-1#show platform software ip switch active r0 cef table index 3 prefix 8.8.8.8/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 8.8.8.8/32 OBJ_ADJACENCY 0x1239 -----> Index used in the next command Border-1#show ip arp vrf red_vn vlan 3002 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 142 001e.4982.54bf ARPA Vlan3002 -----> Next Hop
Verificação FP FMAN de programação de rota de nó de borda
Border-1#show platform software ip switch active f0 cef table index 3 prefix 8.8.8.8/32 detail Forwarding Table 8.8.8.8/32 -> OBJ_ADJACENCY (0x1239), urpf: 4669 -----> Matches the index from FMAN RP Prefix Flags: unknown aom id: 32123, HW handle: (nil) (created) <-- Used in the next command
Decodificação de objeto FP FMAN de programação de rota de nó de borda
Pegue o aom id da saída anterior e use no comando show platform software object-manager switch ative f0 object <aom id>
Border-1#show platform software object-manager switch active f0 object 32123 Object identifier: 32123 Description: PREFIX 8.8.8.8/32 (Table id 3) Obj type id: 71 Obj type: route-pfx Status: Done, Epoch: 0, Client data: 0xc630b208 Border-1#show platform software object-manager switch active f0 object 32123 parents Object identifier: 30 Description: ipv4 table 3 (red_vn), vrf id 3 Status: Done Object identifier: 32669 Description: adj 0x1239, Flags None -----> Convert 0x1239 to decimal, get 4665 Status: Done Object identifier: 32675 Description: uRPF-list(hdl=0x0000123d) Status: Done
Pegue o valor de ajuste anterior em decimal e use o comando show platform software adjacency switch ative f0 index <decimal of adj value>
Border-1#show platform software adjacency switch active f0 index 4665 Number of adjacency objects: 27 Adjacency id: 0x1239 (4665) Interface: Vlan3002, IF index: 30, Link Type: MCP_LINK_IP -----> Next-hop interface towards Fusion Router Encap: 0:1e:49:82:54:bf:52:54:0:a:42:e6:8:0 -----> DMAC 001e.4982.54bf SMAC 5254.000a.42e6 0x800 ETYPE Encap Length: 14, Encap Type: MCP_ET_ARPA, MTU: 8978 Flags: no-l3-inject Incomplete behavior type: None Fixup: unknown Fixup_Flags_2: unknown Nexthop addr: 10.47.2.6 IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 32669, HW handle: (nil) (created)
Programação FED de Verificação de Rota de Nó de Borda
Para verificar a rota no FED, use o comando show platform software fed switch ative ip route vrf <vrf name> <network/subnet mask>
Border-1#show platform software fed switch active ip route vrf red_vn 8.8.8.8/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
3 8.8.8.8/32 0x7f3c607c3878 0x0 0 0 2023/09/25 14:09:10.866 3
FIB: prefix_hdl:0xd50001e0, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:4665 {link_type:IP ifnum:0x1e, adj:0xdf0000c6, si: 0x7f3c608a8ed8 IPv4: 10.47.2.6 } -----> 4665 matches FMAN FP Object
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Decodificação HTM de Verificação de FED de Programação de Rota de Nó de Borda**
Pegue o valor htm (0x7f3c607c3878) e use o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <htm> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607c3878 1 Handle:0x7f3c607c3878 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c607c9288 Features sharing this resource:Cookie length: 12 08 08 08 08 00 00 03 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c607c9288) Absolute Index: 62770 Time Stamp: 7 KEY - vrf:3 mtr:0 prefix:8.8.8.8 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:1 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:183 destined_to_us:0 hw_stats_idx:6 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:42 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
Para verificar o dst_mac, verifique o ARP no VRF
Border-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.2.6 Vlan3002 001e.4982.54bf 0x7f3c608a8ed8 0x7f3c60ad52c8 0x0 0x1239 2023/09/19 23:22:32.582 Border-1#show ip arp vrf red_vn vlan 3002 ------------------ show ip arp vrf red_vn Vlan3002 ------------------ Protocol Address Age (min) Hardware Addr Type Interface Internet 10.47.2.5 - 5254.000a.42e6 ARPA Vlan3002 Internet 10.47.2.6 33 001e.4982.54bf ARPA Vlan3002
**Decodificação si_hdl de programação FED de verificação de rota de nó de borda**
Use o valor si_hdl (0x7f3c608a8ed8) e use o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c608a8ed8 1 Handle:0x7f3c608a8ed8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2 priv_ri/priv_si Handle: 0x7f3c60ad52c8Hardware Indices/Handles: index0:0xb7 mtu_index/l3u_ri_index0:0x0 index1:0xb7 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] 57 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xb7] -----> 0xb7 converted from hex to decimal is 183 which was seen on slide 79 RI = 0x1b -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526a -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data. This ASIC is directly connected to the adjacency interface
***Decodificação de Índice de Reescrita de Programação FED de Verificação de Rota de Nó de Borda**
Pegue o valor de RI (0x1b) e use o comando show platform hardware fed switch ative fwd-asic resource asic all rewrite-index range <RI> <RI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1b 0x1b ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42
***Decodificação do Índice de Destino da Programação de FED da Verificação de Rota de Nó de Borda**
Pegue o valor de DI (0x526a) e use no comando show platform hardware fed switch ative fwd-asic resource asic all destination-index range <DI> <DI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526a 0x526a ASIC#0: Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] ASIC#1: Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
***Decodificação ri_hdl de programação FED de verificação de rota de nó de borda**
Pegue o valor ri_hdl (0x7f3c60ad52c8) e use em show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60ad52c8 1 Handle:0x7f3c60ad52c8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c6088a538Hardware Indices/Handles: index0:0x1b mtu_index/l3u_ri_index0:0x0 index1:0x1b mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 ba 0b 00 00 00 00 00 00 00 00 00 00 07 00 00 1e 49 82 54 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 27 is 0x1b in hex, which is the RI MAC Addr: MAC Addr: 00:1e:49:82:54:bf, -----> MAC address 001e.4982.54bf for the next-hop 10.47.2.6 L3IF LE Index 42 ==============================================================
Verificação de Endereço MAC do Próximo Salto do Nó de Borda
**Verificação de Endereço MAC IOS e FMAN RP**
Border-1#show mac address-table address 001e.4982.54bf Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 3001 001e.4982.54bf DYNAMIC Gi1/0/1 3002 001e.4982.54bf DYNAMIC Gi1/0/1 Total Mac Addresses for this criterion: 2 Border-1#show platform software matm switch active r0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 OM: 0x348038a100 List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 OM: 0x34803a15d0 List of Ports: 9 -----> This indicates if-id 9
**Verificação de Endereço MAC do Próximo Salto FMAN FP**
Border-1#show platform software matm switch active f0 mac 001e.4982.54bf Tbl_Type Tbl_ID MAC_Address Type ECBits Ports AOM_ID/OM_PTR MAT_VLAN 3001 001e.4982.54bf 1 0 1 32668 created List of Ports: 9 MAT_VLAN 3002 001e.4982.54bf 1 0 1 32653 created List of Ports: 9
Border-1#show platform software object-manager switch active f0 object 32653 Object identifier: 32653 Description: matm mac entry type VLAN, id 3002, 001e.4982.54bf Obj type id: 455 Obj type: MATM mac entry Status: Done, Epoch: 0, Client data: 0xc6300468
Border-1#show platform software object-manager switch active f0 object 32653 parents Object identifier: 40 Description: intf GigabitEthernet1/0/1, handle 9, hw handle 9, HW dirty: NONE AOM dirty NONE Status: Done Object identifier: 133 Description: matm table type VLAN, id 3002 Status: Done
Border-1#show platform software fed switch active ifm if-id 9 Interface IF_ID : 0x0000000000000009 Interface Name : GigabitEthernet1/0/1
**Verificação de Endereço MAC do Próximo Salto FED**
Border-1#show platform software fed switch active matm macTable vlan 3002 mac 001e.4982.54bf VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3002 001e.4982.54bf 0x1 13 0 0 0x7f3c607bcee8 0x7f3c608a8ed8 0x0 0x7f3c606a76c8 300 13 GigabitEthernet1/0/1 Yes Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c606a76c8 1 Handle:0x7f3c606a76c8 Res-Type:ASIC_RSC_DI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_IFM Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: index0:0x526a mtu_index/l3u_ri_index0:0x0 index1:0x526a mtu_index/l3u_ri_index1:0x0 Cookie length: 56 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000001 -----> Convert 1 to binary = 0001 and then count from right to left, zero based, so Port 0 pmap_intf : [GigabitEthernet1/0/1] Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Destination index = 0x526a pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 Border-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x9 0 0 0 0 0 1 0 1 1 NIF Y
EPC de saída de nó de borda para roteador de fusão
Neste ponto, você pode filtrar em relação aos endereços IP originais, o cabeçalho da VXLAN foi removido e está sendo encaminhado normalmente para o roteador de fusão.
Border-1#show monitor capture 1 buffer display-filter icmp.type==8 brief Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.050 UTC Tue Sep 26 2023 Starting the packet display ........ Press Ctrl + Shift + 6 to exit Load for five secs: 1%/0%; one minute: 1%; five minutes: 1% No time source, *14:39:19.057 UTC Tue Sep 26 2023 22 7.280477 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=0/0, ttl=63 23 7.316435 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=1/256, ttl=63 30 8.307929 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=2/512, ttl=63 37 9.743485 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=3/768, ttl=63 40 10.312823 10.47.4.2 -> 8.8.8.8 ICMP 106 Echo (ping) request id=0x0023, seq=4/1024, ttl=63
**Exibindo a captura de pacotes com palavra-chave detalhada**
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) -----> Does not capture L3 rewrite properly
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: CiscoMetaData (0x8909)
Cisco MetaData
Version: 1
Length: 1
Options: 0x0001
SGT: 0
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 8.8.8.8 -----> True IPv4 source and destination
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x97b1 (38833)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x85b7 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 8.8.8.8
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xade9 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 4 (0x0004)
Sequence number (LE): 1024 (0x0400)
Data (56 bytes)
EPC de entrada de nó de borda do roteador de fusão
Neste ponto, você pode filtrar em relação aos endereços IP originais, o cabeçalho da VXLAN foi removido e está sendo encaminhado normalmente para o roteador de fusão.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 26 7.486005 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=0/0, ttl=254 (request in 22) 28 7.602492 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=1/256, ttl=254 (request in 23) 31 8.418010 8.8.8.8 -> 10.47.4.2 ICMP 102 Echo (ping) reply id=0x0023, seq=2/512, ttl=254 (request in 30)
**Exibindo a captura de pacotes com palavra-chave detalhada**
Ethernet II, Src: 00:1e:49:82:54:bf (00:1e:49:82:54:bf), Dst: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Destination: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
Address: 52:54:00:0a:42:e6 (52:54:00:0a:42:e6)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
Address: 00:1e:49:82:54:bf (00:1e:49:82:54:bf)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 3002
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 1011 1011 1010 = ID: 3002
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x9767 (38759)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0xc700 [validation disabled]
[Header checksum status: Unverified]
Source: 8.8.8.8
Destination: 10.47.4.2
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x4509 [correct]
[Checksum Status: Good]
Identifier (BE): 35 (0x0023)
Identifier (LE): 8960 (0x2300)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
[Request frame: 22]
[Response time: 205.528 ms]
Data (56 bytes)
EPC de saída de nó de borda em direção ao nó de borda de malha
O pacote agora é encapsulado por VXLAN, você precisa filtrar de RLOC para RLOC, você não pode filtrar e fazer correspondência nos endereços IP internos na ACL que é usada como parte do EPC.
Border-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 21 39.264201 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=0/0, ttl=253 (request in 20) 25 40.291940 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=1/256, ttl=253 (request in 24) 29 41.339627 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=2/512, ttl=253 (request in 28) 37 43.626400 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0026, seq=3/768, ttl=253 (request in 34)
**Exibindo a captura de pacotes com palavra-chave detalhada**
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) -----> Does not properly capture L3 rewrite
Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 134
Identification: 0x00d3 (211)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: UDP (17)
Header checksum: 0x6520 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.10
Destination: 10.47.1.12
User Datagram Protocol, Src Port: 65345, Dst Port: 4789
Source Port: 65345
Destination Port: 4789
Length: 114
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 1]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 4099
Reserved: 0
Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses
Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 00:00:00:00:71:00 (00:00:00:00:71:00)
Address: 00:00:00:00:71:00 (00:00:00:00:71:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IPv4 addresses
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x6f66 (28518)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
Verificação de nó de borda em direção ao ponto final SDA
Verificação LISP de nó de borda em direção ao ponto final SDA
Border-1#show lisp instance-id 4099 ipv4 map-cache 10.47.4.2 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 10.47.4.2/32, uptime: 6d17h, expires: 23:08:02, via map-reply, complete Sources: map-reply, site-registration State: complete, last modified: 5d12h, map-source: 10.47.1.12 Exempt, Packets out: 58101(33464626 bytes), counters are not accurate (~ 00:00:09 ago) Configured as EID address space Locator Uptime State Pri/Wgt Encap-IID 10.47.1.12 5d12h up 10/10 - <-- RLOC of the FE node Last up-down state change: 5d12h, state change count: 1 Last route reachability change: 5d12h, state change count: 1 Last priority / weight change: never/never RLOC-probing loc-status algorithm: Last RLOC-probe sent: 00:51:57 (rtt 266ms)
Verificação de Rota CEF e FMAN RP de Nó de Borda
Para verificar a rota em direção ao endpoint, verifique o CEF e determine também o ID de VRF que é usado em comandos subsequentes
Border-1#show ip cef vrf red_vn 10.47.4.2 10.47.4.2/32 nexthop 10.47.1.12 LISP0.4099
Border-1#show ip vrf detail red_vn | i VRF Id VRF red_vn (VRF Id = 3); default RD 1:4099; default VPNID <-- VRF Id is used later
Border-1#show platform software ip switch active r0 cef table index 3 prefix 10.47.4.2/32 Forwarding Table Prefix/Len Next Object Index ---------------------------------------------------------------- 10.47.4.2/32 OBJ_PUSH_COUNTE 0x124c <-- Use in the next command
Verificação de Rota FP FMAN de Nó de Borda
Pegue o índice (0x124c) e use no comando show platform software push-counter switch ative f0 index <index>
Border-1#show platform software push-counter switch active f0 index 0x124c Number of Push Counter oce entries: 6 Index Type Next Object Index Cef Misc Data ------------------------------------------------------------------------------------------------ 0x124c PPC OBJ_ADJACENCY 0x130c aom id: 32712, HW info: (nil) (created) <-- Index is used in the next command
Para verificar o RP FMAN do objeto, use o comando show platform software adjacency switch ative r0 index <index>
Border-1#show platform software adjacency switch active r0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 OM handle: 0x34803a0c18
Para verificar FMAN FP do objeto, use o comando show platform software adjacency switch ative f0 index <index>
Border-1#show platform software adjacency switch active f0 index 0x130c Number of adjacency objects: 27 Adjacency id: 0x130c (4876) Interface: LISP0.4099, IF index: 24, Link Type: MCP_LINK_IP Next Object Type: OBJ_ADJACENCY, Handle: 79 Flags: midchain IP FRR MCP_ADJ_IPFRR_NONE 0 aom id: 33287, HW handle: (nil) (created)
Programação FED de Verificação de Rota de Nó de Borda
Para verificar o FED, use o comando show platform software fed switch ative ip route <ip address/subnet mask>
Border-1#show platform software fed switch active ip route 10.47.1.12/32
vrf dest htm flags SGT DGID MPLS Last-modified SecsSinceHit
--- ---- --- ----- --- ---- ---- ------------------------ ------------
0 10.47.1.12/32 0x7f3c607b1fa8 0x0 0 0 2023/09/21 05:56:18.346 3
FIB: prefix_hdl:0xcd000023, mpls_ecr_prefix_hdl:0, sgtOverWrite: 0
========== OCE chain =====
ADJ:objid:79 {link_type:IP ifnum:0x1b, adj:0x90000026, si: 0x7f3c60989008 IPv4: 10.47.1.1 }
===============
MPLS info: mpls_ecr_scale_prefix_adj:0, mpls_lspa_hdl:0
===============
**Verificação de Rota de Nó de Borda FED Programming HTM Decode**
Use o valor HTM (0x7f3c607b1fa8) no comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <htm value> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607b1fa8 1 Handle:0x7f3c607b1fa8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_IPV4_L3_UNICAST ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f3c60888ed8 Features sharing this resource:Cookie length: 12 0c 01 2f 0a 00 00 00 d0 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f3c60888ed8) Absolute Index: 62678 Time Stamp: 5 KEY - vrf:0 mtr:0 prefix:10.47.1.12 rcp_redirect_index:0x0 MASK - vrf:0 mtr:0 prefix:0.0.0.0 rcp_redirect_index:0x0 FWD-AD = afd_label_flag:0 icmp_redir_enable:1 lvx_smr_enabled:0, dstNatType:0 priority:5 afdLabelOrDestClientId:0 SI:180 destined_to_us:0 hw_stats_idx:1 stats_id:0 redirectSetRouterMac:0 dgtIdx:0 destModIndex:0 dstNatTypeOrVpnPrefixPtrMsb:0 vpnPrefixPtr:0 vpn prefix flag:0 SRC-AD:learning_violation:0 need_to_learn:0 locally_connected:0 staticentryViolation:0 rpfValid:1 rpfLe:38 rpfLePointer:0 rpfForcePass:0 rpfForceFail:0 reachableviaSome:1 rpfCheckIncomplete:0 defaultRoute:0 ChainPtrValid:0 ChainPtrOrPortLeIndex:72 UseRpfmatchTable:0 rpfIncomplete:0 is_src_ce:0 sgtValid:0 sgtOverwrite:0 sgt:0 ipClientLabel:0 src_rloc_trusted:0, sgtCacheControl1:0, sgtCacheControl0:0 port_label:0x0 port_mask:0x0 vlan_label:0x0 vlan_mask:0x0 l3if_label:0x0 l3if_mask:0x0 group_label:0x0 group_mask:0x0 ==============================================================
**Decodificação si_hdl de Verificação de Rota de Nó de Borda**
Para obter si_hdl, ri_hdl, use o comando show platform software fed switch ative ip adj <endereço IP>
Border-1#show platform software fed switch active ip adj 10.47.1.12 IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.12 LISP0.4099 4500.0000.0000 0x7f3c607e17f8 0x7f3c60b09f88 0x60 0x130c 2023/09/21 05:56:31.052
Pegue o si_hdl (0x7f3c607e17f8) e use o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <si_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c607e17f8 1 Handle:0x7f3c607e17f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60b09f88Hardware Indices/Handles: index0:0xbe mtu_index/l3u_ri_index0:0x0 index1:0xbe mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 48 65 84 60 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbe] RI = 0x24 -----> Rewrite Index = Rewrite information for L3 Forwarding to the next-hop adjacency DI = 0x5012 -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD -----> Local Data, ASIC is directly connected to the adjacency interface
**Decodificação de Índice de Reescrita de Verificação de Rota de Nó de Borda**
Pegue o RI (0x24) e use no commandshow platform hardware fed switch ative fwd-asic resource asic all rewrite-index range <RI> <RI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x24 0x24 ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 ASIC#:1 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> VXLAN Dummy DMAC Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
**Decodificação do Índice de Destino da Verificação de Rota do Nó de Borda**
Pegue o DI (0x5012) e use no comando show platform hardware fed switch ative fwd-asic resource asic all destination-index range <DI> <DI>
Border-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 Destination index = 0x5012 DI_RCP_PORT1 -----> Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0
**Decodificação ri_hdl de Verificação de Rota de Nó de Borda**
Pegue o ri_hdl (0x7f3c60b09f88) e use o comando show platform hardware fed switch ative fwd-asic abstraction print-resource-handle <ri_hdl> 1
Border-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f3c60b09f88 1 Handle:0x7f3c60b09f88 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f3c60807728Hardware Indices/Handles: index0:0x24 mtu_index/l3u_ri_index0:0x0 index1:0x24 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2d 00 00 00 0a 2f 01 0c ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:0 RI:36 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, -----> Dummy VXLAN header Src IP: 10.47.1.10 -----> BN RLOC Dst IP: 10.47.1.12 -----> FE RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 45
PCAP de ingresso da borda da malha a partir do nó de borda
O pacote ainda é encapsulado por VXLAN, continue a filtrar a captura com ACL que corresponda RLOC a RLOC, não contra os endereços IP internos.
Edge-1#show monitor capture 1 buffer display-filter icmp.type==0 brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 12 0.876204 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=3/768, ttl=253 (request in 3) 17 2.614814 8.8.8.8 -> 10.47.4.2 ICMP 148 Echo (ping) reply id=0x0027, seq=4/1024, ttl=253 (request in 14)
Ethernet II, Src: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3), Dst: 52:54:00:04:84:b1 (52:54:00:04:84:b1) -----> True MAC addresses Destination: 52:54:00:04:84:b1 (52:54:00:04:84:b1) Address: 52:54:00:04:84:b1 (52:54:00:04:84:b1) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) Address: 52:54:00:0a:42:f3 (52:54:00:0a:42:f3) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.10, Dst: 10.47.1.12 -----> RLOC IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x00e0 (224) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: UDP (17) Header checksum: 0x6613 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.10 Destination: 10.47.1.12 User Datagram Protocol, Src Port: 65345, Dst Port: 4789 Source Port: 65345 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.876204000 seconds] [Time since previous frame: 0.457213000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 Reserved: 0 Ethernet II, Src: 00:00:00:00:71:00 (00:00:00:00:71:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) -----> Dummy VXLAN MAC addresses Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:71:00 (00:00:00:00:71:00) Address: 00:00:00:00:71:00 (00:00:00:00:71:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.47.4.2 -----> Inner IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x37ca (14282) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 253 Protocol: ICMP (1) Header checksum: 0x279e [validation disabled] [Header checksum status: Unverified] Source: 8.8.8.8 Destination: 10.47.4.2 Internet Control Message Protocol Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x2e16 [correct] [Checksum Status: Good] Identifier (BE): 39 (0x0027) Identifier (LE): 9984 (0x2700) Sequence number (BE): 3 (0x0003) Sequence number (LE): 768 (0x0300) [Request frame: 3] [Response time: 850.538 ms] Data (56 bytes)
Histórico de revisões
| Revisão | Data de publicação | Comentários |
|---|---|---|
1.0 |
16-Mar-2026
|
Versão inicial |
FeedbackContate a Cisco
- Abrir um caso de suporte
- (É necessário um Contrato de Serviço da Cisco)