Resolución de Problemas de SDA Forwarding East-West Traffic Flow
Contenido
Introducción
Este documento describe cómo validar el flujo de tráfico horizontal como parte del acceso definido por software (SDA).
Prerequisites
Requirements
Cisco recomienda que tenga conocimiento sobre estos temas:
- Reenvío de protocolo de Internet (IP)
- Protocolo de separación Localizador/ID (LISP)
Componentes Utilizados
La información que contiene este documento se basa en las siguientes versiones de software y hardware.
- C9000v en Cisco IOS® XE 17.10.1
- SDA 1.0 (no LISP PubSub)
La información que contiene este documento se creó a partir de los dispositivos en un ambiente de laboratorio específico. Todos los dispositivos que se utilizan en este documento se pusieron en funcionamiento con una configuración verificada (predeterminada). Si tiene una red en vivo, asegúrese de entender el posible impacto de cualquier comando.
Productos Relacionados
Este documento también puede utilizarse con estas versiones de software y hardware:
- C9200
- C9300
- C9400
- C9500
- C9600
- Cisco IOS® XE 16.12 y versiones posteriores
Antecedentes
El flujo de tráfico este-oeste de SDA hace referencia al concepto en el que un terminal del fabric de SDA desea comunicarse con otro terminal del mismo fabric. Hay advertencias en cuanto a lo que es y no se considera un flujo Este-Oeste. Un flujo de tráfico horizontal puede ser uno de estos ejemplos:
- Los extremos que están en la misma subred (172.17.10.2 que se comunican con 172.19.10.3) se consideran extensión L2LISP
- Los terminales que están en el mismo VRF (VN) (172.19.10.2 que se comunica con 172.19.11.2 y ambos están en el campus VRF) se consideran LISP de L3
- El terminal que está dentro del fabric está hablando con un host que está conectado a un borde de entrega L2, exactamente igual que L2LISP
Los flujos de tráfico horizontal no hacen referencia a estos ejemplos:
- El tráfico se origina desde el fabric SDA hacia fuera del fabric, es decir, de norte a sur
- El ruteo Inter-VRF tampoco se considera Este-Oeste (un punto final en el campus VRF, dirección IP 172.19.10.2 que habla con un punto final en el invitado VRF, dirección IP 172.19.11.2)
- Dominios integrados de SD-WAN
- Tránsito SDA
- Afinidad de borde
- Extranet
Topología
A efectos de este ejemplo, los switches C9000v funcionan como los bordes del fabric y los bordes colocados. Todos los terminales se encuentran en la misma red virtual (VN), red_vn. Los terminales en 10.47.4.2 y 10.47.4.2 están en la misma subred, el terminal en 10.47.10.2 está en una subred diferente pero la misma VPN.
Configuración
Se supone que Cisco DNA-Center se utiliza para aprovisionar el fabric SDA con la configuración predeterminada:
- La extensión de capa 2 está habilitada (esto fuerza el reenvío del tráfico en función de las búsquedas de direcciones MAC en lugar de las búsquedas de direcciones IP).
- La inundación de Capa 2 está inhabilitada (esto habilita la supresión ARP en los dispositivos de borde y el aprendizaje ARP asistido por LISP).
Después del proceso de incorporación del host adecuado, la configuración de la interfaz contiene varias secciones:
Configuración de interfaz de Fabric Edge (10.47.1.12):
interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable end interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 end
Configuración de LISP de Fabric Edge (10.47.1.12):
router lisp locator-table default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set
!
instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! dynamic-eid red-helpdesk-IPV4 database-mapping 10.47.10.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id
!
! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8192 remote-rloc-probe on-route-change service ethernet eid-table vlan 1028 database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id
Configuración de interfaz de Fabric Edge (10.47.1.13):
interface GigabitEthernet1/0/3 switchport access vlan 1026 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable end ! interface GigabitEthernet1/0/5 switchport access vlan 1028 switchport mode access device-tracking attach-policy IPDT_POLICY spanning-tree portfast spanning-tree bpduguard enable end ! interface Vlan1026 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f341 vrf forwarding red_vn ip address 10.47.4.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-IPV4 end ! interface Vlan1028 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f800 vrf forwarding red_vn ip address 10.47.10.1 255.255.255.0 ip helper-address 10.47.9.9 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility red-helpdesk-IPV4 end
Configuración de LISP de Fabric Edge (10.47.1.13)
router lisp locator-table default locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51 IPv4-interface Loopback0 priority 10 weight 10 exit-locator-set ! instance-id 4099 remote-rloc-probe on-route-change dynamic-eid red-IPV4 database-mapping 10.47.4.0/24 locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51 exit-dynamic-eid ! dynamic-eid red-helpdesk-IPV4 database-mapping 10.47.10.0/24 locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51 exit-dynamic-eid ! service ipv4 eid-table vrf red_vn map-cache 0.0.0.0/0 map-request sgt distribution sgt exit-service-ipv4 ! exit-instance-id ! instance-id 8190 remote-rloc-probe on-route-change service ethernet eid-table vlan 1026 database-mapping mac locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51 dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id ! instance-id 8192 remote-rloc-probe on-route-change service ethernet eid-table vlan 1028 database-mapping mac locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51 dynamic-eid detection multiple-addr bridged-vm exit-service-ethernet ! exit-instance-id
Verificación de Onboarding del Host
Como parte del proceso de incorporación del host, se crean varias estructuras:
Entrada de seguimiento de dispositivos IPDT / IP
Después de la incorporación exitosa del host, existe una entrada válida en la tabla de seguimiento de dispositivos IP (IPDT) y el host final se marca como ALCANZABLE:
Edge-1#show device-tracking database interface g1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match 0002:Orig trunk 0004:Orig access
0008:Orig trusted trunk 0010:Orig trusted access 0020:DHCP assigned
0040:Cga authenticated 0080:Cert authenticated 0100:Statically assigned
Network Layer Address Link Layer Address Interface vlan prlvl age state Time left
DH4 10.47.4.2 5254.0019.93e9 Gi1/0/3 1026 0024 3mn REACHABLE 28 s try 0(15198 s)
Entrada MAC/ARP
Cuando el host final se incorpora correctamente, puede hacer ping al gateway predeterminado (o se puede hacer ping desde el gateway predeterminado si no hay ningún firewall instalado en el punto final que bloquee esta comunicación):
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 142/150/161 ms
En el Nodo de Borde, hay una dirección MAC, así como la entrada ARP correspondiente en la tabla (en VRF):
Edge-1#show mac address-table interface g1/0/3
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.0019.93e9 DYNAMIC Gi1/0/3
Total Mac Addresses for this criterion: 1
Edge-1#show ip arp vrf red_vn
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.47.4.1 - 0000.0c9f.f341 ARPA Vlan1026
Internet 10.47.4.2 1 5254.0019.93e9 ARPA Vlan1026
Internet 10.47.10.1 - 0000.0c9f.f800 ARPA Vlan1028
Programación de direcciones MAC con alimentación por software**
Para verificar la dirección MAC en FED, utilice el comando show platform software fed switch active matm macTable vlan <vlan id> mac <mac address>
Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1026 5254.0019.93e9 0x1 9 0 0 0x7f65ec7bda68 0x7f65ec7c21f8 0x0 0x7f65ec6e1368 300 7 GigabitEthernet1/0/3 Yes ======platform hardware details ====== Asic: 0 htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1 SI = 0xc3 RI = 0x25 DI = 0x526e DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3] Asic: 1 SI = 0xc3 RI = 0x25 DI = 0x526e DI = 0x526e pmap = 0x00000000 0x00000000
**MAC Address macHandle Programming**
Tome el valor macHandle del comando anterior (0x7f65ec7bda68) y utilícelo en show platform hardware fed switch active fwd-asic abstraction print-resource-handle <macHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1
Entry 0: (handle 0x7f65ec95dc68)
Absolute Index: 6778
Time Stamp: 4
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================
**Verificación MVID**
El número 7 en el resultado anterior es el ID de VLAN asignada (MVID) en el hardware. Para verificar que coinciden con la vlan "real", utilice show platform software fed switch active vlan <vlan number>
Edge-1#show platform software fed switch active vlan 1026 VLAN Fed Information Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID ----------------------------------------------------------------------------------------------------------------------- 1026 0x0000000000420011 0x00007f65ec6a08b8 0x00007f65ec6a1138 0x00007f65ec77e838 0x000000000000001d 7
**Verificación del número de puerto global (GPN)**
Para correlacionar el GPN con una interfaz "real", utilice el comando show platform software fed switch active ifm mappings gpn
Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table
GPN Interface IF_ID IF_TYPE
--------------------------------------------------------------------------------------------------
1 GigabitEthernet1/0/1 0x0000001a ETHER
2 GigabitEthernet1/0/2 0x0000001b ETHER
3 GigabitEthernet1/0/3 0x0000000b ETHER <-- GPN 3 lines up with the expected Egress interface
**Programación iHandle de direcciones MAC**
Tome el valor de siHandle del comando anterior (0x7f65ec7c21f8) y utilícelo en show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_handle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3 mtu_index/l3u_ri_index0:0x0 index1:0xc3 mtu_index/l3u_ri_index1:0x0
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI) RI = 0x25 <-- Rewrite Index contains the forwarding information DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC
Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI) RI = 0x25 <-- Rewrite Index contains the forwarding information DI = 0x526e <-- Destination Index contains information related to the outgoing interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core ==============================================================
**MAC Address Rewrite-Index Verification**
Tome el valor de RI del comando anterior (0x25) y utilícelo en show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:19:93:e9,
L3IF LE Index 41
ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 01:00:5e:00:00:00,
L3IF LE Index 40
ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:00:50:17,
L3IF LE Index 40
**Verificación del índice de destino de la dirección MAC**
Tome el valor de DI del comando anterior (0x526e) y utilícelo en show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:
Destination index = 0x526e
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2. pmap_intf : [GigabitEthernet1/0/3]
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x526e
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
**Verificación de puertos**
Para correlacionar el puerto que se vio anteriormente, utilice los comandos show platform software fed switch active ifm mappings y observe la columna Puerto.
Edge-1#show platform software fed switch active ifm mappings ------------------ show platform software fed switch active ifm mappings ------------------ Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y <-- Matches port 2 from previous output
**Verificación de dirección MAC de alimentación de hardware**
Este resultado en un escenario funcional/ideal coincide con lo que la decodificación macHandle proporcionó.
Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9 HEAD: MAC address 5254.0019.93e9 in VLAN 1026 KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0 MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0 DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0 Total Mac number of addresses:: 1
- El ID de VLAN en hardware (MVID) es 7
- Dirección MAC: 5254.0019.93e9
- GPN: 3
Entrada LISP
Después de la incorporación exitosa del host, las entradas LISP para el host final se crean localmente en el nodo de borde, así como se registran en los nodos de control (LISP MSMR - Servidor de mapa LISP / Resolver mapa). Todas las verificaciones LISP deben realizarse en relación con el alcance de ID de instancia específico que se puede verificar para L2 y L3:
Edge-1#show vlan id 1026 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1026 red active L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026
**Verificación de la base de datos LISP L2**
Para verificar la base de datos L2 LISP, utilice el comando show lisp instance-id <L2 LISP ID> ethernet database <mac address>
Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9 LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 2 5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC Uptime: 2d17h, Last-change: 2d17h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**Verificación de la base de datos de resolución de direcciones (AR) L2 de LISP**
Para verificar la base de datos LISP L2 AR, utilice el comando show lisp instance-id <LISP L2 ID> ethernet database address-resolution <mac address>
Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9 LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190) (*) -> entry being deleted Hardware Address L3 InstID Host Address 5254.0019.93e9 4099 10.47.4.2/32 <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively
**Verificación de la base de datos LISP L3**
Para verificar la base de datos LISP L3, utilice el comando show lisp instance-id <LISP L3 ID> ipv4 database <IP address/Subnet Mask>
Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32 LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1 Entries total 1, no-route 0, inactive 0, do-not-register 1 10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address Uptime: 2d18h, Last-change: 2d18h Domain-ID: local Service-Insertion: N/A Locator Pri/Wgt Source State 10.47.1.12 10/10 cfg-intf site-self, reachable -----> Our own RLOC Map-server Uptime ACK Domain-ID 10.47.1.10 1d11h Yes 0 -----> RLOC of upstream collocated border 10.47.1.11 2d17h Yes 0 -----> RLOC of upstream collocated border
**Verificación CEF**
Para verificar CEF, utilice el comando show ip cef vrf <nombre de vrf> <dirección IP> internal
Edge-1#show ip cef vrf red_vn 10.47.4.2 internal
10.47.4.2/32, epoch 1, flags [att, sc], RIB[D], refcnt 6, per-destination sharing
sources: RIB, Adj, IPL
feature space:
IPRM: 0x00058000
Broker: linked, distributed at 3rd priority
subblocks:
SC owned,sourced: LISP local EID -
SC inherited: LISP remote EID - locator status bits 0x00000000
SC inherited: LISP cfg dyn-EID - LISP configured dynamic-EID
LISP EID attributes: localEID Yes, c-dynEID Yes, d-dynEID Yes, a-dynEID No
SC owned,sourced: LISP generalised SMR - [disabled, not inheriting, 0x7F06D0A67E40 locks: 1]
Adj source: IP adj out of Vlan1026, addr 10.47.4.2 7F06D300B738
Dependent covered prefix type adjfib, cover 10.47.4.0/24
2 IPL sources [no flags]
ifnums:
Vlan1026(29): 10.47.4.2
path list 7F06CEE8D720, 3 locks, per-destination, flags 0x49 [shble, rif, hwcn]
path 7F06D0A900C8, share 1/1, type attached nexthop, for IPv4
nexthop 10.47.4.2 Vlan1026, IP adj out of Vlan1026, addr 10.47.4.2 7F06D300B738
output chain:
IP adj out of Vlan1026, addr 10.47.4.2 7F06D300B738
Además de las entradas LISP locales en el nodo de extremo SDA, los nodos de control SDA (LISP MS/MR) también contienen información adicional sobre los terminales:
Verificación de servidor LISP de borde L2 entre ubicaciones:
Para verificar el servidor LISP L2, utilice el comando show lisp instance-id <L2 LISP ID> ethernet server <MAC Address>
Border-1#show lisp instance-id 8190 ethernet server 5254.0019.93e9
LISP Site Registration Information
Site name: site_uci
Description: map-server configured from Cisco DNA-Center
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 5254.0019.93e9/48 instance-id 8190 <-- Endpoint MAC Address
First registered: 2w5d
Last registered: 3d16h
Routing table tag: 0
Origin: Dynamic, more specific of any-mac
Merge active: No
Proxy reply: Yes
Skip Publication: No
Force Withdraw: No
TTL: 1d00h
State: complete
Extranet IID: Unspecified
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.47.1.12:21038, last registered 3d16h, proxy-reply, map-notify <-- Egress Tunnel Router (Fabric Edge IP address)
TTL 1d00h, no merge, hash-function sha1
state complete, no security-capability
nonce 0xB60C4314-0x97BB332D
xTR-ID 0xAB3179F6-0xC774F22C-0x00F2C82E-0x3A66738D
site-ID unspecified
Domain-ID local
Multihoming-ID unspecified
sourced by reliable transport
Locator Local State Pri/Wgt Scope
10.47.1.12 yes up 10/10 IPv4 none <--(Fabric Edge IP address)
Verificación del servidor con resolución de direcciones LISP (AR) L2 de borde intercalado:
Para verificar el servidor LISP AR L2, utilice el comando show lisp instance-id <LISP L2 ID> ethernet server address-resolution <IP address>
Para verificar el historial de registro, utilice el comando show lisp instance-id <LISP L2 ID> ethernet server address-resolution <IP address> registration-history
Border-1#show lisp instance-id 8190 ethernet server address-resolution 10.47.4.2 Address-resolution data for router lisp 0 instance-id 8190 Site name: site_uci Host Address: 10.47.4.2/32 Hardware Address: 5254.0019.93e9 First registered: 2w5d Last registered: 3d16h Registration errors: Authentication failures: 0 ETR 10.47.1.12:21038 Last registered: 3d16h TTL: 1d00h xTR-ID: 0xAB3179F6-0xC774F22C-0x00F2C82E-0x3A66738D Site-ID: unspecified Registered addr: 5254.0019.93e9 L3 Instance ID: 4099
Border-1#show lisp instance-id 8190 ethernet server address-resolution 10.47.4.2 registration-history Map-Server registration history Roam = Did host move to a new location? WLC = Did registration come from a Wireless Controller? Prefix qualifier: + = Register Event, - = Deregister Event, * = AR register event Timestamp (UTC) Instance Proto Roam WLC Source EID prefix / Locator *Sep 29 16:50:27.762 8190 TCP No No 10.47.1.12 +*10.47.4.2/32 / 5254.0019.93e9 *Oct 1 21:05:11.086 8190 TCP No No 10.47.1.12 +*10.47.4.2/32 / 5254.0019.93e9 *Oct 2 06:51:11.882 8190 TCP No No 10.47.1.12 +*10.47.4.2/32 / 5254.0019.93e9 *Oct 3 00:56:33.642 8190 TCP No No 10.47.1.12 +*10.47.4.2/32 / 5254.0019.93e9 *Oct 3 01:53:45.934 8190 TCP No No 10.47.1.12 +*10.47.4.2/32 / 5254.0019.93e9 *Oct 6 04:36:08.685 8190 TCP No No 10.47.1.12 +*10.47.4.2/32 / 5254.0019.93e9
Verificación de servidor LISP L3 de borde compartido
Para verificar el servidor LISP L3, utilice el comando show lisp instance-id <LISP L3 ID> ipv4 server <IP address>
Para verificar el historial de registro del servidor LISP L3, utilice el comando show lisp instance-id <LISP L3 ID> ipv4 server <IP address> registration-history
Border-1#show lisp instance-id 4099 ipv4 server 10.47.4.2
LISP Site Registration Information
Site name: site_uci
Description: map-server configured from Cisco DNA-Center
Allowed configured locators: any
Requested EID-prefix:
EID-prefix: 10.47.4.2/32 instance-id 4099
First registered: 2w5d
Last registered: 02:39:39
Routing table tag: 0
Origin: Dynamic, more specific of 10.47.4.0/24
Merge active: No
Proxy reply: Yes
Skip Publication: No
Force Withdraw: No
TTL: 1d00h
State: complete
Extranet IID: Unspecified
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.47.1.12:21038, last registered 02:39:39, proxy-reply, map-notify
TTL 1d00h, no merge, hash-function sha1
state complete, no security-capability
nonce 0x128CB668-0xF7B85F77
xTR-ID 0xAB3179F6-0xC774F22C-0x00F2C82E-0x3A66738D
site-ID unspecified
Domain-ID local
Multihoming-ID unspecified
sourced by reliable transport
Locator Local State Pri/Wgt Scope
10.47.1.12 yes up 10/10 IPv4 none
Border-1#show lisp instance-id 4099 ipv4 server 10.47.4.2/32 registration-history
Map-Server registration history
Roam = Did host move to a new location?
WLC = Did registration come from a Wireless Controller?
Prefix qualifier: + = Register Event, - = Deregister Event, * = AR register event
Timestamp (UTC) Instance Proto Roam WLC Source
EID prefix / Locator
*Oct 6 04:36:01.548 4099 UDP No No 10.47.1.12
+ 10.47.4.2/32
*Oct 6 04:36:08.686 4099 TCP No No 10.47.1.12
+ 10.47.4.2/32
*Oct 9 18:35:48.058 4099 TCP No No 10.47.1.12
+ 10.47.4.2/32
Resolución ARP en SDA
Se supone que Cisco Catalyst Center se ha utilizado para aprovisionar el fabric SDA con la configuración predeterminada. Esto significa que la extensión de la capa 2 está habilitada y que todo el tráfico dentro del entramado (en la misma VLAN / VPN) se reenvía en función de las búsquedas de direcciones MAC / instancia de Ethernet LISP, en lugar de las búsquedas de direcciones IP / instancia de IP LISP.
Desde la perspectiva de la solución de problemas, puede ser útil configurar entradas ARP estáticas en ambos hosts para verificar rápidamente si el problema es con la conectividad genérica en el entramado (en tal caso, el ping no funciona entre los hosts) o solamente con la resolución ARP.
El proceso ARP en SDA Fabric aprovecha LISP para resolver la identificación y la ubicación de los hosts y es diferente del comportamiento ARP en los entornos de routing/switching tradicionales.
Paso 1: el terminal de fabric envía una solicitud ARP para determinar el enlace MAC/IP para el otro terminal de fabric
La captura de paquetes se puede configurar en la interfaz de ingreso para confirmar que el paquete ARP se recibe del host:
Edge-1#monitor capture 1 interface g1/0/3 in match any
Edge-1#mon cap 1 start
Started capture point : 1
Edge-1#mon cap 1 stop
Capture statistics collected at software:
Capture duration - 22 seconds
Packets received - 13
Packets dropped - 0
Packets oversized - 0
Number of Bytes dropped at asic not collected
Capture buffer will exists till exported or cleared
Stopped capture point : 1
Edge-1#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 52:54:00:19:93:e9 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.47.4.3? Tell 10.47.4.2
2 1.028893 52:54:00:19:93:e9 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.47.4.3? Tell 10.47.4.2
3 2.058244 52:54:00:19:93:e9 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.47.4.3? Tell 10.47.4.2
Edge-1#show monitor capture 1 buffer display-filter arp detailed
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Oct 10, 2023 14:52:03.659290000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1696949523.659290000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:arp]
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) <-- SMAC/DMAC respectively
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Sender IP address: 10.47.4.2
Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
Target IP address: 10.47.4.3
Paso 2. El nodo de borde consume el paquete ARP y genera la solicitud LISP para determinar la dirección MAC de HOST-02.
Edge-1 envía una petición de mapa LISP para resolver la dirección MAC de 10.47.4.3 a los planos de control LISP (bordes colocados):
Edge-1#debug lisp control-plane all
Edge-1#debug l2lisp all
LISP[REMT ]-0: Map Request: Delay is over for IID 8190 EID 10.47.4.3/32, requester 'AR'. LISP[REMT ]-0 IID 8190: Schedule processing of Map-Requests from 'remote EID prefix' in IPv4. LISP[REMT ]-0: Map Request: Sending request for IID 8190 EID 10.47.4.3/32, requester 'AR'.
Paso 3. El nodo de control recibe una solicitud LISP para la asignación de IP/MAC y envía una respuesta al nodo de extremo SDA
La solicitud de mapa LISP se recibe desde el borde del entramado y responde con una respuesta de mapa LISP con la dirección MAC que está vinculada a 10.47.4.3
Border-1#debug lisp control-plane all
Border-1#debug l2lisp all
LISP[TRNSP]-0: Processing received Map-Request(1) message on GigabitEthernet1/0/3 from 10.47.4.3:4342 to 10.47.4.3:4342. LISP[MR ]-0: Received Map-Request with 1 records, first EID IID 8190 10.47.4.3/32, source EID UNSPEC, nonce 0x73F75F36-0x061CAF58. LISP[MR ]-0 IID 8190 Eth-ARP: MS EID 10.47.4.3/32: Sending proxy reply to 10.47.1.12.
El plano de control LISP responde con una respuesta de proxy basada en la entrada de resolución de direcciones almacenada en su base de datos local
Border-1#show lisp instance-id 8190 ethernet server address-resolution 10.47.4.3 Address-resolution data for router lisp 0 instance-id 8190 Site name: site_uci Host Address: 10.47.4.3/32 Hardware Address: 5254.001e.ad00 First registered: 21:11:17 Last registered: 21:11:17 Registration errors: Authentication failures: 0 ETR 10.47.1.13:16056 Last registered: 21:11:17 TTL: 1d00h xTR-ID: 0x8CEE6478-0x9358E248-0xE935FF07-0x8C3C5450 Site-ID: unspecified Registered addr: 5254.001e.ad00 L3 Instance ID: 4099
Paso 4. El nodo perimetral recibe respuesta LISP con la dirección MAC 10.47.4.3
El nodo de borde de fabric recibe la respuesta de proxy LISP:
LISP[REMT ]-0: Processing Map-Reply mapping record for IID 8190 MAC 5254.001e.ad00/48 LCAF 2, ttl 1440, action none, not authoritative, 1 locator. LISP[REMT ]-0: Processing mapping information for EID prefix IID 8190 5254.001e.ad00/48.
Paso 5. El nodo de borde envía el paquete de solicitud de mapa LISP para determinar la ubicación RLOC para la dirección MAC
Después de completar exitosamente los tres primeros pasos, el Nodo de Borde conoce la dirección MAC de 10.47.4.3 para la cual se generó ARP inicialmente. Cuando la extensión de la Capa 2 está habilitada, el Nodo de Borde no responde con esta información a 10.47.4.2, sino que la utiliza para determinar la ubicación RLOC del Borde del Nodo de Salida, de modo que pueda reenviar ARP hacia 10.47.4.3 como en una red de Capa 2 tradicional.
Por esta razón, el Nodo de Borde genera otro paquete de Solicitud de Mapa LISP en la Instancia Ethernet, esta vez solicitando información RLOC para la dirección MAC de 10.47.4.2:
Edge-1#debug lisp control-plane all
Edge-1#debug l2lisp all
*Oct 10 17:01:41.430: LISP[REMT ]-0 IID 8190: Schedule processing of Map-Requests from 'remote EID prefix' in IPv4. *Oct 10 17:01:41.430: LISP[REMT ]-0: Map Request: Sending request for IID 8190 EID 5254.001e.ad00/48, requester 'remote EID prefix'
Paso 6: El nodo de control recibe el paquete de solicitud de mapa LISP para determinar la ubicación RLOC para la dirección MAC
El nodo de control recibe el paquete LISP y le responde en función de su estado de base de datos local
Border-1#debug lisp control-plane all Border-1#debug l2lisp all *Oct 10 16:04:42.055: LISP[MR ]-0 IID 8190 Eth-ARP: MS EID 10.47.4.3/32: Sending proxy reply to 10.47.1.12. *Oct 10 16:04:42.407: LISP[MR ]-0: Received Map-Request with 1 records, first EID IID 8190 5254.001e.ad00/48, source EID 0000.0c9f.f341, nonce 0x75E13E8C-0x40DE7912. *Oct 10 16:04:42.408: LISP[MR ]-0 IID 8190 MAC: MS EID 5254.001e.ad00/48: Sending proxy reply to 10.47.1.12.
Paso 7: El nodo perimetral recibe la respuesta de mapa LISP
El nodo perimetral recibe la respuesta de mapa LISP generada por el nodo de control:
Edge-1#debug lisp control-plane all
Edge-1#debug l2lisp all
*Oct 10 17:44:00.181: LISP[TRNSP]-0: Processing received Map-Reply(2) message on GigabitEthernet1/0/2 from 10.47.1.13:4342 to 10.47.1.12:4342. *Oct 10 17:44:00.181: LISP[REMT ]-0: Received Map-Reply with nonce 0xF954EC80-0x039D7E4A, 1 records. *Oct 10 17:44:00.181: LISP[REMT ]-0: Map-Reply nonce matches pending request for IID 8190 EID 5254.001e.ad00/48, requester 'remote EID RLOC'. *Oct 10 17:44:00.181: LISP[REMT ]-0: Processing Map-Reply mapping record for IID 8190 MAC 5254.001e.ad00/48 LCAF 2, ttl 1440, action none, authoritative, 1 locator. *Oct 10 17:44:00.181: LISP[REMT ]-0: Map Request: Received reply with rtt 560ms. *Oct 10 17:44:00.181: LISP[REMT ]-0: Processing mapping information for EID prefix IID 8190 5254.001e.ad00/48.
Esto finalmente crea una entrada en la memoria caché de mapa de instancia de Ethernet de LISP y permite que el paquete ARP sea reenviado hacia el Edge-2 donde 10.47.4.3 está conectado a
Edge-1#show lisp instance-id 8190 ethernet map-cache 5254.001e.ad00
LISP MAC Mapping Cache for LISP 0 EID-table Vlan 1026 (IID 8190), 1 entries
5254.001e.ad00/48, uptime: 00:04:11, expires: 23:55:48, via map-reply, complete
Sources: map-reply
State: complete, last modified: 00:04:11, map-source: 10.47.1.13
Active, Packets out: 8(0 bytes), counters are not accurate (~ 00:00:04 ago)
Encapsulating dynamic-EID traffic
Locator Uptime State Pri/Wgt Encap-IID
10.47.1.13 00:04:11 up 10/10 -
Last up-down state change: 00:04:11, state change count: 1
Last route reachability change: 00:04:11, state change count: 1
Last priority / weight change: never/never
RLOC-probing loc-status algorithm:
Last RLOC-probe sent: 00:04:11 (rtt 560ms)
Paso 8. ARP se encapsula en VXLAN y se envía hacia HOST-02
Se requirieron todos los pasos relacionados con LISP para determinar dónde se encuentra 10.47.4.3, de modo que el nodo perimetral pueda enviar el paquete ARP (difusión) original como unidifusión hacia el nodo perimetral apropiado. La CPU del nodo perimetral almacena en caché (no descarta) la solicitud ARP original hasta que se completan todos los pasos, lo que permite una resolución ARP adecuada incluso cuando se envió un único paquete ARP desde 10.47.4.2.
El paquete ARP está encapsulado en VXLAN, como se muestra en el ejemplo:
Edge-2#show monitor capture 1 buffer display-filter arp brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit
67 15.149181 52:54:00:19:93:e9 -> 52:54:00:1e:ad:00 ARP 110 Who has 10.47.4.3? Tell 10.47.4.2 68 15.155511 52:54:00:19:93:e9 -> 52:54:00:1e:ad:00 ARP 110 Who has 10.47.4.3? Tell 10.47.4.2
La solicitud ARP se ha encapsulado en VXLAN y también se ha convertido de una solicitud ARP de difusión a una solicitud ARP de unidifusión.
Frame 68: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Oct 10, 2023 17:56:43.256570000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1696960603.256570000 seconds
[Time delta from previous captured frame: 0.006330000 seconds]
[Time delta from previous displayed frame: 0.006330000 seconds]
[Time since reference or first frame: 15.155511000 seconds]
Frame Number: 68
Frame Length: 110 bytes (880 bits)
Capture Length: 110 bytes (880 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:arp]
Ethernet II, Src: 52:54:00:0a:42:11 (52:54:00:0a:42:11), Dst: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
Destination: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
Address: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:0a:42:11 (52:54:00:0a:42:11)
Address: 52:54:00:0a:42:11 (52:54:00:0a:42:11)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.13 <-- 10.47.1.12 is Edge-1 RLOC, 10.47.1.13 is Edge-2 RLOC
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 96
Identification: 0x1781 (6017)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
Protocol: UDP (17)
Header checksum: 0x4f95 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.1.12
Destination: 10.47.1.13
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
Source Port: 65354
Destination Port: 4789
Length: 76
[Checksum: [missing]]
[Checksum Status: Not present]
[Stream index: 0]
[Timestamps]
[Time since first frame: 15.155511000 seconds]
[Time since previous frame: 0.006330000 seconds]
Virtual eXtensible Local Area Network
Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
1... .... .... .... = GBP Extension: Defined
.... .... .0.. .... = Don't Learn: False
.... 1... .... .... = VXLAN Network ID (VNI): True
.... .... .... 0... = Policy Applied: False
.000 .000 0.00 .000 = Reserved(R): 0x0000
Group Policy ID: 0
VXLAN Network Identifier (VNI): 8190 <-- L2 LISP IID
Reserved: 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00) <--Unicast ARP Request
Destination: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
Address: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: ARP (0x0806)
Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Sender IP address: 10.47.4.2
Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
Target IP address: 10.47.4.3
Paso 9. La respuesta ARP es generada por 10.47.4.3 y enviada hacia 10.47.4.2
Edge-2#show monitor capture 1 buffer display-filter arp brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 52:54:00:1e:ad:00 -> 52:54:00:19:93:e9 ARP 60 10.47.4.3 is at 52:54:00:1e:ad:00
2 0.069429 52:54:00:1e:ad:00 -> 52:54:00:19:93:e9 ARP 60 10.47.4.3 is at 52:54:00:1e:ad:00
11 5.960508 52:54:00:1e:ad:00 -> 52:54:00:19:93:e9 ARP 60 Who has 10.47.4.2? Tell 10.47.4.3
En este momento, el paquete no está destinado a la dirección de difusión (como solicitud ARP original) sino a la dirección MAC de 10.47.4.2, cuando alcanza el nodo de borde de ingreso (Edge-2), se activa el funcionamiento normal de LISP. Inicialmente falta la dirección MAC de 10.47.4.2 en la instancia Ethernet LISP del nodo de borde, el paquete se dirige a la CPU para generar la solicitud de mapa LISP para determinar el RLOC para el HOST-01. Este comportamiento es exactamente el mismo que se describe en otras secciones de este documento y permite crear una entrada de LISP Map Cache para 10.47.4.2 en Edge-2:
Edge-2#show lisp instance-id 8190 ethernet map-cache 5254.0019.93e9
LISP MAC Mapping Cache for LISP 0 EID-table Vlan 1026 (IID 8190), 1 entries
5254.0019.93e9/48, uptime: 03:18:28, expires: 20:41:32, via map-reply, complete
Sources: map-reply
State: complete, last modified: 03:18:28, map-source: 10.47.1.12
Active, Packets out: 386(0 bytes), counters are not accurate (~ 00:00:12 ago)
Encapsulating dynamic-EID traffic
Locator Uptime State Pri/Wgt Encap-IID
10.47.1.12 03:18:28 up 10/10 -
Last up-down state change: 03:18:28, state change count: 1
Last route reachability change: 03:18:28, state change count: 1
Last priority / weight change: never/never
RLOC-probing loc-status algorithm:
Last RLOC-probe sent: 03:18:28 (rtt 710ms)
La entrada permite que la respuesta ARP se envíe con éxito hacia Edge-1 en la encapsulación VXLAN y se reenvíe después al proceso de resolución ARP completo 10.47.4.2 que compite.
Alcance básico de host en fabric SDA (misma VLAN/misma VPN)
Se supone que la resolución ARP se completó con éxito y que ambos hosts 10.47.4.2 y 10.47.4.3 tienen entradas ARP apropiadas para cada uno.
Desde la perspectiva de la solución de problemas, es muy útil configurar entradas ARP estáticas en ambos hosts para verificar rápidamente si el problema es con la conectividad genérica en el entramado (en tal caso, el ping no funciona entre los hosts) o solamente con el proceso ARP.
10.47.4.2 genera una solicitud ICMP hacia 10.47.4.3:
Edge-1#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 10.47.4.2 -> 10.47.4.3 ICMP 98 Echo (ping) request id=0x0040, seq=3/768, ttl=64
Edge-1#show monitor capture 1 buffer detail
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
Interface name: /tmp/epc_ws/wif_to_ts_pipe
Encapsulation type: Ethernet (1)
Arrival Time: Oct 10, 2023 18:21:21.484694000 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1696962081.484694000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:data]
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00) <-- Endpoint MAC, Anycast GW MAC respectively
Destination: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
Address: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.4.3
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 84
Identification: 0x7321 (29473)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0xab25 [validation disabled]
[Header checksum status: Unverified]
Source: 10.47.4.2
Destination: 10.47.4.3
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x02ea [correct]
[Checksum Status: Good]
Identifier (BE): 64 (0x0040)
Identifier (LE): 16384 (0x4000)
Sequence number (BE): 3 (0x0003)
Sequence number (LE): 768 (0x0300)
Data (56 bytes)
0000 68 95 8c 3d 00 00 00 00 00 00 00 00 00 00 00 00 h..=............
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 ........
Data: 68958c3d0000000000000000000000000000000000000000b^@&
[Length: 56]
El paquete ICMP se envía hacia 10.47.4.3 al nodo perimetral especificado en el campo Locator: 10.47.1.13 (Edge-2) y se puede capturar a través de la captura de paquetes incrustada.
A medida que se recibe el paquete en la VLAN donde se habilita la extensión L2, la búsqueda se realiza en la instancia Ethernet de LISP:
Edge-1#show lisp instance-id 8190 ethernet map-cache 5254.001e.ad00
LISP MAC Mapping Cache for LISP 0 EID-table Vlan 1026 (IID 8190), 1 entries
5254.001e.ad00/48, uptime: 00:22:29, expires: 23:37:32, via map-reply, complete
Sources: map-reply
State: complete, last modified: 00:22:29, map-source: 10.47.1.13
Active, Packets out: 42(0 bytes), counters are not accurate (~ 00:00:58 ago)
Encapsulating dynamic-EID traffic
Locator Uptime State Pri/Wgt Encap-IID
10.47.1.13 00:22:29 up 10/10 -
Last up-down state change: 00:22:29, state change count: 1
Last route reachability change: 00:22:29, state change count: 1
Last priority / weight change: never/never
RLOC-probing loc-status algorithm:
Last RLOC-probe sent: 00:22:28 (rtt 1609ms)
Verifique la dirección MAC del punto final remoto, señala el L2LI0, que se espera
Edge-1#show mac add add 5254.001e.ad00
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1026 5254.001e.ad00 CP_LEARN L2LI0
Total Mac Addresses installed by LISP: REMOTE: 1
Verifique la dirección MAC en FED, se puede obtener información adicional
Edge-1#show platform software fed sw active matm macTable vlan 1026 mac 5254.001e.ad00 VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports Con ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1026 5254.001e.ad00 0x1000001 0 0 64 0x7f65ecfdd3a8 0x7f65ecfdd1f8 0x7f65ecfdd048 0x0 0 2 RLOC 10.47.1.13 adj_id 97 No ======platform hardware details ====== Asic: 0 htm-handle = 0x7f65ecc4d188 MVID = 7 gpn = 1 SI = 0xc7 RI = 0x12 DI = 0x5012 Asic: 1 SI = 0xc7 RI = 0x12 DI = 0x5013
MAC Address macHandle Decode
Tome el macHandle (0x7f65ecfdd3a8) del comando anterior y utilícelo en el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <macHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ecfdd3a8 1 Handle:0x7f65ecfdd3a8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ecc4d188 Features sharing this resource:Cookie length: 12 1e 00 54 52 00 ad 07 80 07 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f65ecc4d188) Absolute Index: 4706 Time Stamp: 14 KEY - vlan:7 mac:0x5254001ead00 l3_if:0 gpn:3401 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1 MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0 SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0 DST_AD - si:0xc7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:1 ==============================================================
Descodificación siHandle de dirección MAC
Tome el siHandle (0x7f65ecfdd1f8) del comando anterior y úselo en el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <siHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ecfdd1f8 1 Handle:0x7f65ecfdd1f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ecfdd048Hardware Indices/Handles: index0:0xc7 mtu_index/l3u_ri_index0:0x0 index1:0xc7 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:58 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xc7] <-- Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) RI = 0x12 <-- Rewrite Index = Contains information for forwarding DI = 0x5012 <-- Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xc7] <-- Contains the Rewrite Index (RI) and Outgoing Interface Information (DI)
RI = 0x12 <-- Rewrite Index = Contains information for forwarding
DI = 0x5013 <-- Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD ==============================================================
Reescritura de decodificación de índice
Tome el RI (0x12) y use en el comando show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x12 0x12 ASIC#:0 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133) Src IP: 10.47.1.12 <-- Local RLOC Dst IP: 10.47.1.13 <-- Remote RLOC iVxlan dstMac: 0x5254:0x01c:0x7de0 iVxlan srcMac: 0x00:0x00:0x00 IPv4 TTL: 0 iid present: 1 lisp iid: 0 lisp flags: 0 dst Port: 4789 update only l3if: 0 is Sgt: 1 is TTL Prop: 0 L3if LE: 0 (0) Port LE: 0 (0) Vlan LE: 7 (0) ASIC#:1 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133) Src IP: 10.47.1.12 <-- Local RLOC Dst IP: 10.47.1.13 <-- Remote RLOC iVxlan dstMac: 0x5254:0x01c:0x7de0 iVxlan srcMac: 0x00:0x00:0x00 IPv4 TTL: 0 iid present: 1 lisp iid: 0 lisp flags: 0 dst Port: 4789 update only l3if: 0 is Sgt: 1 is TTL Prop: 0 L3if LE: 0 (0) Port LE: 0 (0) Vlan LE: 7 (0)
Destination-Index Decode
Tome el DI (0x5012) y utilícelo en el comando show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination index = 0x5012 DI_RCP_PORT1 <-- Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x1 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0 ASIC#1: Destination index = 0x5012 DI_RCP_PORT1 <-- Recirculation port for VXLAN imposition pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0
descodificación siHandle
Tome el siHandle (0x7f65ecfdd048) y úselo en el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <siHandle> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ecfdd048 1 Handle:0x7f65ecfdd048 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ecfdcd78Hardware Indices/Handles: index0:0x12 mtu_index/l3u_ri_index0:0x0 index1:0x12 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:58 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133) Src IP: 10.47.1.12 <-- Local RLOC Dst IP: 10.47.1.13 <-- Remote RLOC iVxlan dstMac: 0x610:0x00:0x00 iVxlan srcMac: 0x00:0x00:0x00 IPv4 TTL: 0 iid present: 1 lisp iid: 0 lisp flags: 0 dst Port: 4789 update only l3if: 0 is Sgt: 1 is TTL Prop: 0 L3if LE: 0 (0) Port LE: 279 (0) Vlan LE: 7 (0) Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133)
Src IP: 10.47.1.12 <-- Local RLOC
Dst IP: 10.47.1.13 <-- Remote RLOC iVxlan dstMac: 0x610:0x00:0x00 iVxlan srcMac: 0x00:0x00:0x00 IPv4 TTL: 0 iid present: 1 lisp iid: 0 lisp flags: 0 dst Port: 4789 update only l3if: 0 is Sgt: 1 is TTL Prop: 0 L3if LE: 0 (0) Port LE: 279 (0) Vlan LE: 7 (0) ==============================================================
Verificación de ruta subyacente
El tráfico se encapsula en VXLAN con ID 8190 usando 10.47.1.12 y tiene la capacidad de balancear la carga en Gig1/0/1 y G1/0/2
Edge-1#show ip route 10.47.1.13
Routing entry for 10.47.1.13/32
Known via "isis", distance 115, metric 30, type level-2
Redistributing via isis
Last update from 10.47.1.4 on GigabitEthernet1/0/2, 2d22h ago
Routing Descriptor Blocks:
10.47.1.4, from 10.47.1.13, 2d22h ago, via GigabitEthernet1/0/2
Route metric is 30, traffic share count is 1
* 10.47.1.0, from 10.47.1.13, 2d22h ago, via GigabitEthernet1/0/1
Route metric is 30, traffic share count is 1
Edge-1#show ip cef 10.47.1.13
10.47.1.13/32
nexthop 10.47.1.0 GigabitEthernet1/0/1
nexthop 10.47.1.4 GigabitEthernet1/0/2
Para obtener la información si_hdl, ri_hdl, utilice el comando show platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 225.0.0.0 GigabitEthernet1/0/1 0100.5e00.0000 0x7f65ec958128 0x7f65ec957e18 0x0 0xf80001a1 2023/09/19 17:57:41.399 10.47.1.10 LISP0.4100 4500.0000.0000 0x7f65ec895ed8 0x7f65ec895a68 0x60 0x5c 2023/09/19 17:58:16.545 225.0.0.0 GigabitEthernet1/0/2 0100.5e00.0000 0x7f65ec958f68 0x7f65ec95b2b8 0x0 0xf80001b1 2023/09/19 17:57:41.938 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 225.0.0.0 Null0 f800.0011.0000 0x7f65ec3740c8 0x0 0x0 0xf8000011 2023/09/19 17:57:29.404 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864
Decodificación si_hdl de próximo salto subyacente
Para verificar si_hdl (0x7f65ec8a5458) utilice el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] -----> Contains RI and DI information RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD -----> Local Data, indicating that this ASIC is directly connected to the adjacency interface Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- Station Index (SI) [0xbc] -----> Contains RI and DI information RI = 0x1a -----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency DI = 0x526d -----> Destination Index = Outgoing Interface stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD -----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core. ==============================================================
Decodificación de índice de reescritura de salto siguiente subyacente
Para decodificar el RI (0x1a), utilice el comando show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) -----> Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, -----> MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38
Decodificación del índice de destino de próximo salto subyacente
Para decodificar el ID (0x526d), use en show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526d 0x526d ASIC#0: Destination index = 0x526d pmap = 0x00000000 0x00000002 <-- Convert decimal 2 to binary, which is 0010. Count this binary right to left, zero-based, so Port 1. pmap_intf : [GigabitEthernet1/0/2] cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0 ASIC#1: Destination index = 0x526d pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0
Edge-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y <-- Port 1 lines up to G1/0/2 GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y GigabitEthernet1/0/4 0xc 0 0 0 3 0 4 3 4 4 NIF Y GigabitEthernet1/0/5 0xd 0 0 0 4 0 5 4 5 5 NIF Y GigabitEthernet1/0/6 0xe 0 0 0 5 0 6 5 6 6 NIF Y GigabitEthernet1/0/7 0xf 0 0 0 6 0 7 6 7 7 NIF Y GigabitEthernet1/0/8 0x10 0 0 0 7 0 8 7 8 8 NIF Y
Descodificación ri_hdl de próximo salto subyacente
Para descodificar ri_hdl (0x7f65ec8a4eb8), utilice en show platform hardware fed switch active fwd-asic abstraction print-resource-handle (ri_hdl) 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1 Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a mtu_index/l3u_ri_index0:0x0 index1:0x1a mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, <-- MAC address 5254.001c.7de0 for the next-hop adjacency L3IF LE Index 38 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)<-- Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, MAC Addr: MAC Addr: 52:54:00:1c:7d:e0,<-- MAC address 5254.001c.7de0 for the next-hop adjacency
L3IF LE Index 38 ==============================================================
Alcance básico de host en fabric SDA (diferentes VLAN/misma VPN)
En esta sección, se examina la comunicación entre 10.47.4.2 y 10.47.10.2. Como estos hosts pertenecen a diferentes VLAN, ambos necesitan tener default-gateway configurado que apunte a default gateway. Para 10.47.4.2 es 10.47.4.1 y 10.47.10.2 es 10.47.10.1.
Paso 1. Confirme que la conectividad entre el terminal y el gateway predeterminado funcione:
Edge-1#ping vrf red_vn 10.47.4.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 155/164/181 ms
Edge-2#ping vrf red_vn 10.47.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.47.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 41/46/62 ms
Paso 2. Confirme que el paquete de 10.47.4.2 sea recibido con éxito por Edge-1:
El paquete se puede capturar en la interfaz de ingreso orientada a 10.47.4.2:
Edge-1#monitor capture 1 interface g1/0/3 in match any Edge-1#mon cap 1 start Started capture point : 1 Edge-1#mon cap 1 stop Capture statistics collected at software: Capture duration - 12 seconds Packets received - 9 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected Capture buffer will exists till exported or cleared Stopped capture point : 1
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.000000 10.47.4.2 -> 10.47.10.2 ICMP 98 Echo (ping) request id=0x0041, seq=0/0, ttl=64 2 0.023447 10.47.4.2 -> 10.47.10.2 ICMP 98 Echo (ping) request id=0x0041, seq=0/0, ttl=64
Edge-1#show monitor capture 1 buffer detailed Starting the packet display ........ Press Ctrl + Shift + 6 to exit Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0 Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe) Interface name: /tmp/epc_ws/wif_to_ts_pipe Encapsulation type: Ethernet (1) Arrival Time: Oct 11, 2023 15:27:46.033825000 UTC [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1697038066.033825000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 98 bytes (784 bits) Capture Length: 98 bytes (784 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:data] Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) <-- SMAC and DMAC respectively Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9) Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x395e (14686) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: ICMP (1) Header checksum: 0xdee9 [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 10.47.10.2 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0x248a [correct] [Checksum Status: Good] Identifier (BE): 65 (0x0041) Identifier (LE): 16640 (0x4100) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) Data (56 bytes) 0000 2a 46 a8 ee 00 00 00 00 00 00 00 00 00 00 00 00 *F.............. 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 ........ Data: 2a46a8ee0000000000000000000000000000000000000000b^@& [Length: 56]
Paso 3: Búsqueda de LISP
El nodo de borde de ingreso debe determinar la ubicación (RLOC) del HOST-03 al que envía paquetes. Como en este caso el host final HOST-03 está en VLAN diferente (pero la misma VLAN / VRF: USUARIOS), se utiliza la instancia IPv4 de LISP ya que la búsqueda se basa en la dirección IP (la dirección MAC pertenece al propio nodo de borde).
Edge-1#debug lisp control-plane all
LISP[REMT ]-0: Map Request: Sending request for IID 4099 EID 10.47.10.2/32, requester 'remote EID prefix'. LISP[REMT ]-0: Map-Reply nonce matches pending request for IID 4099 EID 10.47.10.2/32, requester 'remote EID prefix'.
La solicitud de mapa LISP alcanza el límite 1 del nodo de control (servidor de mapa LISP):
Border-1#debug lisp control-plane all
LISP[TRNSP]-0: Processing received Map-Request(1) message on GigabitEthernet1/0/3 from 10.47.10.2:4342 to 10.47.10.2:4342.
LISP[MR ]-0: Received Map-Request with 1 records, first EID IID 4099 10.47.10.2/32, source EID 10.47.4.2, nonce 0x1CFAB931-0x8207CB93. LISP[MR ]-0 IID 4099 IPv4: MS EID 10.47.10.2/32: Sending proxy reply to 10.47.1.12.
LISP Map-Reply alcanza el nodo perimetral:
LISP[REMT ]-0: Processing Map-Reply mapping record for IID 4099 IPv4 10.47.10.2/32 LCAF 2, ttl 1440, action none, not authoritative, 1 locator. LISP[REMT ]-0: Processing mapping information for EID prefix IID 4099 10.47.10.2/32.
El Fabric Edge consulta el RLOC para 10.47.10.2 y procesa el mapa-respuesta
LISP[REMT ]-0: Map Request: Sending request for IID 4099 EID 10.47.10.2/32, requester 'remote EID RLOC'.
LISP[REMT ]-0: Processing Map-Reply mapping record for IID 4099 IPv4 10.47.10.2/32 LCAF 2, ttl 1440, action none, authoritative, 1 locator. LISP[REMT ]-0: Processing mapping information for EID prefix IID 4099 10.47.10.2/32.
En caso de que la entrada no exista, las depuraciones deben recopilarse desde la perspectiva del proceso LISP. También hay una herramienta, llamada LIG (LISP Grouper) que se puede utilizar para activar manualmente el proceso LISP (esta es una manera muy efectiva de probar la configuración redundante del nodo de control y la coherencia de la base de datos entre ambos nodos de control):
Edge-1#lig instance-id 4099 10.47.10.2 to 10.47.1.10 Mapping information for EID 10.47.10.2 from 10.47.1.10 with RTT 334 msecs 10.47.10.2/32, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt Encap-IID 10.47.1.13 00:00:00 up 10/10 -
Edge-1#lig instance-id 4099 10.47.10.2 to 10.47.1.11 Mapping information for EID 10.47.10.2 from 10.47.1.11 with RTT 327 msecs 10.47.10.2/32, uptime: 00:00:06, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt Encap-IID 10.47.1.13 00:00:06 up 10/10 -
Verificación de ruta
CEF utiliza LISP y LISP utiliza la entrada de la memoria caché de mapas que ha recibido
Edge-1#show ip cef vrf red_vn 10.47.10.2 10.47.10.2/32 nexthop 10.47.1.13 LISP0.4099
Edge-1#show ip route 10.47.1.13 Routing entry for 10.47.1.13/32 Known via "isis", distance 115, metric 30, type level-2 Redistributing via isis Last update from 10.47.1.4 on GigabitEthernet1/0/2, 3d19h ago Routing Descriptor Blocks: 10.47.1.4, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/2 Route metric is 30, traffic share count is 1 * 10.47.1.0, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/1 Route metric is 30, traffic share count is 1
Edge-1#show lisp instance-id 4099 ipv4 map-cache 10.47.10.2 LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries 10.47.10.2/32, uptime: 00:08:48, expires: 23:51:17, via map-reply, complete Sources: map-reply State: complete, last modified: 00:08:48, map-source: 10.47.1.11 Active, Packets out: 51(29376 bytes), counters are not accurate (~ 00:00:15 ago) Encapsulating dynamic-EID traffic Locator Uptime State Pri/Wgt Encap-IID 10.47.1.13 00:08:48 up 10/10 - Last up-down state change: 00:08:48, state change count: 1 Last route reachability change: 22:07:12, state change count: 1 Last priority / weight change: never/never RLOC-probing loc-status algorithm: Last RLOC-probe sent: 00:08:48 (rtt 931ms)
Verificación de Siguiente Salto de LISP
Dado que este paquete está encapsulado en VXLAN, debe verificarse el siguiente salto LISP. Utilice el comando show platform software fed switch active ip adj para obtener información adicional sobre 10.47.1.13, el salto siguiente LISP
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.10 LISP0.4100 4500.0000.0000 0x7f65ec895ed8 0x7f65ec895a68 0x60 0x5c 2023/09/19 17:58:16.545 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 10.47.4.2 Vlan1026 5254.0019.93e9 0x7f65ec7c21f8 0x7f65ec7c2498 0x0 0x1a 2023/09/19 23:59:34.081 10.47.1.13 LISP0.4099 4500.0000.0000 0x7f65ed00f668 0x7f65ed00fd58 0x60 0x20 2023/10/11 15:36:06.243
LISP Next-Hop si_hdl Decode
Tome el si_hdl (0x7f65ed00f668) y utilícelo en show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ed00f668 1 Handle:0x7f65ed00f668 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ed00fd58Hardware Indices/Handles: index0:0xc8 mtu_index/l3u_ri_index0:0x0 index1:0xc8 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0d ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xc8] <-- Contains the RI and DI RI = 0x2c <-- Rewrite Index contains information for L3 Forwarding DI = 0x5012 <-- Destination Index contains information for the destination port stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ----------------------------------------
Station Index (SI) [0xc8] <-- Contains the RI and DI
RI = 0x2c <-- Rewrite Index contains information for L3 Forwarding
DI = 0x5013 <-- Destination Index contains information for the destination port stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0xc rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD ==============================================================
Descodificación LISP de RI de próximo salto
Tome el RI (0x2c) y use en show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x2c 0x2c ASIC#:0 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, Src IP: 10.47.1.12 <-- Local RLOC Dst IP: 10.47.1.13 <-- RLOC of Edge-2 IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ASIC#:1 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38,
Src IP: 10.47.1.12 <-- Local RLOC
Dst IP: 10.47.1.13 <-- RLOC of Edge-2 IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46
Decodificación de ID de próximo salto LISP
Tome el DI (0x5012) y utilícelo en show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0:
Destination index = 0x5012 DI_RCP_PORT1 <-- Expected, this means the packet is recirculated for VXLAN imposition
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x1
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
ASIC#1:
Destination index = 0x5012 DI_RCP_PORT1 <-- Expected, this means the packet is recirculated for VXLAN imposition
pmap = 0x00000000 0x00000000
cmi = 0x0
rcp_pmap = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0 = 0
ctiLo1 = 0
ctiLo2 = 0
cpuQNum0 = 0
cpuQNum1 = 0
cpuQNum2 = 0
npuIndex = 0
stripSeg = 0
copySeg = 0
LISP Next-Hop ri_hdl Decode
Tome el ri_hdl (0x7f65ed00fd58) y utilícelo en el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ed00fd58 1 Handle:0x7f65ed00fd58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ed00b618Hardware Indices/Handles: index0:0x2c mtu_index/l3u_ri_index0:0x0 index1:0x2c mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0d ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38, Src IP: 10.47.1.12 <-- Local RLOC Dst IP: 10.47.1.13 <-- Edge-2 RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123) Dst Mac: MAC Addr: ba:25:cd:f4:ad:38,
Src IP: 10.47.1.12 <-- Local RLOC
Dst IP: 10.47.1.13 <-- Edge-2 RLOC IPv4 TTL: 0 LISP INSTANCEID: 0 L3IF LE Index: 46 ==============================================================
Verificación de próximo salto subyacente
Para llegar al Siguiente Salto de LISP, hay dos trayectorias posibles en la capa subyacente, la verificación ocurre para una, la misma lógica se aplica en la verificación del otro salto siguiente de la capa subyacente.
Edge-1#show ip route 10.47.1.13
Routing entry for 10.47.1.13/32
Known via "isis", distance 115, metric 30, type level-2
Redistributing via isis
Last update from 10.47.1.4 on GigabitEthernet1/0/2, 3d19h ago
Routing Descriptor Blocks:
10.47.1.4, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/2
Route metric is 30, traffic share count is 1
* 10.47.1.0, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/1
Route metric is 30, traffic share count is 1
Para obtener más información sobre los saltos siguientes, utilice show platform software fed switch active ip adj
Edge-1#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.1.4 GigabitEthernet1/0/2 5254.001c.7de0 0x7f65ec8a5458 0x7f65ec8a4eb8 0x0 0x4c 2023/09/19 17:58:02.150 10.47.1.0 GigabitEthernet1/0/1 5254.000a.42f3 0x7f65ec8b8468 0x7f65ec8b8158 0x0 0x55 2023/09/19 17:58:08.864 <snip>
Decodificación si_hdl de próximo salto subyacente
Tome el si_hdl (0x7f65ec8a5458) y utilícelo en el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1 Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc mtu_index/l3u_ri_index0:0x0 index1:0xbc mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xbc] <-- Contains the RI and DI RI = 0x1a <-- Rewrite index contains information for L3 Forwarding DI = 0x526d <-- Destination index contains information for the destination port stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ----------------------------------------
Station Index (SI) [0xbc] <-- Contains the RI and DI
RI = 0x1a <-- Rewrite index contains information for L3 Forwarding
DI = 0x526d <-- Destination index contains information for the destination port stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: CD ==============================================================
Descodificación RI de próximo salto subyacente
Tome el RI (0x1a) y use en el comando show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, <-- MAC Address 5254.001c.7de0 corresponds to the next-hop L3IF LE Index 38 ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)<-- Decimal 26 is hex 0x1a MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, <-- MAC Address 5254.001c.7de0 corresponds to the next-hop L3IF LE Index 38
Decodificación de Next Hop DI subyacente
Tome el DI (0x526d) y utilícelo en el comando show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526d 0x526d ASIC#0: Destination index = 0x526d pmap = 0x00000000 0x00000002 <-- Take decimal 2 and convert to binary, so 0010, and then count this binary right to left zero-based, so Port 1 pmap_intf : [GigabitEthernet1/0/2] cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0 ASIC#1: Destination index = 0x526d pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0
Edge-1#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y <-- Port 1 maps to Gig1/0/2 GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y GigabitEthernet1/0/4 0xc 0 0 0 3 0 4 3 4 4 NIF Y GigabitEthernet1/0/5 0xd 0 0 0 4 0 5 4 5 5 NIF Y GigabitEthernet1/0/6 0xe 0 0 0 5 0 6 5 6 6 NIF Y GigabitEthernet1/0/7 0xf 0 0 0 6 0 7 6 7 7 NIF Y GigabitEthernet1/0/8 0x10 0 0 0 7 0 8 7 8 8 NIF Y
Descodificación ri_hdl de próximo salto subyacente
Tome el ri_hdl (0x7f65ec8b8158) y utilícelo en el comando show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 1
Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8b8158 1 Handle:0x7f65ec8b8158 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f65ec7a6338Hardware Indices/Handles: index0:0x1b mtu_index/l3u_ri_index0:0x0 index1:0x1b mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 0a 42 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:0a:42:f3, L3IF LE Index 37 Detailed Resource Information (ASIC_INSTANCE# 1) ---------------------------------------- ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) MAC Addr: MAC Addr: 52:54:00:0a:42:f3, L3IF LE Index 37 ==============================================================
Los paquetes se encapsulan en VXLAN y se envían en función de las reglas de equilibrio de carga. La captura de paquetes integrada (EPC) se puede utilizar para capturar el tráfico en todas las interfaces al mismo tiempo. Recuerde que en este momento el paquete está encapsulado en VXLAN, el filtro EPC debe estar en contra de RLOC a RLOC, no en contra de las direcciones IPv4 internas.
Edge-1#monitor capture 1 interface range g1/0/1-2 out match ipv4 host 10.47.1.12 host 10.47.1.13 Edge-1#monitor capture 1 start Started capture point : 1 Edge-1# Edge-1#monitor capture 1 stop Capture statistics collected at software: Capture duration - 18 seconds Packets received - 4 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected Capture buffer will exists till exported or cleared Stopped capture point : 1
Edge-1#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.000000 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0046, seq=0/0, ttl=63 2 0.980849 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0046, seq=1/256, ttl=63 3 1.984077 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0046, seq=2/512, ttl=63 4 2.999989 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0046, seq=3/768, ttl=63
Edge-1#show monitor capture 1 buffer detailed Starting the packet display ........ Press Ctrl + Shift + 6 to exit Frame 1: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0 Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe) Interface name: /tmp/epc_ws/wif_to_ts_pipe Encapsulation type: Ethernet (1) Arrival Time: Oct 11, 2023 16:50:52.262553000 UTC [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1697043052.262553000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 148 bytes (1184 bits) Capture Length: 148 bytes (1184 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:icmp:data] Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) <-- EPC does not capture L3 rewrite on egress properly, this is OK Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.13 <-- RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x1d6f (7535) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0x0682 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.13 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 <-- LISP L3 IID Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) <-- Dummy Ethernet header for VXLAN Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2 <-- True IPv4 addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x92f6 (37622) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0x8651 [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 10.47.10.2 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0xa383 [correct] [Checksum Status: Good] Identifier (BE): 70 (0x0046) Identifier (LE): 17920 (0x4600) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) Data (56 bytes) 0000 78 1e dc 17 00 00 00 00 00 00 00 00 00 00 00 00 x............... 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 ........ Data: 781edc170000000000000000000000000000000000000000b^@& [Length: 56]
El paquete VXLAN encapsulado alcanza el Edge-2:
Edge-2#monitor capture 1 interface range g1/0/1-2 in match ipv4 host 10.47.1.12 host 10.47.1.13 Edge-2#monitor capture 1 start Started capture point : 1 Edge-2#monitor capture 1 stop Capture statistics collected at software: Capture duration - 7 seconds Packets received - 6 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected Capture buffer will exists till exported or cleared Stopped capture point : 1
Edge-2#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.000000 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0047, seq=0/0, ttl=63 2 0.007826 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0047, seq=0/0, ttl=63 3 0.086345 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0047, seq=1/256, ttl=63 4 0.097490 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0047, seq=1/256, ttl=63 5 1.150969 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0047, seq=2/512, ttl=63 6 1.163817 10.47.4.2 -> 10.47.10.2 ICMP 148 Echo (ping) request id=0x0047, seq=2/512, ttl=63
Edge-2#show monitor capture 1 buffer detailed Starting the packet display ........ Press Ctrl + Shift + 6 to exit Frame 1: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0 Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe) Interface name: /tmp/epc_ws/wif_to_ts_pipe Encapsulation type: Ethernet (1) Arrival Time: Oct 11, 2023 16:58:12.702159000 UTC [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1697043492.702159000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 148 bytes (1184 bits) Capture Length: 148 bytes (1184 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:icmp:data] Ethernet II, Src: 52:54:00:0a:42:11 (52:54:00:0a:42:11), Dst: 52:54:00:17:fe:65 (52:54:00:17:fe:65) <-- True MAC addresses post L3 rewrite Destination: 52:54:00:17:fe:65 (52:54:00:17:fe:65) Address: 52:54:00:17:fe:65 (52:54:00:17:fe:65) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 52:54:00:0a:42:11 (52:54:00:0a:42:11) Address: 52:54:00:0a:42:11 (52:54:00:0a:42:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.13 <-- RLOC to RLOC 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 134 Identification: 0x1d7b (7547) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 62 Protocol: UDP (17) Header checksum: 0x0876 [validation disabled] [Header checksum status: Unverified] Source: 10.47.1.12 Destination: 10.47.1.13 User Datagram Protocol, Src Port: 65354, Dst Port: 4789 Source Port: 65354 Destination Port: 4789 Length: 114 [Checksum: [missing]] [Checksum Status: Not present] [Stream index: 0] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): 0x0000 Group Policy ID: 0 VXLAN Network Identifier (VNI): 4099 <-- LISP L3 IID Reserved: 0 Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) <-- Dummy Ethernet header for VXLAN Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x1abb (6843) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: ICMP (1) Header checksum: 0xfe8c [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 10.47.10.2 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0x044f [correct] [Checksum Status: Good] Identifier (BE): 71 (0x0047) Identifier (LE): 18176 (0x4700) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) Data (56 bytes) 0000 e8 37 0b 32 00 00 00 00 00 00 00 00 00 00 00 00 .7.2............ 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 ........ Data: e8370b320000000000000000000000000000000000000000b^@& [Length: 56]
Edge-2 desencapsula el encabezado VXLAN y consulta su tabla ARP para reenviar la solicitud ICMP hacia 10.47.10.2
Edge-2#show ip cef vrf red_vn 10.47.10.2 10.47.10.2/32 nexthop 10.47.10.2 Vlan1028
Edge-2#show platform software fed switch active ip adj IPV4 Adj entries dest if_name dst_mac si_hdl ri_hdl pd_flags adj_id Last-modified ---- ------- ------- ------ ------ -------- ------ ------------- 10.47.10.2 Vlan1028 5254.0002.cbf5 0x7f5744f89988 0x7f5744f8afa8 0x0 0x26 2023/10/09 18:57:59.026
<snip>
Descodificación si_hdl de terminal
Tome el si_hdl (0x7f5744f89988) y úselo en show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1
Edge-2#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f5744f89988 1 Handle:0x7f5744f89988 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2 priv_ri/priv_si Handle: 0x7f5744f8afa8Hardware Indices/Handles: index0:0xc8 mtu_index/l3u_ri_index0:0x0 index1:0xc8 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:66 (1)] 57 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 04 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 02 cb f5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC_INSTANCE# 0) ---------------------------------------- Station Index (SI) [0xc8] <-- Station Index contains RI and DI RI = 0x2c <-- Rewrite Index contains information for L2 Forwarding DI = 0x526e <-- Rewrite Index contains destination port information stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: LD Detailed Resource Information (ASIC_INSTANCE# 1) ----------------------------------------
Station Index (SI) [0xc8] <-- Station Index contains RI and DI
RI = 0x2c <-- Rewrite Index contains information for L2 Forwarding
DI = 0x526e <-- Rewrite Index contains destination port information stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0x1 Replication Bitmap: CD ==============================================================
Descodificación de RI de terminales
Tome el RI (0x2c) y use en el comando show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>
Edge-2#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x2c 0x2c ASIC#:0 RI:44 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 44 is hex 0x2c MAC Addr: MAC Addr: 52:54:00:02:cb:f5, <-- MAC Address 5254.0002.cbf5 is 10.47.10.2 L3IF LE Index 50 ASIC#:1 RI:44 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 44 is hex 0x2c MAC Addr: MAC Addr: 52:54:00:02:cb:f5,<-- MAC Address 5254.0002.cbf5 is 10.47.10.2 L3IF LE Index 50
Decodificación de ID de terminal
Tome el DI (0x526e) y utilícelo en show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>
Edge-2#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e ASIC#0: Destination index = 0x526e pmap = 0x00000000 0x00000010 <-- Convert 10 into binary, 0001 and 0000, so 00010000, and count from right to left, zero-based, so Port 4 pmap_intf : [GigabitEthernet1/0/5] cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0 ASIC#1: Destination index = 0x526e pmap = 0x00000000 0x00000000 cmi = 0x0 rcp_pmap = 0x0 al_rsc_cmi CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0
Edge-2#show platform software fed switch active ifm mappings Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active GigabitEthernet1/0/1 0x1a 0 0 0 0 0 1 0 1 1 NIF Y GigabitEthernet1/0/2 0x1b 0 0 0 1 0 2 1 2 2 NIF Y GigabitEthernet1/0/3 0xb 0 0 0 2 0 3 2 3 3 NIF Y GigabitEthernet1/0/4 0xc 0 0 0 3 0 4 3 4 4 NIF Y GigabitEthernet1/0/5 0xd 0 0 0 4 0 5 4 5 5 NIF Y <-- Port 4 corresponds to Gig1/0/5 GigabitEthernet1/0/6 0xe 0 0 0 5 0 6 5 6 6 NIF Y GigabitEthernet1/0/7 0xf 0 0 0 6 0 7 6 7 7 NIF Y GigabitEthernet1/0/8 0x10 0 0 0 7 0 8 7 8 8 NIF Y
Edge-2 desencapsula el paquete y lo envía hacia la interfaz de egreso a la que HOST-03 está conectado:
Edge-2#monitor capture 1 interface g1/0/5 out match ipv4 host 10.47.4.2 host 10.47.10.2 Edge-2#monitor capture 1 start Started capture point : 1 Edge-2#monitor capture 1 stop Capture statistics collected at software: Capture duration - 6 seconds Packets received - 3 Packets dropped - 0 Packets oversized - 0 Number of Bytes dropped at asic not collected Capture buffer will exists till exported or cleared Stopped capture point : 1
Edge-2#show monitor capture 1 buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.000000 10.47.4.2 -> 10.47.10.2 ICMP 106 Echo (ping) request id=0x0048, seq=0/0, ttl=62 2 0.984985 10.47.4.2 -> 10.47.10.2 ICMP 106 Echo (ping) request id=0x0048, seq=1/256, ttl=62 3 1.985357 10.47.4.2 -> 10.47.10.2 ICMP 106 Echo (ping) request id=0x0048, seq=2/512, ttl=62
Edge-2#show monitor capture 1 buffer detailed Starting the packet display ........ Press Ctrl + Shift + 6 to exit Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0 Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe) Interface name: /tmp/epc_ws/wif_to_ts_pipe Encapsulation type: Ethernet (1) Arrival Time: Oct 11, 2023 17:22:20.730331000 UTC [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1697044940.730331000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 106 bytes (848 bits) Capture Length: 106 bytes (848 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:cmd:ethertype:ip:icmp:data] Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) <-- Dummy Ethernet header, EPC does not capture it properly Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: 00:00:00:00:61:00 (00:00:00:00:61:00) Address: 00:00:00:00:61:00 (00:00:00:00:61:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: CiscoMetaData (0x8909) Cisco MetaData Version: 1 Length: 1 Options: 0x0001 SGT: 0 Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2 <-- True IP addresses 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 84 Identification: 0x35e4 (13796) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 62 Protocol: ICMP (1) Header checksum: 0xe463 [validation disabled] [Header checksum status: Unverified] Source: 10.47.4.2 Destination: 10.47.10.2 Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0x2693 [correct] [Checksum Status: Good] Identifier (BE): 72 (0x0048) Identifier (LE): 18432 (0x4800) Sequence number (BE): 0 (0x0000) Sequence number (LE): 0 (0x0000) Data (56 bytes) 0000 69 9c 67 88 00 00 00 00 00 00 00 00 00 00 00 00 i.g............. 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 ........ Data: 699c67880000000000000000000000000000000000000000b^@& [Length: 56]
Historial de revisiones
| Revisión | Fecha de publicación | Comentarios |
|---|---|---|
1.0 |
12-Oct-2023 |
Versión inicial |
ComentariosContacte a Cisco
- Abrir un caso de soporte
- (Requiere un Cisco Service Contract)