SDA Forwarding East-West 트래픽 흐름 문제 해결

다운로드 옵션

PDF (432.3 KB)
다양한 디바이스에서 Adobe Reader로 보기
ePub (123.9 KB)
iPhone, iPad, Android, Sony Reader 또는 Windows Phone의 다양한 앱에서 보기
Mobi (Kindle) (197.3 KB)
Kindle 디바이스에서 보기 또는 다양한 디바이스의 Kindle 앱에서 보기

업데이트:2023년 10월 11일

문서 ID:215923

편견 없는 언어

본 제품에 대한 문서 세트는 편견 없는 언어를 사용하기 위해 노력합니다. 본 설명서 세트의 목적상, 편견 없는 언어는 나이, 장애, 성별, 인종 정체성, 민족 정체성, 성적 지향성, 사회 경제적 지위 및 교차성에 기초한 차별을 의미하지 않는 언어로 정의됩니다. 제품 소프트웨어의 사용자 인터페이스에서 하드코딩된 언어, RFP 설명서에 기초한 언어 또는 참조된 서드파티 제품에서 사용하는 언어로 인해 설명서에 예외가 있을 수 있습니다. 시스코에서 어떤 방식으로 포용적인 언어를 사용하고 있는지 자세히 알아보세요.

이 번역에 관하여

Cisco는 전 세계 사용자에게 다양한 언어로 지원 콘텐츠를 제공하기 위해 기계 번역 기술과 수작업 번역을 병행하여 이 문서를 번역했습니다. 아무리 품질이 높은 기계 번역이라도 전문 번역가의 번역 결과물만큼 정확하지는 않습니다. Cisco Systems, Inc.는 이 같은 번역에 대해 어떠한 책임도 지지 않으며 항상 원본 영문 문서(링크 제공됨)를 참조할 것을 권장합니다.

소개

이 문서에서는 SDA(Software Defined Access)의 일부로 East-West 트래픽 흐름을 검증하는 방법에 대해 설명합니다.

사전 요구 사항

요구 사항

다음 주제에 대한 지식을 보유하고 있으면 유용합니다.

IP(인터넷 프로토콜) 포워딩
LISP(Locator/ID Separation Protocol)

사용되는 구성 요소

이 문서의 정보는 다음 소프트웨어 및 하드웨어 버전을 기반으로 합니다.

Cisco IOS® XE 17.10.1의 C9000v
SDA 1.0(LISP PubSub 아님)

이 문서의 정보는 특정 랩 환경의 디바이스를 토대로 작성되었습니다. 이 문서에 사용된 모든 디바이스는 초기화된(기본) 컨피그레이션으로 시작되었습니다. 현재 네트워크가 작동 중인 경우 모든 명령의 잠재적인 영향을 미리 숙지하시기 바랍니다.

배경 정보

SDA East-West Traffic Flow는 SDA 패브릭 내의 엔드포인트가 동일한 패브릭 내의 다른 엔드포인트와 통신하려는 개념을 의미합니다. 동서 간 흐름으로 간주되지 않는 것이 무엇인지에 대해서는 주의할 점이 있다. East-West 트래픽 흐름의 예는 다음과 같습니다.

동일한 서브넷(172.19.10.3과 통신하는 172.17.10.2)에 있는 엔드포인트는 L2LISP 확장으로 간주됩니다
동일한 VRF(VN)(172.19.10.2, 172.19.11.2와 통신하며 둘 다 VRF 캠퍼스에 있음)에 있는 엔드포인트는 L3 LISP로 간주됩니다
L2 핸드오프 경계에 연결된 호스트와 통신하는 패브릭 내에 있는 엔드포인트이며, L2LISP와 정확히 동일합니다.

East-West 트래픽 흐름은 다음 예를 참조하지 않습니다.

트래픽은 SDA 패브릭에서 패브릭 외부, 즉 North-South로 시작됨
Inter-VRF 라우팅은 East-West로도 간주되지 않습니다(VRF 캠퍼스의 엔드포인트, IP 주소 172.19.10.2, VRF 게스트의 엔드포인트와 통신하는 엔드포인트, IP 주소 172.19.11.2).
SD-WAN 통합 도메인
SDA 트랜짓
테두리 선호도
엑스트라넷

참고: 플랫폼(fed) 명령은 다를 수 있습니다. 명령은 "show platform fed <active|standby>"와 "show platform fed switch <active|standby>"가 될 수 있습니다. 예제에 나와 있는 구문이 구문 분석되지 않으면 variant를 사용해 보십시오.

토폴로지

Topology Diagram

이 예의 목적상 C9000v 스위치는 패브릭 에지 및 배치된 경계로 작동합니다. 모든 엔드포인트는 동일한 VN(Virtual Network), red_vn 내에 있습니다. 10.47.4.2 및 10.47.4.2의 엔드포인트는 동일한 서브넷에 있으며, 10.47.10.2의 엔드포인트는 다른 서브넷에 있지만 동일한 VN에 있습니다.

설정

CIsco DNA-Center가 기본 설정으로 SDA 패브릭을 프로비저닝하는 데 사용된다고 가정합니다.

레이어 2 확장이 활성화됩니다(IP 주소 조회가 아닌 MAC 주소 조회를 기반으로 트래픽을 강제 전달함).
레이어 2 플러딩이 비활성화됩니다(이를 통해 에지 디바이스에서 ARP 억제 및 LISP 지원 ARP 학습이 가능함).

적절한 호스트 온보딩 프로세스가 끝나면 인터페이스 컨피그레이션에는 다음과 같은 여러 섹션이 포함됩니다.

패브릭 에지(10.47.1.12) 인터페이스 구성:

interface GigabitEthernet1/0/3
 switchport access vlan 1026
 switchport mode access
 device-tracking attach-policy IPDT_POLICY
 spanning-tree portfast
 spanning-tree bpduguard enable
end

interface Vlan1026
 description Configured from Cisco DNA-Center
 mac-address 0000.0c9f.f341
 vrf forwarding red_vn
 ip address 10.47.4.1 255.255.255.0
 ip helper-address 10.47.9.9
 no ip redirects
 ip route-cache same-interface
 no lisp mobility liveness test
 lisp mobility red-IPV4
end

패브릭 에지(10.47.1.12) LISP 구성:

router lisp
 locator-table default
 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f
  IPv4-interface Loopback0 priority 10 weight 10
  exit-locator-set 
!
instance-id 4099
  remote-rloc-probe on-route-change
  dynamic-eid red-IPV4
   database-mapping 10.47.4.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f
   exit-dynamic-eid
  !
  dynamic-eid red-helpdesk-IPV4
   database-mapping 10.47.10.0/24 locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf red_vn
   map-cache 0.0.0.0/0 map-request
   sgt distribution
   sgt
   exit-service-ipv4
  !
  exit-instance-id
!
 !
 instance-id 8190
  remote-rloc-probe on-route-change
  service ethernet
   eid-table vlan 1026
   database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f
   dynamic-eid detection multiple-addr bridged-vm
   exit-service-ethernet
  !
  exit-instance-id
 !
 instance-id 8192
  remote-rloc-probe on-route-change
  service ethernet
   eid-table vlan 1028
   database-mapping mac locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f
   dynamic-eid detection multiple-addr bridged-vm
   exit-service-ethernet
  !
  exit-instance-id

패브릭 에지(10.47.1.13) 인터페이스 구성:

interface GigabitEthernet1/0/3
 switchport access vlan 1026
 switchport mode access
 device-tracking attach-policy IPDT_POLICY
 spanning-tree portfast
 spanning-tree bpduguard enable
end
!
interface GigabitEthernet1/0/5
 switchport access vlan 1028
 switchport mode access
 device-tracking attach-policy IPDT_POLICY
 spanning-tree portfast
 spanning-tree bpduguard enable
end
!
interface Vlan1026
 description Configured from Cisco DNA-Center
 mac-address 0000.0c9f.f341
 vrf forwarding red_vn
 ip address 10.47.4.1 255.255.255.0
 ip helper-address 10.47.9.9
 no ip redirects
 ip route-cache same-interface
 no lisp mobility liveness test
 lisp mobility red-IPV4
end
!
interface Vlan1028
 description Configured from Cisco DNA-Center
 mac-address 0000.0c9f.f800
 vrf forwarding red_vn
 ip address 10.47.10.1 255.255.255.0
 ip helper-address 10.47.9.9
 no ip redirects
 ip route-cache same-interface
 no lisp mobility liveness test
 lisp mobility red-helpdesk-IPV4
end

패브릭 에지(10.47.1.13) LISP 구성

router lisp
 locator-table default
 locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51
  IPv4-interface Loopback0 priority 10 weight 10
  exit-locator-set
 !
 instance-id 4099
  remote-rloc-probe on-route-change
  dynamic-eid red-IPV4
   database-mapping 10.47.4.0/24 locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51
   exit-dynamic-eid
  !
  dynamic-eid red-helpdesk-IPV4
   database-mapping 10.47.10.0/24 locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf red_vn
   map-cache 0.0.0.0/0 map-request
   sgt distribution
   sgt
   exit-service-ipv4
  !
  exit-instance-id
!
 instance-id 8190
  remote-rloc-probe on-route-change
  service ethernet
   eid-table vlan 1026
   database-mapping mac locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51
   dynamic-eid detection multiple-addr bridged-vm
   exit-service-ethernet
  !
  exit-instance-id
 !
 instance-id 8192
  remote-rloc-probe on-route-change
  service ethernet
   eid-table vlan 1028
   database-mapping mac locator-set rloc_691b1fe4-5264-44c2-bb1b-0903b3eb2c51
   dynamic-eid detection multiple-addr bridged-vm
   exit-service-ethernet
  !
  exit-instance-id

호스트 온보딩 확인

호스트 온보딩 프로세스의 일부로 다음과 같은 몇 가지 구조가 생성됩니다.

IPDT/IP 장치 추적 항목

호스트 온보딩에 성공하면 IPDT(IP Device Tracking) 테이블에 유효한 항목이 있으며 엔드 호스트가 REACHABLE로 표시됩니다.

Edge-1#show device-tracking database interface g1/0/3
portDB has 2 entries for interface Gi1/0/3, 2 dynamic 
Codes: L - Local, S - Static, ND - Neighbor Discovery, ARP - Address Resolution Protocol, DH4 - IPv4 DHCP, DH6 - IPv6 DHCP, PKT - Other Packet, API - API created
Preflevel flags (prlvl):
0001:MAC and LLA match     0002:Orig trunk            0004:Orig access           
0008:Orig trusted trunk    0010:Orig trusted access   0020:DHCP assigned         
0040:Cga authenticated     0080:Cert authenticated    0100:Statically assigned   


    Network Layer Address                    Link Layer Address     Interface  vlan       prlvl      age        state      Time left       
DH4 10.47.4.2                                5254.0019.93e9         Gi1/0/3    1026       0024       3mn        REACHABLE  28 s try 0(15198 s)

MAC/ARP 항목

엔드 호스트가 성공적으로 온보딩되면 기본 게이트웨이를 ping할 수 있습니다(또는 이 통신을 차단하는 엔드포인트에 방화벽이 설치되어 있지 않은 경우 기본 게이트웨이에서 ping할 수 있음).

Edge-1#ping vrf red_vn 10.47.4.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 142/150/161 ms

에지 노드에는 MAC 주소 및 테이블의 해당 ARP 항목(VRF)이 있습니다.

Edge-1#show mac address-table interface g1/0/3
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1026    5254.0019.93e9    DYNAMIC     Gi1/0/3
Total Mac Addresses for this criterion: 1

Edge-1#show ip arp vrf red_vn
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.47.4.1               -   0000.0c9f.f341  ARPA   Vlan1026
Internet  10.47.4.2               1   5254.0019.93e9  ARPA   Vlan1026
Internet  10.47.10.1              -   0000.0c9f.f800  ARPA   Vlan1028

소프트웨어 FED MAC 주소 프로그래밍**

FED에서 MAC 주소를 확인하려면 show platform software fed switch active matm macTable vlan <vlan id> mac <mac address> 명령을 사용합니다

Edge-1#show platform software fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
VLAN   MAC                  Type  Seq#    EC_Bi  Flags  machandle           siHandle            riHandle            diHandle              *a_time  *e_time  ports                                                         Con   
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026   5254.0019.93e9        0x1       9      0      0  0x7f65ec7bda68      0x7f65ec7c21f8      0x0                 0x7f65ec6e1368            300        7  GigabitEthernet1/0/3                                          Yes   

======platform hardware details ======

Asic: 0 
 htm-handle = 0x7f65ec95dc68 MVID = 7 gpn = 1 
 SI = 0xc3 RI = 0x25 DI = 0x526e 
 DI = 0x526e pmap = 0x00000000 0x00000004 pmap_intf : [GigabitEthernet1/0/3]

Asic: 1 
 SI = 0xc3 RI = 0x25 DI = 0x526e 
 DI = 0x526e pmap = 0x00000000 0x00000000

**MAC 주소 macHandle 프로그래밍**

이전 명령의 macHandle 값(0x7f65ec7bda68)을 가져와 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <macHandle> 1에 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7bda68 1
Handle:0x7f65ec7bda68 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2 Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ec95dc68
Features sharing this resource:Cookie length: 12
19 00 54 52 e9 93 07 80 07 00 00 00 

Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1

Entry 0: (handle 0x7f65ec95dc68)

Absolute Index: 6778 
Time Stamp: 4 
KEY - vlan:7 mac:0x5254001993e9 l3_if:0 gpn:3 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xb7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:0
==============================================================

**MVID 확인**

이전 출력의 숫자 7은 하드웨어의 MVID(Mapped VLAN ID)입니다. "실제" VLAN과 일치하는지 확인하려면 show platform software fed switch active vlan <vlan number>를 사용합니다

Edge-1#show platform software fed switch active vlan 1026
VLAN Fed Information

Vlan Id  IF Id                LE Handle            STP Handle           L3 IF Handle         SVI IF ID            MVID   
-----------------------------------------------------------------------------------------------------------------------
1026     0x0000000000420011   0x00007f65ec6a08b8   0x00007f65ec6a1138   0x00007f65ec77e838   0x000000000000001d   7

**GPN(Global Port Number) 확인**

GPN을 "실제" 인터페이스와 연계하려면 show platform software fed switch active ifm mappings gpn 명령을 사용합니다

Edge-1#show platform software fed switch active ifm mappings gpn
Mappings Table

GPN         Interface                         IF_ID               IF_TYPE                           
--------------------------------------------------------------------------------------------------
1           GigabitEthernet1/0/1              0x0000001a          ETHER                             
2           GigabitEthernet1/0/2              0x0000001b          ETHER                             
3           GigabitEthernet1/0/3              0x0000000b          ETHER <-- GPN 3 lines up with the expected Egress interface

**MAC 주소 siHandle 프로그래밍**

이전 명령의 siHandle 값(0x7f65ec7c21f8)을 가져와 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_handle> 1에 활용합니다.

 Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec7c21f8 1
Handle:0x7f65ec7c21f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f65ec7c2498Hardware Indices/Handles: index0:0xc3  mtu_index/l3u_ri_index0:0x0  index1:0xc3  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 19 93 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------


Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI) RI = 0x25 <-- Rewrite Index contains the forwarding information DI = 0x526e <-- Destination Index contains information related to the outgoing interface 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD <-- Local Data (LD) indicates that the destination is on this ASIC 

Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------


Station Index (SI) [0xc3] <-- Station Index is comprised of the Rewrite Index (RI) and Destination Index (DI) RI = 0x25 <-- Rewrite Index contains the forwarding information DI = 0x526e <-- Destination Index contains information related to the outgoing interface 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD <-- Core Data (CD) indicates that the destination is on the same ASIC, different core ==============================================================

**MAC 주소 다시 쓰기 인덱스 확인**

이전 명령의 RI 값(0x25)을 가져와 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>에 활용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x25 0x25 
ASIC#:0 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
 MAC Addr: MAC Addr: 52:54:00:19:93:e9,
 L3IF LE Index 41


ASIC#:0 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
 MAC Addr: MAC Addr: 01:00:5e:00:00:00,
 L3IF LE Index 40


ASIC#:0 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
 MAC Addr: MAC Addr: 52:54:00:00:50:17,
 L3IF LE Index 40


ASIC#:1 RI:37 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
 MAC Addr: MAC Addr: 52:54:00:19:93:e9,
 L3IF LE Index 41


ASIC#:1 RI:38 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
 MAC Addr: MAC Addr: 01:00:5e:00:00:00,
 L3IF LE Index 40


ASIC#:1 RI:39 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
 MAC Addr: MAC Addr: 52:54:00:00:50:17,
 L3IF LE Index 40

**MAC 주소 대상 인덱스 확인**

이전 명령의 DI 값(0x526e)을 가져와 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>에서 활용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:


Destination index   = 0x526e 
pmap = 0x00000000 0x00000004 <-- Convert decimal 4 to binary, which is 0100. Count this binary right to left, zero-based, so Port 2. pmap_intf : [GigabitEthernet1/0/3]
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0
ASIC#1:


Destination index   = 0x526e 
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0

**포트 확인**

이전에 확인한 포트의 상관관계를 분석하려면 commandshow platform software fed switch active ifm 매핑을 사용하고 Port 열을 확인합니다.

Edge-1#show platform software fed switch active ifm mappings
------------------ show platform software fed switch active ifm mappings  ------------------
Interface                 IF_ID    Inst Asic Core Port SubPort Mac  Cntx LPN  GPN  Type Active
GigabitEthernet1/0/1      0x1a       0   0   0    0      0      1    0    1    1    NIF  Y
GigabitEthernet1/0/2      0x1b       0   0   0    1      0      2    1    2    2    NIF  Y
GigabitEthernet1/0/3      0xb        0   0   0    2      0      3    2    3    3    NIF  Y <-- Matches port 2 from previous output

**하드웨어 FED MAC 주소 확인**

작업/이상적인 시나리오의 이 출력은 macHandle 디코딩이 제공한 것과 일치합니다.

Edge-1#show platform hardware fed switch active matm macTable vlan 1026 mac 5254.0019.93e9
HEAD: MAC address 5254.0019.93e9 in VLAN 1026
KEY: vlan 7, mac 0x5254001993e9, l3_if 0, gpn 3, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0, learning_peerid 0, learning_peerid_valid 0
MASK: vlan 0, mac 0x0, l3_if 0, gpn 0, epoch 0, static 0, flood_en 0, vlan_lead_wless_flood_en 0, client_home_asic 0 learning_peerid 0, learning_peerid_valid 0
SRC_AD: need_to_learn 0, lrn_v 0, catchall 0, static_mac 0, chain_ptr_v 0, chain_ptr 0, static_entry_v 0, auth_state 0, auth_mode 0, traf_mode 0, is_src_ce 0
DST_AD: si 0xb7, bridge 0, replicate 0, blk_fwd_o 0, v4_mac 0, v6_mac 0, catchall 0, ign_src_lrn 0, port_mask_o 0, afd_cli_f 0, afd_lbl 0, priority 3, dest_mod_idx 0, destined_to_us 0, pv_trunk 0

Total Mac number of addresses:: 1

하드웨어의 VLAN ID(MVID)는 7입니다.
MAC 주소: 5254.0019.93e9
GPN: 3

LISP 항목

호스트 온보딩에 성공한 후 엔드 호스트에 대한 LISP 항목이 Edge Node에서 로컬로 생성되고 Control Nodes(LISP MSMR - LISP Map Server / Map Resolver)에 등록됩니다. L2 및 L3에 대해 확인할 수 있는 특정 인스턴스 ID 범위와 관련하여 모든 LISP 확인을 수행해야 합니다.

Edge-1#show vlan id 1026
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1026 red                              active    L2LI0:8190, Gi1/0/3 <-- L2 LISP Instance ID tied to VLAN 1026

**L2 LISP 데이터베이스 확인**

L2 LISP 데이터베이스를 확인하려면 show lisp instance-id <L2 LISP ID> ethernet database <mac address> 명령을 사용합니다

Edge-1#show lisp instance-id 8190 ethernet database 5254.0019.93e9
LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 1026 (IID 8190), LSBs: 0x1
Entries total 1, no-route 0, inactive 0, do-not-register 2
5254.0019.93e9/48, dynamic-eid Auto-L2-group-8190, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint MAC
  Uptime: 2d17h, Last-change: 2d17h
  Domain-ID: local
  Service-Insertion: N/A
  Locator     Pri/Wgt  Source     State
  10.47.1.12   10/10   cfg-intf   site-self, reachable -----> Our own RLOC
  Map-server       Uptime         ACK  Domain-ID 
  10.47.1.10       1d11h          Yes  0         -----> RLOC of upstream collocated border
  10.47.1.11       2d17h          Yes  0         -----> RLOC of upstream collocated border

**LISP L2 AR(Address Resolution) 데이터베이스 확인**

LISP L2 AR 데이터베이스를 확인하려면 show lisp instance-id <LISP L2 IID> ethernet database address-resolution <mac address> 명령을 사용합니다

Edge-1#show lisp instance-id 8190 ethernet database address-resolution 5254.0019.93e9
LISP ETR Address Resolution for LISP 0 EID-table Vlan 1026 (IID 8190)
(*) -> entry being deleted
Hardware Address       L3 InstID Host Address                                 
5254.0019.93e9              4099 10.47.4.2/32  <-- Endpoint MAC Address, LISP L3 Instance ID, Endpoint IPv4 Address, respectively

**LISP L3 데이터베이스 확인**

LISP L3 데이터베이스를 확인하려면 show lisp instance-id <LISP L3 IID> ipv4 database <IP address/Subnet Mask> 명령을 사용합니다

 Edge-1#show lisp instance-id 4099 ipv4 database 10.47.4.2/32
LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf red_vn (IID 4099), LSBs: 0x1
Entries total 1, no-route 0, inactive 0, do-not-register 1
10.47.4.2/32, dynamic-eid red-IPV4, inherited from default locator-set rloc_222e1707-175d-4019-a783-060404f8bc2f -----> Endpoint IPv4 Address
  Uptime: 2d18h, Last-change: 2d18h
  Domain-ID: local
  Service-Insertion: N/A
  Locator     Pri/Wgt  Source     State
  10.47.1.12   10/10   cfg-intf   site-self, reachable -----> Our own RLOC
  Map-server       Uptime         ACK  Domain-ID 
  10.47.1.10       1d11h          Yes  0         -----> RLOC of upstream collocated border
  10.47.1.11       2d17h          Yes  0         -----> RLOC of upstream collocated border

**CEF 확인**

CEF를 확인하려면 show ip cef vrf <vrf name> <IP address> internal 명령을 사용합니다

Edge-1#show ip cef vrf red_vn 10.47.4.2 internal 
10.47.4.2/32, epoch 1, flags [att, sc], RIB[D], refcnt 6, per-destination sharing
  sources: RIB, Adj, IPL 
  feature space:
    IPRM: 0x00058000
    Broker: linked, distributed at 3rd priority
  subblocks:
    SC owned,sourced: LISP local EID - 
    SC inherited: LISP remote EID - locator status bits 0x00000000
    SC inherited: LISP cfg dyn-EID - LISP configured dynamic-EID
    LISP EID attributes: localEID Yes, c-dynEID Yes, d-dynEID Yes, a-dynEID No
    SC owned,sourced: LISP generalised SMR - [disabled, not inheriting, 0x7F06D0A67E40 locks: 1]
    Adj source: IP adj out of Vlan1026, addr 10.47.4.2 7F06D300B738
      Dependent covered prefix type adjfib, cover 10.47.4.0/24
    2 IPL sources [no flags]
  ifnums:
    Vlan1026(29): 10.47.4.2
  path list 7F06CEE8D720, 3 locks, per-destination, flags 0x49 [shble, rif, hwcn]
    path 7F06D0A900C8, share 1/1, type attached nexthop, for IPv4
      nexthop 10.47.4.2 Vlan1026, IP adj out of Vlan1026, addr 10.47.4.2 7F06D300B738
  output chain:
    IP adj out of Vlan1026, addr 10.47.4.2 7F06D300B738

SDA 에지 노드의 로컬 LISP 항목 외에도 SDA 제어 노드(LISP MS/MR)에는 엔드포인트에 대한 추가 정보가 포함되어 있습니다.

배치된 보더 L2 LISP 서버 확인:

L2 LISP 서버를 확인하려면 show lisp instance-id <L2 LISP IID> ethernet server <MAC Address> 명령을 사용합니다

Border-1#show lisp instance-id 8190 ethernet server 5254.0019.93e9
LISP Site Registration Information

Site name: site_uci
Description: map-server configured from Cisco DNA-Center
Allowed configured locators: any
Requested EID-prefix:

  EID-prefix: 5254.0019.93e9/48 instance-id 8190 <-- Endpoint MAC Address
    First registered:     2w5d
    Last registered:      3d16h
    Routing table tag:    0
    Origin:               Dynamic, more specific of any-mac
    Merge active:         No
    Proxy reply:          Yes
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  1d00h
    State:                complete
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.47.1.12:21038, last registered 3d16h, proxy-reply, map-notify <-- Egress Tunnel Router (Fabric Edge IP address)
                          TTL 1d00h, no merge, hash-function sha1
                          state complete, no security-capability
                          nonce 0xB60C4314-0x97BB332D
                          xTR-ID 0xAB3179F6-0xC774F22C-0x00F2C82E-0x3A66738D
                          site-ID unspecified
                          Domain-ID local
                          Multihoming-ID unspecified
                          sourced by reliable transport
      Locator     Local  State      Pri/Wgt  Scope
      10.47.1.12  yes    up          10/10   IPv4 none <--(Fabric Edge IP address)

배치된 보더 L2 LISP AR(Address Resolution) 서버 확인:

L2 LISP AR 서버를 확인하려면 show lisp instance-id <LISP L2 IID> ethernet server address-resolution <IP address> 명령을 사용합니다

등록 기록을 확인하려면 show lisp instance-id <LISP L2 IID> ethernet server address-resolution <IP address> registration-history 명령을 사용합니다

Border-1#show lisp instance-id 8190 ethernet server address-resolution 10.47.4.2       

Address-resolution data for router lisp 0 instance-id 8190

Site name: site_uci

Host Address:         10.47.4.2/32
Hardware Address:     5254.0019.93e9
First registered:     2w5d
Last registered:      3d16h
Registration errors:  
  Authentication failures:   0
 ETR 10.47.1.12:21038
  Last registered:       3d16h
  TTL:                   1d00h
  xTR-ID:                0xAB3179F6-0xC774F22C-0x00F2C82E-0x3A66738D
  Site-ID:               unspecified
  Registered addr:       5254.0019.93e9
  L3 Instance ID:        4099

Border-1#show lisp instance-id 8190 ethernet server address-resolution 10.47.4.2 registration-history 
Map-Server registration history
Roam = Did host move to a new location?
WLC = Did registration come from a Wireless Controller?
Prefix qualifier: + = Register Event, - = Deregister Event, * = AR register event

Timestamp (UTC)      Instance Proto Roam WLC Source           
                                             EID prefix / Locator
*Sep 29 16:50:27.762     8190 TCP   No   No  10.47.1.12       
                                           +*10.47.4.2/32 / 5254.0019.93e9
*Oct  1 21:05:11.086     8190 TCP   No   No  10.47.1.12       
                                           +*10.47.4.2/32 / 5254.0019.93e9
*Oct  2 06:51:11.882     8190 TCP   No   No  10.47.1.12       
                                           +*10.47.4.2/32 / 5254.0019.93e9
*Oct  3 00:56:33.642     8190 TCP   No   No  10.47.1.12       
                                           +*10.47.4.2/32 / 5254.0019.93e9
*Oct  3 01:53:45.934     8190 TCP   No   No  10.47.1.12       
                                           +*10.47.4.2/32 / 5254.0019.93e9
*Oct  6 04:36:08.685     8190 TCP   No   No  10.47.1.12       
                                           +*10.47.4.2/32 / 5254.0019.93e9

배치된 보더 L3 LISP 서버 확인

L3 LISP 서버를 확인하려면 show lisp instance-id <LISP L3 IID> ipv4 server <IP address> 명령을 사용합니다

L3 LISP 서버 등록 기록을 확인하려면 show lisp instance-id <LISP L3 IID> ipv4 server <IP address> registration-history 명령을 사용합니다

Border-1#show lisp instance-id 4099 ipv4 server 10.47.4.2
LISP Site Registration Information

Site name: site_uci
Description: map-server configured from Cisco DNA-Center
Allowed configured locators: any
Requested EID-prefix:

  EID-prefix: 10.47.4.2/32 instance-id 4099 
    First registered:     2w5d
    Last registered:      02:39:39
    Routing table tag:    0
    Origin:               Dynamic, more specific of 10.47.4.0/24
    Merge active:         No
    Proxy reply:          Yes
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  1d00h
    State:                complete
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 10.47.1.12:21038, last registered 02:39:39, proxy-reply, map-notify
                          TTL 1d00h, no merge, hash-function sha1
                          state complete, no security-capability
                          nonce 0x128CB668-0xF7B85F77
                          xTR-ID 0xAB3179F6-0xC774F22C-0x00F2C82E-0x3A66738D
                          site-ID unspecified
                          Domain-ID local
                          Multihoming-ID unspecified
                          sourced by reliable transport
      Locator     Local  State      Pri/Wgt  Scope
      10.47.1.12  yes    up          10/10   IPv4 none

Border-1#show lisp instance-id 4099 ipv4 server 10.47.4.2/32 registration-history 
Map-Server registration history
Roam = Did host move to a new location?
WLC = Did registration come from a Wireless Controller?
Prefix qualifier: + = Register Event, - = Deregister Event, * = AR register event

Timestamp (UTC)      Instance Proto Roam WLC Source           
                                             EID prefix / Locator
*Oct  6 04:36:01.548     4099 UDP   No   No  10.47.1.12       
                                           + 10.47.4.2/32
*Oct  6 04:36:08.686     4099 TCP   No   No  10.47.1.12       
                                           + 10.47.4.2/32
*Oct  9 18:35:48.058     4099 TCP   No   No  10.47.1.12       
                                           + 10.47.4.2/32

SDA의 ARP 해결

Cisco Catalyst Center를 사용하여 기본 설정으로 SDA 패브릭을 프로비저닝한 것으로 가정합니다. 즉, 레이어 2 확장이 활성화되고 패브릭 내의 모든 트래픽(동일한 VLAN/VN)이 IP 주소 조회/LISP IP 인스턴스가 아닌 MAC 주소 조회/LISP 이더넷 인스턴스를 기반으로 전달됩니다.

트러블슈팅 관점에서 양쪽 호스트의 고정 ARP 항목을 구성하여 패브릭의 일반 연결에 문제가 있는지(호스트 간에 ping이 작동하지 않는 경우) 또는 ARP 확인에만 문제가 있는지 신속하게 확인하는 것이 유용할 수 있습니다.

SDA 패브릭의 ARP 프로세스는 LISP를 활용하여 호스트의 ID와 위치를 확인하며 기존 라우팅/스위칭 환경의 ARP 동작과 다릅니다.

1단계: 패브릭 엔드포인트가 ARP 요청을 전송하여 다른 패브릭 엔드포인트에 대한 MAC/IP 바인딩을 확인합니다.

인그레스 인터페이스에서 패킷 캡처를 구성하여 ARP 패킷이 호스트로부터 수신되었음을 확인할 수 있습니다.

Edge-1#monitor capture 1 interface g1/0/3 in match any
Edge-1#mon cap 1 start
Started capture point : 1
Edge-1#mon cap 1 stop
Capture statistics collected at software:
	Capture duration - 22 seconds
	Packets received - 13
	Packets dropped - 0
	Packets oversized - 0

Number of Bytes dropped at asic not collected

Capture buffer will exists till exported or cleared

Stopped capture point : 1
Edge-1#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000 52:54:00:19:93:e9 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.47.4.3? Tell 10.47.4.2
    2   1.028893 52:54:00:19:93:e9 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.47.4.3? Tell 10.47.4.2
    3   2.058244 52:54:00:19:93:e9 -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.47.4.3? Tell 10.47.4.2

Edge-1#show monitor capture 1 buffer display-filter arp detailed 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 10, 2023 14:52:03.659290000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1696949523.659290000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:arp]
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) <-- SMAC/DMAC respectively
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: ARP (0x0806)
    Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
    Sender IP address: 10.47.4.2
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.47.4.3

2단계. 에지 노드는 ARP 패킷을 사용하고 LISP 요청을 생성하여 HOST-02의 MAC 주소를 확인합니다.

Edge-1은 LISP Control-Planes(배치된 경계)에 MAC 주소 10.47.4.3을 확인하기 위한 LISP 맵 요청을 보냅니다.

Edge-1#debug lisp control-plane all
Edge-1#debug l2lisp all

LISP[REMT ]-0: Map Request: Delay is over for IID 8190 EID 10.47.4.3/32, requester 'AR'.
LISP[REMT ]-0 IID 8190: Schedule processing of Map-Requests from 'remote EID prefix' in IPv4.
LISP[REMT ]-0: Map Request: Sending request for IID 8190 EID 10.47.4.3/32, requester 'AR'.

3단계. 제어 노드는 IP/MAC 매핑에 대한 LISP 요청을 받고 응답을 다시 SDA 에지 노드로 보냅니다.

LISP Map-Request는 Fabric Edge에서 수신되며 10.47.4.3에 연결된 MAC 주소로 LISP Map-Reply로 응답합니다.

Border-1#debug lisp control-plane all
Border-1#debug l2lisp all
LISP[TRNSP]-0: Processing received Map-Request(1) message on GigabitEthernet1/0/3 from 10.47.4.3:4342 to 10.47.4.3:4342.
LISP[MR   ]-0: Received Map-Request with 1 records, first EID IID 8190 10.47.4.3/32, source EID UNSPEC, nonce 0x73F75F36-0x061CAF58.
LISP[MR   ]-0 IID 8190 Eth-ARP: MS EID 10.47.4.3/32: Sending proxy reply to 10.47.1.12.

LISP 컨트롤 플레인은 로컬 데이터베이스에 저장된 주소 확인 항목에 따라 프록시 회신으로 응답합니다

Border-1#show lisp instance-id 8190 ethernet server address-resolution 10.47.4.3       

Address-resolution data for router lisp 0 instance-id 8190

Site name: site_uci

Host Address:         10.47.4.3/32
Hardware Address:     5254.001e.ad00
First registered:     21:11:17
Last registered:      21:11:17
Registration errors:  
  Authentication failures:   0
 ETR 10.47.1.13:16056
  Last registered:       21:11:17
  TTL:                   1d00h
  xTR-ID:                0x8CEE6478-0x9358E248-0xE935FF07-0x8C3C5450
  Site-ID:               unspecified
  Registered addr:       5254.001e.ad00
  L3 Instance ID:        4099

4단계. 에지 노드는 MAC 주소가 10.47.4.3인 LISP 응답을 받습니다.

패브릭 에지 노드에서 LISP 프록시 응답을 수신합니다.

LISP[REMT ]-0: Processing Map-Reply mapping record for IID 8190 MAC 5254.001e.ad00/48 LCAF 2, ttl 1440, action none, not authoritative, 1 locator.
LISP[REMT ]-0: Processing mapping information for EID prefix IID 8190 5254.001e.ad00/48.

5단계. 에지 노드는 MAC 주소에 대한 RLOC 위치를 결정하기 위해 LISP 맵 요청 패킷을 보냅니다.

처음 세 단계를 성공적으로 완료한 후 에지 노드는 ARP가 처음 생성된 MAC 주소 10.47.4.3을 알고 있습니다. 레이어 2 확장이 활성화되면 에지 노드는 이 정보를 10.47.4.2에 다시 회신하지 않고 이그레스 노드 에지의 RLOC 위치를 확인하는 데 사용합니다. 따라서 기존 레이어 2 네트워크에서처럼 10.47.4.3으로 ARP를 전달할 수 있습니다.

따라서 에지 노드는 이더넷 인스턴스에서 또 다른 LISP 맵 요청 패킷을 생성하며, 이번에는 10.47.4.2의 MAC 주소에 대한 RLOC 정보를 요청합니다.

Edge-1#debug lisp control-plane all
Edge-1#debug l2lisp all
*Oct 10 17:01:41.430: LISP[REMT ]-0 IID 8190: Schedule processing of Map-Requests from 'remote EID prefix' in IPv4.
*Oct 10 17:01:41.430: LISP[REMT ]-0: Map Request: Sending request for IID 8190 EID 5254.001e.ad00/48, requester 'remote EID prefix'

6단계: MAC 주소의 RLOC 위치를 결정하기 위해 제어 노드에서 LISP 맵 요청 패킷을 수신합니다.

제어 노드는 LISP 패킷을 수신하고 로컬 데이터베이스 상태에 따라 응답합니다

Border-1#debug lisp control-plane all
Border-1#debug l2lisp all
*Oct 10 16:04:42.055: LISP[MR   ]-0 IID 8190 Eth-ARP: MS EID 10.47.4.3/32: Sending proxy reply to 10.47.1.12.
*Oct 10 16:04:42.407: LISP[MR   ]-0: Received Map-Request with 1 records, first EID IID 8190 5254.001e.ad00/48, source EID 0000.0c9f.f341, nonce 0x75E13E8C-0x40DE7912.
*Oct 10 16:04:42.408: LISP[MR   ]-0 IID 8190 MAC: MS EID 5254.001e.ad00/48: Sending proxy reply to 10.47.1.12.

7단계: LISP Map-Reply is received by Edge Node(에지 노드에서 LISP 맵 응답 수신)

제어 노드에서 생성한 LISP 맵 응답이 에지 노드에서 수신됩니다.

Edge-1#debug lisp control-plane all
Edge-1#debug l2lisp all
*Oct 10 17:44:00.181: LISP[TRNSP]-0: Processing received Map-Reply(2) message on GigabitEthernet1/0/2 from 10.47.1.13:4342 to 10.47.1.12:4342.
*Oct 10 17:44:00.181: LISP[REMT ]-0: Received Map-Reply with nonce 0xF954EC80-0x039D7E4A, 1 records.
*Oct 10 17:44:00.181: LISP[REMT ]-0: Map-Reply nonce matches pending request for IID 8190 EID 5254.001e.ad00/48, requester 'remote EID RLOC'.
*Oct 10 17:44:00.181: LISP[REMT ]-0: Processing Map-Reply mapping record for IID 8190 MAC 5254.001e.ad00/48 LCAF 2, ttl 1440, action none, authoritative, 1 locator.
*Oct 10 17:44:00.181: LISP[REMT ]-0: Map Request: Received reply with rtt 560ms.
*Oct 10 17:44:00.181: LISP[REMT ]-0: Processing mapping information for EID prefix IID 8190 5254.001e.ad00/48.

이렇게 하면 LISP 이더넷 인스턴스 맵 캐시에 항목이 만들어지고 ARP 패킷이 10.47.4.3이 연결된 Edge-2로 전달될 수 있습니다

Edge-1#show lisp instance-id 8190 ethernet map-cache 5254.001e.ad00
LISP MAC Mapping Cache for LISP 0 EID-table Vlan 1026 (IID 8190), 1 entries

5254.001e.ad00/48, uptime: 00:04:11, expires: 23:55:48, via map-reply, complete
  Sources: map-reply
  State: complete, last modified: 00:04:11, map-source: 10.47.1.13
  Active, Packets out: 8(0 bytes), counters are not accurate (~ 00:00:04 ago)
  Encapsulating dynamic-EID traffic
  Locator     Uptime    State  Pri/Wgt     Encap-IID
  10.47.1.13  00:04:11  up      10/10        -
    Last up-down state change:         00:04:11, state change count: 1
    Last route reachability change:    00:04:11, state change count: 1
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            00:04:11 (rtt 560ms)

8단계. ARP는 VXLAN에서 캡슐화되어 HOST-02로 전송됩니다.

모든 LISP 관련 단계는 10.47.4.3의 위치를 확인하는 데 필요했습니다. 그러면 에지 노드가 원래의 ARP(브로드캐스트) 패킷을 적절한 에지 노드를 향해 유니캐스트로 전송할 수 있습니다. 단일 ARP 패킷이 10.47.4.2에서 전송된 경우에도 적절한 ARP 확인이 가능하도록 모든 단계가 완료될 때까지 원래 ARP 요청은 에지 노드 CPU에 의해 캐시됩니다(삭제되지 않음).

ARP 패킷은 다음 예제와 같이 VXLAN에서 캡슐화됩니다.

Edge-2#show monitor capture 1 buffer display-filter arp brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit   
   67  15.149181 52:54:00:19:93:e9 -> 52:54:00:1e:ad:00 ARP 110 Who has 10.47.4.3? Tell 10.47.4.2
   68  15.155511 52:54:00:19:93:e9 -> 52:54:00:1e:ad:00 ARP 110 Who has 10.47.4.3? Tell 10.47.4.2

ARP 요청은 VXLAN에서 캡슐화되었으며 브로드캐스트 ARP 요청에서 유니캐스트 ARP 요청으로 변환됩니다.

Frame 68: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 10, 2023 17:56:43.256570000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1696960603.256570000 seconds
    [Time delta from previous captured frame: 0.006330000 seconds]
    [Time delta from previous displayed frame: 0.006330000 seconds]
    [Time since reference or first frame: 15.155511000 seconds]
    Frame Number: 68
    Frame Length: 110 bytes (880 bits)
    Capture Length: 110 bytes (880 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:arp]
Ethernet II, Src: 52:54:00:0a:42:11 (52:54:00:0a:42:11), Dst: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
    Destination: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
        Address: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 52:54:00:0a:42:11 (52:54:00:0a:42:11)
        Address: 52:54:00:0a:42:11 (52:54:00:0a:42:11)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.13 <-- 10.47.1.12 is Edge-1 RLOC, 10.47.1.13 is Edge-2 RLOC
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 96
    Identification: 0x1781 (6017)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 253
    Protocol: UDP (17)
    Header checksum: 0x4f95 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.1.12
    Destination: 10.47.1.13
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
    Source Port: 65354
    Destination Port: 4789
    Length: 76
    [Checksum: [missing]]
    [Checksum Status: Not present]
    [Stream index: 0]
    [Timestamps]
        [Time since first frame: 15.155511000 seconds]
        [Time since previous frame: 0.006330000 seconds]
Virtual eXtensible Local Area Network
    Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
        1... .... .... .... = GBP Extension: Defined
        .... .... .0.. .... = Don't Learn: False
        .... 1... .... .... = VXLAN Network ID (VNI): True
        .... .... .... 0... = Policy Applied: False
        .000 .000 0.00 .000 = Reserved(R): 0x0000
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 8190 <-- L2 LISP IID
    Reserved: 0
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00) <--Unicast ARP Request
    Destination: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
        Address: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: ARP (0x0806)
    Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
    Sender IP address: 10.47.4.2
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.47.4.3

9단계. ARP 회신은 10.47.4.3에 의해 생성되고 10.47.4.2로 전송됨

Edge-2#show monitor capture 1 buffer display-filter arp brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000 52:54:00:1e:ad:00 -> 52:54:00:19:93:e9 ARP 60 10.47.4.3 is at 52:54:00:1e:ad:00
    2   0.069429 52:54:00:1e:ad:00 -> 52:54:00:19:93:e9 ARP 60 10.47.4.3 is at 52:54:00:1e:ad:00
   11   5.960508 52:54:00:1e:ad:00 -> 52:54:00:19:93:e9 ARP 60 Who has 10.47.4.2? Tell 10.47.4.3

이 때 패킷은 원래 ARP 요청으로서 주소를 브로드캐스트하지 않고 10.47.4.2의 MAC 주소로 전송되며, 인그레스 에지 노드(Edge-2)에 도달하면 일반 LISP 작업이 트리거됩니다. 처음 10.47.4.2의 MAC 주소가 에지 노드의 LISP 이더넷 인스턴스에서 누락되었습니다. 패킷이 CPU로 전송되어 HOST-01에 대한 RLOC를 확인하기 위한 LISP 맵 요청을 생성합니다. 이 동작은 이 문서의 다른 섹션에서 설명한 것과 정확히 동일하며 Edge-2에서 10.47.4.2에 대한 LISP 맵 캐시 항목을 만들 수 있습니다.

Edge-2#show lisp instance-id 8190 ethernet map-cache 5254.0019.93e9   
LISP MAC Mapping Cache for LISP 0 EID-table Vlan 1026 (IID 8190), 1 entries

5254.0019.93e9/48, uptime: 03:18:28, expires: 20:41:32, via map-reply, complete
  Sources: map-reply
  State: complete, last modified: 03:18:28, map-source: 10.47.1.12
  Active, Packets out: 386(0 bytes), counters are not accurate (~ 00:00:12 ago)
  Encapsulating dynamic-EID traffic
  Locator     Uptime    State  Pri/Wgt     Encap-IID
  10.47.1.12  03:18:28  up      10/10        -
    Last up-down state change:         03:18:28, state change count: 1
    Last route reachability change:    03:18:28, state change count: 1
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            03:18:28 (rtt 710ms)

이 항목을 사용하면 VXLAN 캡슐화에서 Edge-1로 ARP 응답을 성공적으로 전송하고 10.47.4.2의 전체 경쟁 ARP 확인 프로세스에 추가로 전달할 수 있습니다.

SDA 패브릭의 기본 호스트 연결성(동일한 VLAN/동일한 VN)

ARP 확인이 성공적으로 완료되었으며 두 호스트 10.47.4.2 및 10.47.4.3에 서로 적절한 ARP 항목이 있다고 가정합니다.

트러블슈팅 관점에서 양쪽 호스트의 고정 ARP 항목을 구성하여 패브릭의 일반 연결에 문제가 있는지(호스트 간에 ping이 작동하지 않는 경우) 또는 ARP 프로세스에만 문제가 있는지 신속하게 확인하는 것이 매우 유용합니다.

10.47.4.2는 10.47.4.3에 대한 ICMP 요청을 생성합니다.

Edge-1#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000    10.47.4.2 -> 10.47.4.3    ICMP 98 Echo (ping) request  id=0x0040, seq=3/768, ttl=64

Edge-1#show monitor capture 1 buffer detail 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 10, 2023 18:21:21.484694000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1696962081.484694000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 98 bytes (784 bits)
    Capture Length: 98 bytes (784 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:icmp:data]
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00) <-- Endpoint MAC, Anycast GW MAC respectively
    Destination: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
        Address: 52:54:00:1e:ad:00 (52:54:00:1e:ad:00)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.4.3
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x7321 (29473)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: ICMP (1)
    Header checksum: 0xab25 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.4.2
    Destination: 10.47.4.3
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0x02ea [correct]
    [Checksum Status: Good]
    Identifier (BE): 64 (0x0040)
    Identifier (LE): 16384 (0x4000)
    Sequence number (BE): 3 (0x0003)
    Sequence number (LE): 768 (0x0300)
    Data (56 bytes)

0000  68 95 8c 3d 00 00 00 00 00 00 00 00 00 00 00 00   h..=............
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00                           ........
        Data: 68958c3d0000000000000000000000000000000000000000b^@&
        [Length: 56]

ICMP 패킷은 10.47.4.3으로 Locator(로케이터) 필드에 지정된 Edge Node(에지-2)로 전송되며 포함된 패킷 캡처를 통해 캡처될 수 있습니다.

L2 확장이 활성화된 VLAN에서 패킷이 수신되면 LISP 이더넷 인스턴스에서 조회가 수행됩니다.

Edge-1#show lisp instance-id 8190 ethernet map-cache 5254.001e.ad00
LISP MAC Mapping Cache for LISP 0 EID-table Vlan 1026 (IID 8190), 1 entries

5254.001e.ad00/48, uptime: 00:22:29, expires: 23:37:32, via map-reply, complete
  Sources: map-reply
  State: complete, last modified: 00:22:29, map-source: 10.47.1.13
  Active, Packets out: 42(0 bytes), counters are not accurate (~ 00:00:58 ago)
  Encapsulating dynamic-EID traffic
  Locator     Uptime    State  Pri/Wgt     Encap-IID
  10.47.1.13  00:22:29  up      10/10        -
    Last up-down state change:         00:22:29, state change count: 1
    Last route reachability change:    00:22:29, state change count: 1
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            00:22:28 (rtt 1609ms)

원격 엔드포인트의 MAC 주소를 확인하고 L2LI0을 가리킵니다.

Edge-1#show mac add add 5254.001e.ad00
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1026    5254.001e.ad00    CP_LEARN    L2LI0
Total Mac Addresses installed by LISP: REMOTE: 1

FED에서 MAC 주소를 확인하면 추가 정보를 수집할 수 있습니다.

Edge-1#show platform software fed sw active matm macTable vlan 1026 mac 5254.001e.ad00
VLAN   MAC                  Type  Seq#    EC_Bi  Flags  machandle           siHandle            riHandle            diHandle              *a_time  *e_time  ports                                                         Con   
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1026   5254.001e.ad00  0x1000001       0      0     64  0x7f65ecfdd3a8      0x7f65ecfdd1f8      0x7f65ecfdd048      0x0                         0        2  RLOC 10.47.1.13 adj_id 97                                     No    

======platform hardware details ======

Asic: 0 

 htm-handle = 0x7f65ecc4d188 MVID = 7 gpn = 1 
 SI = 0xc7 RI = 0x12 DI = 0x5012 
Asic: 1 
 SI = 0xc7 RI = 0x12 DI = 0x5013

MAC 주소 macHandle 디코드

이전 명령에서 macHandle(0x7f65ecfdd3a8)을 가져와서 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <macHandle> 명령에서 사용합니다. 1

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ecfdd3a8 1
Handle:0x7f65ecfdd3a8 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1
priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f65ecc4d188
Features sharing this resource:Cookie length: 12
1e 00 54 52 00 ad 07 80 07 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Number of HTM Entries: 1

Entry 0: (handle 0x7f65ecc4d188)

Absolute Index: 4706 
Time Stamp: 14 
KEY - vlan:7 mac:0x5254001ead00 l3_if:0 gpn:3401 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:1
MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 lvx:0
SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0
DST_AD - si:0xc7 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:1


==============================================================

MAC 주소 siHandle 디코드

이전 명령에서 siHandle(0x7f65ecfdd1f8)을 가져와서 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <siHandle> 명령에서 사용합니다. 1

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ecfdd1f8 1
Handle:0x7f65ecfdd1f8 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ecfdd048Hardware Indices/Handles: index0:0xc7  mtu_index/l3u_ri_index0:0x0  index1:0xc7  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:58 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------

Station Index (SI) [0xc7] <-- Contains the Rewrite Index (RI) and Outgoing Interface Information (DI)
RI = 0x12 <-- Rewrite Index = Contains information for forwarding 
DI = 0x5012 <-- Destination Index = Outgoing Interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: LD 


Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------

Station Index (SI) [0xc7] <-- Contains the Rewrite Index (RI) and Outgoing Interface Information (DI) 
RI = 0x12 <-- Rewrite Index = Contains information for forwarding 
DI = 0x5013 <-- Destination Index = Outgoing Interface
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: LD 

==============================================================

인덱스 디코드 다시 쓰기

RI(0x12)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령에서 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x12 0x12
ASIC#:0 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133)
 Src IP:         10.47.1.12 <-- Local RLOC
 Dst IP:         10.47.1.13 <-- Remote RLOC
 iVxlan dstMac:  0x5254:0x01c:0x7de0
 iVxlan srcMac:  0x00:0x00:0x00
 IPv4 TTL:       0
 iid present:    1
 lisp iid:       0
 lisp flags:     0
 dst Port:       4789
 update only l3if:       0
 is Sgt:         1
 is TTL Prop:    0
 L3if LE:        0 (0)
 Port LE:        0 (0)
 Vlan LE:        7 (0)

ASIC#:1 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133)
 Src IP:         10.47.1.12 <-- Local RLOC
 Dst IP:         10.47.1.13 <-- Remote RLOC
 iVxlan dstMac:  0x5254:0x01c:0x7de0
 iVxlan srcMac:  0x00:0x00:0x00
 IPv4 TTL:       0
 iid present:    1
 lisp iid:       0
 lisp flags:     0
 dst Port:       4789
 update only l3if:       0
 is Sgt:         1
 is TTL Prop:    0
 L3if LE:        0 (0)
 Port LE:        0 (0)
 Vlan LE:        7 (0)

대상 인덱스 디코드

DI(0x5012)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI> 명령을 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012
ASIC#0:

Destination index   = 0x5012 DI_RCP_PORT1 <-- Recirculation port for VXLAN imposition 
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x1
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0
ASIC#1:

Destination index   = 0x5012 DI_RCP_PORT1 <-- Recirculation port for VXLAN imposition 
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0

siHandle 디코드

siHandle(0x7f65ecfdd048)을 사용하여 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <siHandle> 명령을 사용합니다. 1

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ecfdd048 1
Handle:0x7f65ecfdd048 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ecfdcd78Hardware Indices/Handles: index0:0x12  mtu_index/l3u_ri_index0:0x0  index1:0x12  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:58 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 07 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
ASIC#:0 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133)
 Src IP:	 10.47.1.12 <-- Local RLOC
 Dst IP:	 10.47.1.13 <-- Remote RLOC
 iVxlan dstMac:	 0x610:0x00:0x00
 iVxlan srcMac:	 0x00:0x00:0x00
 IPv4 TTL:	 0
 iid present:	 1
 lisp iid:	 0
 lisp flags:	 0
 dst Port:	 4789
 update only l3if:	 0
 is Sgt:	 1
 is TTL Prop:	 0
 L3if LE:	 0 (0)
 Port LE:	 279 (0)
 Vlan LE:	 7 (0)


Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
ASIC#:1 RI:18 Rewrite_type:AL_RRM_REWRITE_L2_PAYLOAD_L2LISP_ENCAP(115) Mapped_rii:LVX_L2_ENCAP_L2_PAYLOAD_ROUTED(133)
Src IP: 10.47.1.12 <-- Local RLOC 
Dst IP: 10.47.1.13 <-- Remote RLOC
 iVxlan dstMac:	 0x610:0x00:0x00
 iVxlan srcMac:	 0x00:0x00:0x00
 IPv4 TTL:	 0
 iid present:	 1
 lisp iid:	 0
 lisp flags:	 0
 dst Port:	 4789
 update only l3if:	 0
 is Sgt:	 1
 is TTL Prop:	 0
 L3if LE:	 0 (0)
 Port LE:	 279 (0)
 Vlan LE:	 7 (0)

==============================================================

언더레이 경로 확인

트래픽은 10.47.1.12를 사용하여 IID 8190을 사용하는 VXLAN에서 캡슐화되며 Gig1/0/1 및 G1/0/2에서 로드 밸런싱될 수 있습니다

Edge-1#show ip route 10.47.1.13 
Routing entry for 10.47.1.13/32
  Known via "isis", distance 115, metric 30, type level-2
  Redistributing via isis
  Last update from 10.47.1.4 on GigabitEthernet1/0/2, 2d22h ago
  Routing Descriptor Blocks:
    10.47.1.4, from 10.47.1.13, 2d22h ago, via GigabitEthernet1/0/2
      Route metric is 30, traffic share count is 1
  * 10.47.1.0, from 10.47.1.13, 2d22h ago, via GigabitEthernet1/0/1
      Route metric is 30, traffic share count is 1

Edge-1#show ip cef 10.47.1.13
10.47.1.13/32
  nexthop 10.47.1.0 GigabitEthernet1/0/1
  nexthop 10.47.1.4 GigabitEthernet1/0/2

si_hdl, ri_hdl 정보를 가져오려면 show platform software fed switch active ip adj 명령을 사용합니다

Edge-1#show platform software fed switch active ip adj
IPV4 Adj entries
dest                                          if_name                 dst_mac          si_hdl         ri_hdl         pd_flags adj_id     Last-modified           
----                                          -------                 -------          ------         ------         -------- ------     -------------           
225.0.0.0                                     GigabitEthernet1/0/1    0100.5e00.0000   0x7f65ec958128 0x7f65ec957e18 0x0      0xf80001a1 2023/09/19 17:57:41.399 
10.47.1.10                                    LISP0.4100              4500.0000.0000   0x7f65ec895ed8 0x7f65ec895a68 0x60     0x5c       2023/09/19 17:58:16.545 
225.0.0.0                                     GigabitEthernet1/0/2    0100.5e00.0000   0x7f65ec958f68 0x7f65ec95b2b8 0x0      0xf80001b1 2023/09/19 17:57:41.938 
10.47.1.4                                     GigabitEthernet1/0/2    5254.001c.7de0   0x7f65ec8a5458 0x7f65ec8a4eb8 0x0      0x4c       2023/09/19 17:58:02.150 
225.0.0.0                                     Null0                   f800.0011.0000   0x7f65ec3740c8 0x0            0x0      0xf8000011 2023/09/19 17:57:29.404 
10.47.1.0                                     GigabitEthernet1/0/1    5254.000a.42f3   0x7f65ec8b8468 0x7f65ec8b8158 0x0      0x55       2023/09/19 17:58:08.864

Underlay Next-Hop si_hdl Decode

si_hdl(0x7f65ec8a5458)을 확인하려면 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 명령에서 사용합니다. 1

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1
Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc  mtu_index/l3u_ri_index0:0x0  index1:0xbc  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:66 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
Station Index (SI) [0xbc] 	-----> Contains RI and DI information 
RI = 0x1a 			-----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency 
DI = 0x526d			-----> Destination Index = Outgoing Interface 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: LD 		-----> Local Data, indicating that this ASIC is directly connected to the adjacency interface 

Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xbc] 	-----> Contains RI and DI information 
RI = 0x1a 			-----> Rewrite Index = MAC address rewrite information for L3 forwarding to the next-hop adjacency 
DI = 0x526d			-----> Destination Index = Outgoing Interface 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: CD		-----> Core Data, indicating that this instance of the ASIC is on the same ASIC, but different core.
==============================================================

Next-Hop Rewrite Index Decode 언더레이

RI(0x1a)를 디코딩하려면 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령을 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a
ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)	-----> Decimal 26 is hex 0x1a
MAC Addr: MAC Addr: 52:54:00:1c:7d:e0,	-----> MAC address 5254.001c.7de0 for the next-hop adjacency
L3IF LE Index 38
ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
MAC Addr: MAC Addr: 52:54:00:1c:7d:e0,	 -----> MAC address 5254.001c.7de0 for the next-hop adjacency
L3IF LE Index 38

Next-Hop 목적지 인덱스 디코드 언더레이

DI(0x526d)를 디코딩하려면 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>에서 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526d 0x526d
ASIC#0:

Destination index   = 0x526d  
pmap                = 0x00000000 0x00000002 <-- Convert decimal 2 to binary, which is 0010. Count this binary right to left, zero-based, so Port 1.
pmap_intf : [GigabitEthernet1/0/2]
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0
ASIC#1:

Destination index   = 0x526d  
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0

Edge-1#show platform software fed switch active ifm mappings
Interface                 IF_ID    Inst Asic Core Port SubPort Mac  Cntx LPN  GPN  Type Active
GigabitEthernet1/0/1      0x1a       0   0   0    0      0      1    0    1    1    NIF  Y
GigabitEthernet1/0/2      0x1b       0   0   0    1      0      2    1    2    2    NIF  Y <-- Port 1 lines up to G1/0/2
GigabitEthernet1/0/3      0xb        0   0   0    2      0      3    2    3    3    NIF  Y
GigabitEthernet1/0/4      0xc        0   0   0    3      0      4    3    4    4    NIF  Y
GigabitEthernet1/0/5      0xd        0   0   0    4      0      5    4    5    5    NIF  Y
GigabitEthernet1/0/6      0xe        0   0   0    5      0      6    5    6    6    NIF  Y
GigabitEthernet1/0/7      0xf        0   0   0    6      0      7    6    7    7    NIF  Y
GigabitEthernet1/0/8      0x10       0   0   0    7      0      8    7    8    8    NIF  Y

Next-Hop ri_hdl Decode 언더레이

show platform hardware fed switch active fwd-asic abstraction print-resource-handle (ri_hdl) 1에서 ri_hdl(0x7f65ec8a4eb8)을 디코딩하려면

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a4eb8 1
Handle:0x7f65ec8a4eb8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ec903b28Hardware Indices/Handles: index0:0x1a  mtu_index/l3u_ri_index0:0x0  index1:0x1a  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:66 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 26 is 0x1a in hex
	MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, <-- MAC address 5254.001c.7de0 for the next-hop adjacency
	L3IF LE Index 38



Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)<-- Decimal 26 is 0x1a in hex MAC Addr: MAC Addr: 52:54:00:1c:7d:e0,
	MAC Addr: MAC Addr: 52:54:00:1c:7d:e0,<-- MAC address 5254.001c.7de0 for the next-hop adjacency 
	L3IF LE Index 38


==============================================================

SDA 패브릭의 기본 호스트 연결성(서로 다른 VLAN/동일한 VN)

이 절에서는 10.47.4.2와 10.47.10.2 사이의 의사소통을 살펴본다. 이러한 호스트는 서로 다른 VLAN에 속하므로 둘 다 기본 게이트웨이를 가리키는 기본 게이트웨이를 구성해야 합니다. 10.47.4.2의 경우 10.47.4.1이고 10.47.10.2의 경우 10.47.10.1입니다.

1단계. 엔드포인트와 기본 게이트웨이 간의 연결이 작동하는지 확인합니다.

Edge-1#ping vrf red_vn 10.47.4.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.47.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 155/164/181 ms

Edge-2#ping vrf red_vn 10.47.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.47.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 41/46/62 ms

2단계. 10.47.4.2의 패킷이 Edge-1에서 성공적으로 수신되는지 확인합니다.

패킷은 10.47.4.2를 향하는 인그레스 인터페이스에서 캡처할 수 있습니다.

Edge-1#monitor capture 1 interface g1/0/3 in match any
Edge-1#mon cap 1 start
Started capture point : 1
Edge-1#mon cap 1 stop
Capture statistics collected at software:
	Capture duration - 12 seconds
	Packets received - 9
	Packets dropped - 0
	Packets oversized - 0

Number of Bytes dropped at asic not collected

Capture buffer will exists till exported or cleared

Stopped capture point : 1

Edge-1#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000    10.47.4.2 -> 10.47.10.2   ICMP 98 Echo (ping) request  id=0x0041, seq=0/0, ttl=64
    2   0.023447    10.47.4.2 -> 10.47.10.2   ICMP 98 Echo (ping) request  id=0x0041, seq=0/0, ttl=64

Edge-1#show monitor capture 1 buffer detailed 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 11, 2023 15:27:46.033825000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1697038066.033825000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 98 bytes (784 bits)
    Capture Length: 98 bytes (784 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:icmp:data]
Ethernet II, Src: 52:54:00:19:93:e9 (52:54:00:19:93:e9), Dst: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41) <-- SMAC and DMAC respectively
    Destination: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
        Address: 00:00:0c:9f:f3:41 (00:00:0c:9f:f3:41)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        Address: 52:54:00:19:93:e9 (52:54:00:19:93:e9)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x395e (14686)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: ICMP (1)
    Header checksum: 0xdee9 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.4.2
    Destination: 10.47.10.2
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0x248a [correct]
    [Checksum Status: Good]
    Identifier (BE): 65 (0x0041)
    Identifier (LE): 16640 (0x4100)
    Sequence number (BE): 0 (0x0000)
    Sequence number (LE): 0 (0x0000)
    Data (56 bytes)

0000  2a 46 a8 ee 00 00 00 00 00 00 00 00 00 00 00 00   *F..............
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00                           ........
        Data: 2a46a8ee0000000000000000000000000000000000000000b^@&
        [Length: 56]

3단계 - LISP 조회

인그레스 에지 노드는 패킷을 전송하는 HOST-03의 위치(RLOC)를 결정해야 합니다. 이 경우 엔드 호스트 HOST-03이 다른 VLAN(동일한 VN/VRF: USERS)에 있는 것처럼 LISP IPv4 인스턴스는 조회가 IP 주소(MAC 주소는 에지 노드 자체에 속함)를 기반으로 하기 때문에 사용됩니다.

Edge-1#debug lisp control-plane all
LISP[REMT ]-0: Map Request: Sending request for IID 4099 EID 10.47.10.2/32, requester 'remote EID prefix'.
LISP[REMT ]-0: Map-Reply nonce matches pending request for IID 4099 EID 10.47.10.2/32, requester 'remote EID prefix'.

LISP 맵 요청이 제어 노드(LISP 맵 서버) Border-1에 도달함:

Border-1#debug lisp control-plane all
LISP[TRNSP]-0: Processing received Map-Request(1) message on GigabitEthernet1/0/3 from 10.47.10.2:4342 to 10.47.10.2:4342.
LISP[MR   ]-0: Received Map-Request with 1 records, first EID IID 4099 10.47.10.2/32, source EID 10.47.4.2, nonce 0x1CFAB931-0x8207CB93.
LISP[MR   ]-0 IID 4099 IPv4: MS EID 10.47.10.2/32: Sending proxy reply to 10.47.1.12.

LISP 맵 회신 에지 노드에 도달:

LISP[REMT ]-0: Processing Map-Reply mapping record for IID 4099 IPv4 10.47.10.2/32 LCAF 2, ttl 1440, action none, not authoritative, 1 locator.
LISP[REMT ]-0: Processing mapping information for EID prefix IID 4099 10.47.10.2/32.

패브릭 에지는 10.47.10.2에 대한 RLOC를 쿼리하고 맵 응답을 처리합니다

LISP[REMT ]-0: Map Request: Sending request for IID 4099 EID 10.47.10.2/32, requester 'remote EID RLOC'.
LISP[REMT ]-0: Processing Map-Reply mapping record for IID 4099 IPv4 10.47.10.2/32 LCAF 2, ttl 1440, action none, authoritative, 1 locator.
LISP[REMT ]-0: Processing mapping information for EID prefix IID 4099 10.47.10.2/32.

엔트리가 없는 경우 LISP 프로세스 관점에서 디버그를 수집해야 합니다. LISP(LISP Grouper)라는 툴도 있습니다. 이 툴은 수동으로 LISP 프로세스를 트리거하는 데 사용할 수 있습니다(두 제어 노드 간의 이중화된 제어 노드 컨피그레이션 및 데이터베이스 일관성을 테스트하는 매우 효과적인 방법).

Edge-1#lig instance-id 4099 10.47.10.2 to 10.47.1.10
Mapping information for EID 10.47.10.2 from 10.47.1.10 with RTT 334 msecs
10.47.10.2/32, uptime: 00:00:00, expires: 23:59:59, via map-reply, complete
  Locator     Uptime    State  Pri/Wgt     Encap-IID
  10.47.1.13  00:00:00  up      10/10        -

Edge-1#lig instance-id 4099 10.47.10.2 to 10.47.1.11
Mapping information for EID 10.47.10.2 from 10.47.1.11 with RTT 327 msecs
10.47.10.2/32, uptime: 00:00:06, expires: 23:59:59, via map-reply, complete
  Locator     Uptime    State  Pri/Wgt     Encap-IID
  10.47.1.13  00:00:06  up      10/10        -

경로 확인

CEF는 LISP를 사용하며, LISP는 수신한 맵 캐시 항목을 사용합니다

Edge-1#show ip cef vrf red_vn 10.47.10.2
10.47.10.2/32
  nexthop 10.47.1.13 LISP0.4099 

Edge-1#show ip route 10.47.1.13
Routing entry for 10.47.1.13/32
  Known via "isis", distance 115, metric 30, type level-2
  Redistributing via isis
  Last update from 10.47.1.4 on GigabitEthernet1/0/2, 3d19h ago
  Routing Descriptor Blocks:
    10.47.1.4, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/2
      Route metric is 30, traffic share count is 1
  * 10.47.1.0, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/1
      Route metric is 30, traffic share count is 1

Edge-1#show lisp instance-id 4099 ipv4 map-cache  10.47.10.2
LISP IPv4 Mapping Cache for LISP 0 EID-table vrf red_vn (IID 4099), 1 entries

10.47.10.2/32, uptime: 00:08:48, expires: 23:51:17, via map-reply, complete
  Sources: map-reply
  State: complete, last modified: 00:08:48, map-source: 10.47.1.11
  Active, Packets out: 51(29376 bytes), counters are not accurate (~ 00:00:15 ago)
  Encapsulating dynamic-EID traffic
  Locator     Uptime    State  Pri/Wgt     Encap-IID
  10.47.1.13  00:08:48  up      10/10        -
    Last up-down state change:         00:08:48, state change count: 1
    Last route reachability change:    22:07:12, state change count: 1
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            00:08:48 (rtt 931ms)

LISP Next-Hop 확인

이 패킷은 VXLAN에서 캡슐화되므로 LISP next-hop을 확인해야 합니다. 명령 show platform software fed switch active ip adj를 사용하여 10.47.1.13, LISP next-hop에 대한 추가 정보를 얻습니다

Edge-1#show platform software fed switch active ip adj      
IPV4 Adj entries
dest                                          if_name                 dst_mac          si_hdl         ri_hdl         pd_flags adj_id     Last-modified           
----                                          -------                 -------          ------         ------         -------- ------     -------------           
10.47.1.10                                    LISP0.4100              4500.0000.0000   0x7f65ec895ed8 0x7f65ec895a68 0x60     0x5c       2023/09/19 17:58:16.545 
10.47.1.4                                     GigabitEthernet1/0/2    5254.001c.7de0   0x7f65ec8a5458 0x7f65ec8a4eb8 0x0      0x4c       2023/09/19 17:58:02.150 
10.47.1.0                                     GigabitEthernet1/0/1    5254.000a.42f3   0x7f65ec8b8468 0x7f65ec8b8158 0x0      0x55       2023/09/19 17:58:08.864 
10.47.4.2                                     Vlan1026                5254.0019.93e9   0x7f65ec7c21f8 0x7f65ec7c2498 0x0      0x1a       2023/09/19 23:59:34.081 
10.47.1.13                                    LISP0.4099              4500.0000.0000   0x7f65ed00f668 0x7f65ed00fd58 0x60     0x20       2023/10/11 15:36:06.243

LISP Next-Hop si_hdl 디코딩

si_hdl (0x7f65ed00f668)을 사용하여 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1에 사용하십시오.

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ed00f668 1
Handle:0x7f65ed00f668 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ed00fd58Hardware Indices/Handles: index0:0xc8  mtu_index/l3u_ri_index0:0x0  index1:0xc8  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:109 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 38 5f 84 ec 0a 2f 01 0d ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------

Station Index (SI) [0xc8] <-- Contains the RI and DI
RI = 0x2c <-- Rewrite Index contains information for L3 Forwarding 
DI = 0x5012 <-- Destination Index contains information for the destination port 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0xc
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: LD 


Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc8] <-- Contains the RI and DI 
RI = 0x2c <-- Rewrite Index contains information for L3 Forwarding 
DI = 0x5013 <-- Destination Index contains information for the destination port 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0xc
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: LD 

==============================================================

LISP Next-Hop RI 디코딩

RI(0x2c)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI>에 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x2c 0x2c
ASIC#:0 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123)
 Dst Mac:	 MAC Addr: ba:25:cd:f4:ad:38,
 Src IP:	 10.47.1.12 <-- Local RLOC
 Dst IP:	 10.47.1.13 <-- RLOC of Edge-2
 IPv4 TTL:	 0
 LISP INSTANCEID:	 0
 L3IF LE Index:	 46

ASIC#:1 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123)
 Dst Mac:	 MAC Addr: ba:25:cd:f4:ad:38,
 Src IP: 10.47.1.12 <-- Local RLOC 
 Dst IP: 10.47.1.13 <-- RLOC of Edge-2 
 IPv4 TTL:	 0
 LISP INSTANCEID:	 0
 L3IF LE Index:	 46

LISP Next-Hop DI Decode

DI(0x5012)를 받아 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>에 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0:

Destination index   = 0x5012 DI_RCP_PORT1 <-- Expected, this means the packet is recirculated for VXLAN imposition
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x1
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0
ASIC#1:

Destination index   = 0x5012 DI_RCP_PORT1 <-- Expected, this means the packet is recirculated for VXLAN imposition
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0

LISP Next-Hop ri_hdl 디코딩

ri_hdl (0x7f65ed00fd58)을 가져와서 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 명령에서 사용합니다. 1

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ed00fd58 1     
Handle:0x7f65ed00fd58 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ed00b618Hardware Indices/Handles: index0:0x2c  mtu_index/l3u_ri_index0:0x0  index1:0x2c  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:109 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 2e 00 00 00 0a 2f 01 0d ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
ASIC#:0 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123)
 Dst Mac:	 MAC Addr: ba:25:cd:f4:ad:38,
 Src IP:	 10.47.1.12 <-- Local RLOC
 Dst IP:	 10.47.1.13 <-- Edge-2 RLOC
 IPv4 TTL:	 0
 LISP INSTANCEID:	 0
 L3IF LE Index:	 46


Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
ASIC#:1 RI:44 Rewrite_type:AL_RRM_REWRITE_IPV4_VXLAN_INNER_IPV4_ENCAP(110) Mapped_rii:LVX_L3_ENCAP_L2_PAYLOAD(123)
 Dst Mac:	 MAC Addr: ba:25:cd:f4:ad:38,
 Src IP: 10.47.1.12 <-- Local RLOC 
 Dst IP: 10.47.1.13 <-- Edge-2 RLOC
 IPv4 TTL:	 0
 LISP INSTANCEID:	 0
 L3IF LE Index:	 46

==============================================================

언더레이 Next-Hop 확인

LISP Next-Hop에 도달하기 위해 언더레이에 가능한 두 가지 경로가 있으며, 한 경로에 대해 검증이 발생하며, 다른 언더레이 Next-Hop의 검증에도 동일한 논리가 적용됩니다.

Edge-1#show ip route 10.47.1.13
Routing entry for 10.47.1.13/32
  Known via "isis", distance 115, metric 30, type level-2
  Redistributing via isis
  Last update from 10.47.1.4 on GigabitEthernet1/0/2, 3d19h ago
  Routing Descriptor Blocks:
    10.47.1.4, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/2
      Route metric is 30, traffic share count is 1
  * 10.47.1.0, from 10.47.1.13, 3d19h ago, via GigabitEthernet1/0/1
      Route metric is 30, traffic share count is 1

다음 홉에 대한 자세한 내용을 보려면 show platform software fed switch active ip adj를 사용하십시오

Edge-1#show platform software fed switch active ip adj
IPV4 Adj entries
dest                                          if_name                 dst_mac          si_hdl         ri_hdl         pd_flags adj_id     Last-modified           
----                                          -------                 -------          ------         ------         -------- ------     -------------           
10.47.1.4                                     GigabitEthernet1/0/2    5254.001c.7de0   0x7f65ec8a5458 0x7f65ec8a4eb8 0x0      0x4c       2023/09/19 17:58:02.150 
10.47.1.0                                     GigabitEthernet1/0/1    5254.000a.42f3   0x7f65ec8b8468 0x7f65ec8b8158 0x0      0x55       2023/09/19 17:58:08.864 
<snip>

Underlay Next-Hop si_hdl Decode

si_hdl (0x7f65ec8a5458)을 가져와서 명령 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1에 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8a5458 1
Handle:0x7f65ec8a5458 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ec8a4eb8Hardware Indices/Handles: index0:0xbc  mtu_index/l3u_ri_index0:0x0  index1:0xbc  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:66 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 1c 7d e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------

Station Index (SI) [0xbc] <-- Contains the RI and DI
RI = 0x1a <-- Rewrite index contains information for L3 Forwarding 
DI = 0x526d <-- Destination index contains information for the destination port 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: LD 


Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xbc] <-- Contains the RI and DI 
RI = 0x1a <-- Rewrite index contains information for L3 Forwarding 
DI = 0x526d <-- Destination index contains information for the destination port 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0
Replication Bitmap: CD 

==============================================================

Next-Hop RI Decode 언더레이

RI(0x1a)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령을 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x1a 0x1a
ASIC#:0 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 26 is hex 0x1a 
	MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, <-- MAC Address 5254.001c.7de0 corresponds to the next-hop
	L3IF LE Index 38


ASIC#:1 RI:26 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)<-- Decimal 26 is hex 0x1a 
	MAC Addr: MAC Addr: 52:54:00:1c:7d:e0, <-- MAC Address 5254.001c.7de0 corresponds to the next-hop
	L3IF LE Index 38

다음 홉 DI 디코드 언더레이

DI(0x526d)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI> 명령을 사용합니다.

Edge-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526d 0x526d
ASIC#0:

Destination index   = 0x526d  
pmap                = 0x00000000 0x00000002 <-- Take decimal 2 and convert to binary, so 0010, and then count this binary right to left zero-based, so Port 1
pmap_intf : [GigabitEthernet1/0/2]
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0
ASIC#1:

Destination index   = 0x526d  
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0

Edge-1#show platform software fed  switch active ifm mappings
Interface                 IF_ID    Inst Asic Core Port SubPort Mac  Cntx LPN  GPN  Type Active
GigabitEthernet1/0/1      0x1a       0   0   0    0      0      1    0    1    1    NIF  Y
GigabitEthernet1/0/2      0x1b       0   0   0    1      0      2    1    2    2    NIF  Y <-- Port 1 maps to Gig1/0/2
GigabitEthernet1/0/3      0xb        0   0   0    2      0      3    2    3    3    NIF  Y
GigabitEthernet1/0/4      0xc        0   0   0    3      0      4    3    4    4    NIF  Y
GigabitEthernet1/0/5      0xd        0   0   0    4      0      5    4    5    5    NIF  Y
GigabitEthernet1/0/6      0xe        0   0   0    5      0      6    5    6    6    NIF  Y
GigabitEthernet1/0/7      0xf        0   0   0    6      0      7    6    7    7    NIF  Y
GigabitEthernet1/0/8      0x10       0   0   0    7      0      8    7    8    8    NIF  Y

Next-Hop ri_hdl Decode 언더레이

ri_hdl (0x7f65ec8b8158)을 가져와서 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <ri_hdl> 명령에서 사용합니다. 1

Edge-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f65ec8b8158 1
Handle:0x7f65ec8b8158 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1
priv_ri/priv_si Handle: 0x7f65ec7a6338Hardware Indices/Handles: index0:0x1b  mtu_index/l3u_ri_index0:0x0  index1:0x1b  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:66 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 00 00 00 00 00 08 00 52 54 00 0a 42 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------
ASIC#:0 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
	MAC Addr: MAC Addr: 52:54:00:0a:42:f3,
	L3IF LE Index 37



Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
ASIC#:1 RI:27 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9)
	MAC Addr: MAC Addr: 52:54:00:0a:42:f3,
	L3IF LE Index 37


==============================================================

패킷은 VXLAN에서 캡슐화되고 로드 밸런싱 규칙에 따라 전송됩니다. EPC(Embedded Packet Capture)를 사용하여 모든 인터페이스의 트래픽을 동시에 캡처할 수 있습니다. 이때 패킷은 VXLAN으로 캡슐화되며, EPC 필터는 내부 IPv4 주소가 아니라 RLOC에서 RLOC으로 가는 것에 맞아야 합니다.

Edge-1#monitor capture 1 interface range g1/0/1-2 out match ipv4 host 10.47.1.12 host 10.47.1.13
Edge-1#monitor capture 1 start
Started capture point : 1
Edge-1#
Edge-1#monitor capture 1 stop
Capture statistics collected at software:
	Capture duration - 18 seconds
	Packets received - 4
	Packets dropped - 0
	Packets oversized - 0

Number of Bytes dropped at asic not collected

Capture buffer will exists till exported or cleared

Stopped capture point : 1

Edge-1#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0046, seq=0/0, ttl=63
    2   0.980849    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0046, seq=1/256, ttl=63
    3   1.984077    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0046, seq=2/512, ttl=63
    4   2.999989    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0046, seq=3/768, ttl=63

Edge-1#show monitor capture 1 buffer detailed 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

Frame 1: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 11, 2023 16:50:52.262553000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1697043052.262553000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 148 bytes (1184 bits)
    Capture Length: 148 bytes (1184 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:icmp:data]
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) <-- EPC does not capture L3 rewrite on egress properly, this is OK
    Destination: 00:00:00:00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 00:00:00:00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00:00:00:00 (00:00:00:00:00:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.13 <-- RLOC to RLOC 
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 134
    Identification: 0x1d6f (7535)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0x0682 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.1.12
    Destination: 10.47.1.13
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
    Source Port: 65354
    Destination Port: 4789
    Length: 114
    [Checksum: [missing]]
    [Checksum Status: Not present]
    [Stream index: 0]
    [Timestamps]
        [Time since first frame: 0.000000000 seconds]
        [Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
    Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
        1... .... .... .... = GBP Extension: Defined
        .... .... .0.. .... = Don't Learn: False
        .... 1... .... .... = VXLAN Network ID (VNI): True
        .... .... .... 0... = Policy Applied: False
        .000 .000 0.00 .000 = Reserved(R): 0x0000
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 4099 <-- LISP L3 IID 
    Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) <-- Dummy Ethernet header for VXLAN
    Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
        Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
        Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2 <-- True IPv4 addresses
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x92f6 (37622)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 63
    Protocol: ICMP (1)
    Header checksum: 0x8651 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.4.2
    Destination: 10.47.10.2
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xa383 [correct]
    [Checksum Status: Good]
    Identifier (BE): 70 (0x0046)
    Identifier (LE): 17920 (0x4600)
    Sequence number (BE): 0 (0x0000)
    Sequence number (LE): 0 (0x0000)
    Data (56 bytes)

0000  78 1e dc 17 00 00 00 00 00 00 00 00 00 00 00 00   x...............
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00                           ........
        Data: 781edc170000000000000000000000000000000000000000b^@&
        [Length: 56]

캡슐화된 VXLAN 패킷이 Edge-2에 도달함:

Edge-2#monitor capture 1 interface range g1/0/1-2 in match ipv4 host 10.47.1.12 host 10.47.1.13
Edge-2#monitor capture 1 start
Started capture point : 1
Edge-2#monitor capture 1 stop
Capture statistics collected at software:
	Capture duration - 7 seconds
	Packets received - 6
	Packets dropped - 0
	Packets oversized - 0

Number of Bytes dropped at asic not collected

Capture buffer will exists till exported or cleared

Stopped capture point : 1

Edge-2#show monitor capture 1 buffer brief
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0047, seq=0/0, ttl=63
    2   0.007826    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0047, seq=0/0, ttl=63
    3   0.086345    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0047, seq=1/256, ttl=63
    4   0.097490    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0047, seq=1/256, ttl=63
    5   1.150969    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0047, seq=2/512, ttl=63
    6   1.163817    10.47.4.2 -> 10.47.10.2   ICMP 148 Echo (ping) request  id=0x0047, seq=2/512, ttl=63

Edge-2#show monitor capture 1 buffer detailed 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

Frame 1: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 11, 2023 16:58:12.702159000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1697043492.702159000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 148 bytes (1184 bits)
    Capture Length: 148 bytes (1184 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:icmp:data]
Ethernet II, Src: 52:54:00:0a:42:11 (52:54:00:0a:42:11), Dst: 52:54:00:17:fe:65 (52:54:00:17:fe:65) <-- True MAC addresses post L3 rewrite
    Destination: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
        Address: 52:54:00:17:fe:65 (52:54:00:17:fe:65)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 52:54:00:0a:42:11 (52:54:00:0a:42:11)
        Address: 52:54:00:0a:42:11 (52:54:00:0a:42:11)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.1.12, Dst: 10.47.1.13 <-- RLOC to RLOC 
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 134
    Identification: 0x1d7b (7547)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 62
    Protocol: UDP (17)
    Header checksum: 0x0876 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.1.12
    Destination: 10.47.1.13
User Datagram Protocol, Src Port: 65354, Dst Port: 4789
    Source Port: 65354
    Destination Port: 4789
    Length: 114
    [Checksum: [missing]]
    [Checksum Status: Not present]
    [Stream index: 0]
    [Timestamps]
        [Time since first frame: 0.000000000 seconds]
        [Time since previous frame: 0.000000000 seconds]
Virtual eXtensible Local Area Network
    Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI)
        1... .... .... .... = GBP Extension: Defined
        .... .... .0.. .... = Don't Learn: False
        .... 1... .... .... = VXLAN Network ID (VNI): True
        .... .... .... 0... = Policy Applied: False
        .000 .000 0.00 .000 = Reserved(R): 0x0000
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 4099 <-- LISP L3 IID
    Reserved: 0
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38) <-- Dummy Ethernet header for VXLAN
    Destination: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
        Address: ba:25:cd:f4:ad:38 (ba:25:cd:f4:ad:38)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
        Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x1abb (6843)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 63
    Protocol: ICMP (1)
    Header checksum: 0xfe8c [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.4.2
    Destination: 10.47.10.2
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0x044f [correct]
    [Checksum Status: Good]
    Identifier (BE): 71 (0x0047)
    Identifier (LE): 18176 (0x4700)
    Sequence number (BE): 0 (0x0000)
    Sequence number (LE): 0 (0x0000)
    Data (56 bytes)

0000  e8 37 0b 32 00 00 00 00 00 00 00 00 00 00 00 00   .7.2............
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00                           ........
        Data: e8370b320000000000000000000000000000000000000000b^@&
        [Length: 56]

Edge-2는 VXLAN 헤더의 압축을 풀고 ARP 테이블을 참조하여 ICMP 요청을 10.47.10.2로 전달합니다

Edge-2#show ip cef vrf red_vn 10.47.10.2
10.47.10.2/32
  nexthop 10.47.10.2 Vlan1028

Edge-2#show platform software fed switch active ip adj
IPV4 Adj entries
dest                                          if_name                 dst_mac          si_hdl         ri_hdl         pd_flags adj_id     Last-modified           
----                                          -------                 -------          ------         ------         -------- ------     -------------           
10.47.10.2                                    Vlan1028                5254.0002.cbf5   0x7f5744f89988 0x7f5744f8afa8 0x0      0x26       2023/10/09 18:57:59.026 
<snip>

엔드포인트 si_hdl 디코딩

si_hdl (0x7f5744f89988)을 사용하여 show platform hardware fed switch active fwd-asic abstraction print-resource-handle <si_hdl> 1에 사용하십시오.

Edge-2#show platform hardware fed switch active fwd-asic abstraction print-resource-handle  0x7f5744f89988 1
Handle:0x7f5744f89988 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L3_UNICAST_IPV4 Lkp-ftr-id:LKP_FEAT_INVALID ref_count:2
priv_ri/priv_si Handle: 0x7f5744f8afa8Hardware Indices/Handles: index0:0xc8  mtu_index/l3u_ri_index0:0x0  index1:0xc8  mtu_index/l3u_ri_index1:0x0 
Features sharing this resource:66 (1)]
57 (1)]
Cookie length: 56
00 00 00 00 00 00 00 00 04 04 00 00 00 00 00 00 00 00 00 00 07 00 52 54 00 02 cb f5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 


Detailed Resource Information (ASIC_INSTANCE# 0)
----------------------------------------

Station Index (SI) [0xc8] <-- Station Index contains RI and DI
RI = 0x2c <-- Rewrite Index contains information for L2 Forwarding 
DI = 0x526e <-- Rewrite Index contains destination port information 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: LD 


Detailed Resource Information (ASIC_INSTANCE# 1)
----------------------------------------
Station Index (SI) [0xc8] <-- Station Index contains RI and DI 
RI = 0x2c <-- Rewrite Index contains information for L2 Forwarding 
DI = 0x526e <-- Rewrite Index contains destination port information 
stationTableGenericLabel = 0
stationFdConstructionLabel = 0x7
lookupSkipIdIndex = 0
rcpServiceId = 0
dejaVuPreCheckEn = 0x1
Replication Bitmap: CD 

==============================================================

엔드포인트 RI 디코드

RI(0x2c)를 가져와서 show platform hardware fed switch active fwd-asic resource asic all rewrite-index range <RI> <RI> 명령을 사용합니다.

Edge-2#show platform hardware fed switch active fwd-asic resource asic all rewrite-index range 0x2c 0x2c
ASIC#:0 RI:44 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 44 is hex 0x2c
	MAC Addr: MAC Addr: 52:54:00:02:cb:f5, <-- MAC Address 5254.0002.cbf5 is 10.47.10.2
	L3IF LE Index 50


ASIC#:1 RI:44 Rewrite_type:AL_RRM_REWRITE_L3_UNICAST_IPV4_SHARED(1) Mapped_rii:L3_UNICAST_IPV4(9) <-- Decimal 44 is hex 0x2c
	MAC Addr: MAC Addr: 52:54:00:02:cb:f5,<-- MAC Address 5254.0002.cbf5 is 10.47.10.2
	L3IF LE Index 50

엔드포인트 DI 디코드

DI(0x526e)를 받아 show platform hardware fed switch active fwd-asic resource asic all destination-index range <DI> <DI>에 사용합니다.

Edge-2#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x526e 0x526e
ASIC#0:

Destination index   = 0x526e  
pmap                = 0x00000000 0x00000010 <-- Convert 10 into binary, 0001 and 0000, so 00010000, and count from right to left, zero-based, so Port 4
pmap_intf : [GigabitEthernet1/0/5]
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0
ASIC#1:

Destination index   = 0x526e  
pmap                = 0x00000000 0x00000000
cmi                 = 0x0
rcp_pmap            = 0x0
al_rsc_cmi
CPU Map Index (CMI) [0]
ctiLo0              = 0
ctiLo1              = 0
ctiLo2              = 0
cpuQNum0            = 0
cpuQNum1            = 0
cpuQNum2            = 0
npuIndex            = 0
stripSeg            = 0
copySeg             = 0

Edge-2#show platform software fed switch active ifm mappings
Interface                 IF_ID    Inst Asic Core Port SubPort Mac  Cntx LPN  GPN  Type Active
GigabitEthernet1/0/1      0x1a       0   0   0    0      0      1    0    1    1    NIF  Y
GigabitEthernet1/0/2      0x1b       0   0   0    1      0      2    1    2    2    NIF  Y
GigabitEthernet1/0/3      0xb        0   0   0    2      0      3    2    3    3    NIF  Y
GigabitEthernet1/0/4      0xc        0   0   0    3      0      4    3    4    4    NIF  Y
GigabitEthernet1/0/5      0xd        0   0   0    4      0      5    4    5    5    NIF  Y <-- Port 4 corresponds to Gig1/0/5
GigabitEthernet1/0/6      0xe        0   0   0    5      0      6    5    6    6    NIF  Y
GigabitEthernet1/0/7      0xf        0   0   0    6      0      7    6    7    7    NIF  Y
GigabitEthernet1/0/8      0x10       0   0   0    7      0      8    7    8    8    NIF  Y

Edge-2는 패킷을 역캡슐화하여 HOST-03이 연결된 이그레스 인터페이스로 전송합니다.

Edge-2#monitor capture 1 interface g1/0/5 out match ipv4 host 10.47.4.2 host 10.47.10.2
Edge-2#monitor capture 1 start
Started capture point : 1
Edge-2#monitor capture 1 stop
Capture statistics collected at software:
	Capture duration - 6 seconds
	Packets received - 3
	Packets dropped - 0
	Packets oversized - 0

Number of Bytes dropped at asic not collected

Capture buffer will exists till exported or cleared

Stopped capture point : 1

Edge-2#show monitor capture 1 buffer brief 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

    1   0.000000    10.47.4.2 -> 10.47.10.2   ICMP 106 Echo (ping) request  id=0x0048, seq=0/0, ttl=62
    2   0.984985    10.47.4.2 -> 10.47.10.2   ICMP 106 Echo (ping) request  id=0x0048, seq=1/256, ttl=62
    3   1.985357    10.47.4.2 -> 10.47.10.2   ICMP 106 Echo (ping) request  id=0x0048, seq=2/512, ttl=62

Edge-2#show monitor capture 1 buffer detailed 
Starting the packet display ........ Press Ctrl + Shift + 6 to exit

Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface /tmp/epc_ws/wif_to_ts_pipe, id 0
    Interface id: 0 (/tmp/epc_ws/wif_to_ts_pipe)
        Interface name: /tmp/epc_ws/wif_to_ts_pipe
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 11, 2023 17:22:20.730331000 UTC
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1697044940.730331000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 106 bytes (848 bits)
    Capture Length: 106 bytes (848 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:cmd:ethertype:ip:icmp:data]
Ethernet II, Src: 00:00:00:00:61:00 (00:00:00:00:61:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) <-- Dummy Ethernet header, EPC does not capture it properly
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: 00:00:00:00:61:00 (00:00:00:00:61:00)
        Address: 00:00:00:00:61:00 (00:00:00:00:61:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: CiscoMetaData (0x8909)
Cisco MetaData
    Version: 1
    Length: 1
    Options: 0x0001
    SGT: 0
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.47.4.2, Dst: 10.47.10.2 <-- True IP addresses
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x35e4 (13796)
    Flags: 0x4000, Don't fragment
        0... .... .... .... = Reserved bit: Not set
        .1.. .... .... .... = Don't fragment: Set
        ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 62
    Protocol: ICMP (1)
    Header checksum: 0xe463 [validation disabled]
    [Header checksum status: Unverified]
    Source: 10.47.4.2
    Destination: 10.47.10.2
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0x2693 [correct]
    [Checksum Status: Good]
    Identifier (BE): 72 (0x0048)
    Identifier (LE): 18432 (0x4800)
    Sequence number (BE): 0 (0x0000)
    Sequence number (LE): 0 (0x0000)
    Data (56 bytes)

0000  69 9c 67 88 00 00 00 00 00 00 00 00 00 00 00 00   i.g.............
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00                           ........
        Data: 699c67880000000000000000000000000000000000000000b^@&
        [Length: 56]

개정 이력

개정	게시 날짜	의견
1.0	12-Oct-2023	최초 릴리스

Cisco 엔지니어가 작성

마리우시 카즈미에르스키
나단 판