Dot1Q/L2P通道上的封包遺失
簡介
本檔案將討論疑難排解Cisco IOS®中由於Dot1Q/L2P通道上的網路設計不良而導致的封包遺失,並提供個例研究。
必要條件
需求
思科建議您瞭解以下主題:
-
有關Dot1Q隧道的基本知識
-
OSPF基礎知識
採用元件
本檔案所述內容不限於特定軟體或硬體版本。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
網路圖表
在此網路設定中,路由器7600-Core的介面Gi1/44和Gi1/43的路由器分別與3400-Metro-1的Fa0/13和Fa0/12位於單臂設定中。在7600-Dot1Q交換器中,介面Gi9/44和Gi 9/45使用Dot1q通道模式啟用。在3400-Metro Edge上建立了SVI VLAN介面,並將Fa0/13和Fa0/12配置為中繼埠。路由器使用OSPF相互通訊。
組態
| 7609核心 |
|---|
! version 15.0 hostname 7609-CORE interface GigabitEthernet1/43 mtu 9216 no ip address no ip redirects no ip proxy-arp load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 ! interface GigabitEthernet1/43.3503 encapsulation dot1Q 3503 ip address 172.16.41.17 255.255.255.252 no ip redirects no ip proxy-arp ip mtu 1500 ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf hello-interval 3 ip ospf dead-interval 10 ! ! interface GigabitEthernet1/44 mtu 9216 no ip address no ip redirects no ip proxy-arp load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 ! interface GigabitEthernet1/44.3803 encapsulation dot1Q 3803 ip address 172.16.73.137 255.255.255.248 secondary ip address 172.16.41.21 255.255.255.252 no ip redirects no ip proxy-arp ip mtu 1500 ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf cost 5 ip ospf hello-interval 3 ip ospf dead-interval 10 !--- Output omitted. ! end |
| 7609 DOT1Q |
|---|
! version 12.2 ! interface GigabitEthernet9/44 switchport switchport access vlan 24 switchport mode dot1q-tunnel mtu 9216 load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp no cdp enable spanning-tree portfast disable spanning-tree bpdufilter enable ! ! interface GigabitEthernet9/45 switchport switchport access vlan 24 switchport mode dot1q-tunnel mtu 9216 load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp no cdp enable spanning-tree portfast disable spanning-tree bpdufilter enable ! !--- Output omitted. ! end |
| 3400-Metro-1 |
|---|
! version 12.2 ! interface FastEthernet0/3 port-type nni switchport trunk allowed vlan 1052,3503 switchport mode trunk load-interval 60 ! interface FastEthernet0/4 port-type nni switchport trunk allowed vlan 1052,3803 switchport mode trunk load-interval 60 ! ! interface FastEthernet0/12 port-type nni switchport trunk allowed vlan 2-4094 switchport mode trunk ! interface FastEthernet0/13 port-type nni switchport trunk allowed vlan 2-4094 switchport mode trunk ! end |
| 3400-Metro Edge |
|---|
! version 12.2 ! interface FastEthernet0/12 port-type nni switchport mode trunk load-interval 60 storm-control broadcast level 1.00 spanning-tree portfast disable spanning-tree bpdufilter disable ! interface FastEthernet0/13 port-type nni switchport mode trunk load-interval 60 storm-control broadcast level 1.00 spanning-tree portfast disable spanning-tree bpdufilter disable ! ! interface Vlan3503 ip address 172.16.41.18 255.255.255.252 no ip redirects no ip proxy-arp ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf hello-interval 3 ip ospf dead-interval 10 ! interface Vlan3803 ip address 172.16.73.139 255.255.255.248 secondary ip address 172.16.41.22 255.255.255.252 no ip redirects no ip proxy-arp ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf cost 5 ip ospf hello-interval 3 ip ospf dead-interval 10 ! !--- Output omitted. ! end |
觀察
當封包通過Dot1Q通道時,會發生隨機Ping捨棄。但是,介面上沒有輸入/輸出丟棄,也沒有物理層問題的症狀。發出show interface <interface> 命令,以檢查介面上的輸入/輸出捨棄專案:
7609-Dot1Q#show interface gi9/44
!--- Output omitted.
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
0 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored
0 output errors, 0 collisions, 1 interface resets
0 lost carrier, 0 no carrier, 0 PAUSE output
!--- Output omitted.
從Metro-Edge發出大約100個Ping的ICMP流量時,核心區只收到95個回應,這表明路徑中丟棄了ICMP資料包。
Metro-Edge#ping 172.16.41.21 re 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 172.16.41.21, timeout is 2 seconds: .....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 95 percent (95/100), round-trip min/avg/max = ½/9 ms
注意:7609中的show ip traffic命令顯示僅接收到95個回波,而在Metro-edge中,該命令顯示傳送了100個回波。
| show ip traffic |
|---|
在Metro-Edge ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
0 echo, 95 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 0 unreachable, 100 echo, 0 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements
!--- The above output shows that 100 echos are sent !--- but received 95 replies from 7609-Core.
在7609-Core ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
95 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 0 unreachable, 0 echo, 95 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements |
疑難排解
驗證是否正確得知MAC位址,以排解封包捨棄的疑難問題。
使用show mac address table命令驗證MAC地址條目。
成功Ping
7609-DOT1q#sh mac-address-table address E05F.B972.1F00 all Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports ------+----------------+--------+-----+----------+-------------------------- Active Supervisor: * 24 e05f.b972.1f00 dynamic Yes 0 Gi9/44 !--- This output displays the MAC address learnt !--- and its associated port, in this case the associated !--- port for successful ping is Gi9/44.
對於故障Ping
7609-DOT1q#sh mac-address-table address E05F.B972.1F00 all Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports ------+----------------+--------+-----+----------+-------------------------- Active Supervisor: * 24 e05f.b972.1f00 dynamic Yes 5 Gi9/45 !--- This output displays the MAC address learnt !--- and its associated port, in this case, !--- the port number is Gi9/45.
要檢視詳細的MAC索引程式設計,請使用show mac-address-table命令。
7609-DOT1q#sh mac-address-table address E05F.B972.1F00 det MAC Table shown in details ======================================== PI_E RM RMA Type Alw-Lrn Trap Modified Notify Capture Flood Mac Address Age Pvlan SWbits Index XTag ----+---+---+----+-------+----+--------+------+-------+------+--------------+----+------+------+---- Active Supervisor: Yes No No DY No No Yes No No No e05f.b972.1f00 0xE0 24 0 0x22C 0
發出Remote login switch和test mcast ltl-info index <Index number>命令,以瞭解前一個HEX值指示的埠號。
7609-DOT1q-sp#test mcast ltl-info index 22B index 0x22B contain ports 9/44 7609-DOT1q-sp#test mcast ltl-info index 22C index 0x22C contain ports 9/45 !--- The output shows that hex number 22B !--- points to 9/44 port and hex 22C points to 9/45.
對於失敗的ping,源和目標索引是相同的埠,因此丟棄了。在7600上使用mac-address-table notification mac-move 命令啟用Mac-move時,它顯示兩個不同連線埠之間的MAC擺動,並且出現以下錯誤消息:
註:由於6500/7600使用交換機的一個公用MAC地址,因此在不同埠之間分配相同的MAC地址。show catalyst 6000 chassis-mac-address 命令會顯示保留的交換機MAC地址。
* Jul 2 10:29:44.011: %MAC_MOVE-SP-4-NOTIF: Host e05f.b972.1f00 in vlan 24 is flapping between port Gi9/45 and port Gi9/44 !--- The previous error message indicates !--- that the same MAC address is assigned between !--- two different ports: Gi9/45 and port Gi9/44.
解決方案
上一個網路是全網狀網路設定,在同一交換機上具有DOT1Q隧道終端。在這種網路設定中需要MAC擺動。為了避免MAC擺動,可以實施這些解決方案之一。
-
將通道端點移動到不同的交換器,例如,封裝和解除封裝應在不同的交換器中進行。
-
可以執行VLAN修剪來調節任何中繼埠中的VLAN。
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
06-Nov-2012 |
初始版本 |
意見