Verifying Network Connectivity
There are multiple commands supported by the system to verify and/or troubleshoot network connectivity. Note that network connectivity can only be tested once system interfaces and ports have been configured and bound.
The commands specified in this section should be issued on a context-by-context basis. Contexts act like virtual private networks (VPNs) that operate independently of other contexts. Ports, interfaces, and routes configured in one context cannot be tested from another context without additional configuration.
[local]host_name# context context_name
[context_name]host_name#
Using the ping or ping6 Command
The ping or ping6 command verifies the system's ability to communicate with a remote node in the network by passing data packets between and measuring the response. This command is useful in verifying network routing and if a remote node is able to respond at the IP layer.
Syntax
The ping command has the following syntax:
ping host_ipv4_address [ count num_packets ] [ flood ] [ pattern packet_pattern ] [ size octet_count ] [ src { src_host_name | src_host_ipv4_address } ] [ vrf vrf_nam ]
ping6 host_ipv6_address [ count num_packets ] [ flood ][ pattern packet_pattern ] [ size octet_count ] [ src { src_host_name | src_host_ipv6_address } ] [ vrf vrf_nam ]
For complete information on the above commands, see the Exec Mode Commands chapter of the Command Line Interface Reference.
The following displays a sample of a successful ping (IPV4) response.
PING 192.168.250.1 (192.168.250.1): 56 data bytes
64 bytes from 192.168.250.1: icmp_seq=0 ttl=255 time=0.4 ms
64 bytes from 192.168.250.1: icmp_seq=1 ttl=255 time=0.2 ms
64 bytes from 192.168.250.1: icmp_seq=2 ttl=255 time=0.2 ms
64 bytes from 192.168.250.1: icmp_seq=3 ttl=255 time=0.2 ms
64 bytes from 192.168.250.1: icmp_seq=4 ttl=255 time=0.2 ms
--- 192.168.250.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.4 ms
Troubleshooting
If no response is received from the target follow these troubleshooting procedures:
-
Verify that the correct IP address was entered.
-
Attempt to ping a different device on the same network. If the ping was successful then it is likely that your system configuration is correct. Verify that the device you are attempting to ping is powered and functioning properly.
-
Verify the port is operational.
-
Verify that the configuration of the ports and interfaces within the context are correct.
-
If the configuration is correct and you have access to the device that you're attempting to ping, ping the system from that device.
-
If there is still no response, it is likely that the packets are getting discarded by a network device. Use the traceroute or traceroute6 and show ip static-route commands discussed in this chapter to further troubleshoot the issue.
Using the traceroute or traceroute6 Command
The traceroute or traceroute6 command collects information on the route data will take to a specified host. This is a useful troubleshooting command that can be used to identify the source of significant packet delays or packet loss on the network. This command can also be used to identify bottle necks in the routing of data over the network.
traceroute – IPv4
The traceroute command has the following syntax:
traceroute { host_name | host_ipv4_address } [ count packets ] [ df ] [ maxttl max_ttl ] [ minttl min_ttl ] [ port port_number ] [ size octet_count ] [ src { src_host_name | src_host_ipv4_address } ] [ timeout seconds ] [ vrf vrf_nam ]
For complete information on the above command, see the Exec Mode Commands chapter of the Command Line Interface Reference.
The following displays a sample output.
traceroute to 192.168.250.1 (192.168.250.1), 30 hops max, 40 byte packets
1 192.168.250.1 (192.168.250.1) 0.446 ms 0.235 ms 0.178 ms
traceroute6 – IPv6
The traceroute6 command has the following syntax:
traceroute6 { host_name | host_ipv6_address } [ count packets ] [ maxttl max_ttl ] [ port port_number ] [ size octet_count ] [ src { src_host_name | src_host_ipv6_address } ] [ timeout seconds ] [ vrf vrf_nam ]
For complete information on the above commands, see the Exec Mode Commands chapter of the Command Line Interface Reference.
The following displays a sample output.
traceroute6 to 2001:4A2B::1f3F (2001:4A2B::1f3F), 30 hops max, 40 byte packets
1 2001:4A2B::1f3F (2001:4A2B::1f3F) 0.446 ms 0.235 ms 0.178 ms
Viewing IP Routes
The system provides a mechanism for viewing route information to a specific node or for an entire context. This information can be used to verify network connectivity and to ensure the efficiency of the network connection. The command has the following syntax:
show ip route [ route_ip_address ]
show ipv6 route [ route_ipv6_address ] ]
For complete information on the above commands, see the Exec Mode show Commands chapter of the Command Line Interface Reference.
If no keywords are specified, all IP routes within the context's routing table are displayed.
The following displays a sample of this command's output showing a context IPv4 routing table.
"*" indicates the Best or Used route.
Destination Nexthop Protocol Prec Cost Interface
*0.0.0.0/0 10.0.4.1 static 0 0 SPIO1
*10.0.4.0/24 0.0.0.0 kernel 0 0 SPIO1
*10.0.4.0/32 0.0.0.0 kernel 0 0 SPIO1
*10.0.4.3/32 0.0.0.0 kernel 0 0 SPIO1
*10.0.4.255/32 0.0.0.0 kernel 0 0 SPIO1
Viewing the Address Resolution Protocol Table
The system provides a mechanism for viewing Address Resolution Protocol (ARP) table information to a specific node or for an entire context. This information can be used to verify that when the system sends an ARP packet, it receives valid responses from other network nodes.
[local]host_name# show ip arp [ arp_ip_address ]
arp_ip_address specifies a specific network node for which to display ARP information. The address can be entered in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation. If this keyword is not specified, all entries within the context's ARP table are displayed.
Important |
Restarting the VPN Manager removes all interfaces from the kernel which in turn removes all ARP entries. However, the NPU still retains all of the ARP entries so that there is no traffic disruption. From a user point of view, show ip arp is broken since this command gathers information from the kernel and not the NPU. |
The following displays a sample of this command's output showing a context's ARP table.
Flags codes:
C - Completed, M - Permanent, P - Published, ! - Not answered
T - has requested trailers
Address Link Type Link Address Flags Mask Interface
10.0.4.240 ether 00:05:47:02:20:20 C MIO1
10.0.4.7 ether 00:05:47:02:03:36 C MIO1
10.0.4.1 ether 00:01:30:F2:7F:00 C MIO1