在UCS上配置ELAM
下載選項
已更新: 2019 年 5 月 10 日
文件 ID:214397
無偏見用語
本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。
關於翻譯
思科可能会在某些地方提供本内容的当地语言翻译版本。请注意,翻译版本仅供参考,如有任何不一致之处,以本内容的英文版本为准。
簡介
本檔案介紹整合運算系統(UCS)第4代光纖互連(FI)6454中使用嵌入式邏輯分析器模組(ELAM)工具,以及如何以最佳方式使用該工具。
必要條件
本檔案沒有先決條件。
需求
思科建議您瞭解以下主題:
- UCS 6454光纖互連
採用元件
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊
UCS第4代FI能夠運行ELAM捕獲。ELAM捕獲嵌入在ASIC中。
ELAM工具允許即時檢視在ASIC級別轉發的資料包。您可以檢視封包的詳細資訊,例如:
- 輸入和輸出介面
- 最大傳輸單位(MTU)大小
- VLAN標籤
- 源裝置和目的裝置的MAC和IP地址
- 封包捨棄及其原因
- 服務品質(QoS)標籤
ELAM提供資料包轉發的詳細資訊。它對資料平面沒有中斷。
設定
通過命令列介面(CLI)登入UCS。
運行以下命令:
#connect nxos a|b
#attach module 1
#debug platform internal tah elam asic 0
#trigger init asic 0 slice 0 lu-a2d 1 in-select 6 out-select 1
#set outer ...
#start
#report
附註:第4代FI是一個單機架單元,具有一個單個模組(模組1),帶有一個ASIC(asic 0)和一個片(片0)。 請參閱下面的輸出。
RCH-SV-FFAIII-A(nx-os)# show hardware internal tah interface ethernet 1/30
#########################################
IfIndex: 436222464
DstIndex: 6028
IfType: 26
Interface name Ethernet1/30
Asic: 0
Asic: 0 <<<<<
AsicPort: 49
SrcId: 98
Slice: 0 <<<<<
PortOnSlice: 49
Table entries for interface Ethernet1/30
對於觸發器基於資料包屬性「lu-a2d 1」的ELAM,則使用它。值6和1將分別用於「in-select」和「out-select」
「set outer」命令是我們的過濾器,在此定義並告知FI我們要捕獲的資料包,有許多選項,我們可以根據需要進行細化:
module-1(TAH-elam-insel6)# set outer ?
arp ARP Fields
fcoe FCoE Fields
ipv4 IPv4 Fields
ipv6 IPv6 Fields
l2 All Layer 2 Fields
l4 L4 Fields
module-1(TAH-elam-insel6)# set outer l2 ?
cfi CFI Setting
cntag_vld CNTag Information Valid
cos Class of Service
dst_mac Destination MAC Address
qtag_vld VLAN Tag Information Valid
snap_vld SNAP Header Information Valid
src_mac Source MAC Address
vlan VLAN Id (Present only in case of FEX)
vntag_dvif VNTAG Destination vif
vntag_looped VNTAG Header Looped Valid
vntag_pointer VNTAG Header Pointer Valid
vntag_svif VNTAG Source vif
vntag_vld VNTAG Information Valid
module-1(TAH-elam-insel6)# set outer ipv4 ?
checksum Checksum
dscp Diff. Serv. Code Point
dst_ip Destination IP Address
ecn Explicit Congestion Ntfn
fragment-off Fragments Offset
header-len Header Length
more-frags More Fragments Available
next-protocol Next Protocol
packet-len Packet Total Length
pyld-len Payload Length
src_ip Source IP Address
ttl Time to Live
version Version
定義過濾器後,運行命令start運行ELAM工具。如果沒有捕獲到填充過濾條件的內容,則會出現以下情況:
module-1(TAH-elam-insel6)# report
ELAM not triggered yet on slot - 1, asic - 0, slice - 0
附註:「set」命令將跨ELAM存在,好的做法是在每次要捕獲具有不同IP、MAC等的流量時運行「reset」命令。
範例
1.從VM 172.16.35.31 ping網關172.16.35.126:
RCH-SV-FFAIII-A(nx-os)# attach module 1
module-1# debug platform internal tah elam asic 0
module-1(TAH-elam)# trigger init asic 0 slice 0 lu-a2d 1 in-select 6 out-select 1
param values: start asic 0, start slice 0, lu-a2d 1, in-select 6, out-select 1
module-1(TAH-elam-insel6)# set outer ipv4 src_ip 172.16.35.31 dst_ip 172.16.35.126
module-1(TAH-elam-insel6)# start
GBL_C++: [MSG] rocky_elam_wrapper_init:54:asic type 8 inst 0 slice 0 a_to_d 1 insel 6 outsel 1
GBL_C++: [MSG] rocky_elam_wrapper_enable:149:asic type 8 inst 0 slice 0 a_to_d 1
GBL_C++: [MSG] - writing data=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000005608118F800000
000000000000000000560811BF00000000000000000000001000000000000000000000000000000000000000000000000000000000001
GBL_C++: [MSG] - writing mask=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000007FFFFFFF800000
0000000000000000007FFFFFFF80000000000000000000003800000000000000000000000000000000000000000000000000000000001
module-1(TAH-elam-insel6)# report
HOMEWOOD ELAM REPORT SUMMARY
slot - 1, asic - 0, slice - 0
============================
Incoming Interface: Eth1/33
Src Idx : 0x1002, Src BD : 35
Outgoing Interface Info: dmod 1, dpid 4
Dst Idx : 0x604, Dst BD : 35
Packet Type: IPv4
Dst MAC address: 8C:60:4F:CD:FD:7C
Src MAC address: 00:25:C5:00:00:1E
.1q Tag0 VLAN: 35, cos = 0x1
Dst IPv4 address: 172.16.35.126
Src IPv4 address: 172.16.35.31
Ver = 4, DSCP = 0, Don't Fragment = 0
Proto = 1, TTL = 64, More Fragments = 0
Hdr len = 20, Pkt len = 84, Checksum = 0x5f19
L4 Protocol : 1
ICMP type : 8
ICMP code : 0
Drop Info:
----------
LUA:
LUB:
LUC:
LUD:
Final Drops:
驗證
帶有src_ip 172.16.35.31和dst_ip 172.16.35.126的資料包位於VLAN 35上,到達埠1/33(傳入介面),目的地為(傳出介面)介面"dpid4" ..什麼?「dpid」是ASIC埠內部識別符號,可以使用「show interface hardware-mappings」找到對映:
Incoming Interface: Eth1/33
Src Idx : 0x1002, Src BD : 35
interface Ethernet1/33
description S: Server, Port-channel 1025
no pinning server sticky
switchport mode fex-fabric
priority-flow-control mode on
fex associate 1
channel-group 1025
no shutdown
Outgoing Interface Info: dmod 1, dpid 4
Dst Idx : 0x604, Dst BD : 35
RCH-SV-FFAIII-A(nx-os)# show interface hardware-mappings
Legends:
SMod - Source Mod. 0 is N/A
Unit - Unit on which port resides. N/A for port channels
HPort - Hardware Port Number or Hardware Trunk Id:
HName - Hardware port name. None means N/A
FPort - Fabric facing port number. 255 means N/A
NPort - Front panel port number
VPort - Virtual Port Number. -1 means N/A
Slice - Slice Number. N/A for BCM systems
SPort - Port Number wrt Slice. N/A for BCM systems
SrcId - Source Id Number. N/A for BCM systems
------------------------------------------------------------------------
Name Ifindex Smod Unit HPort FPort NPort VPort Slice SPort SrcId
------------------------------------------------------------------------
.
Eth1/13 1a001800 1 0 4 255 48 -1 0 4 8
此「dpid 4」也對應於「show hardware internal tah interface ethernet 1/13」的含義:
RCH-SV-FFAIII-A(nx-os)# show hardware internal tah interface ethernet 1/13
#########################################
IfIndex: 436213760
DstIndex: 6096
IfType: 26
Interface name Ethernet1/13
Asic: 0
Asic: 0
AsicPort: 4 <<<<<
SrcId: 8
Slice: 0
PortOnSlice: 4 <<<<<
此封包已被ELAM第4層(L4)通訊協定識別為網際網路控制訊息通訊協定(ICMP)。請參閱IANA協定編號清單。您也可以使用特定的MTU大小進行過濾。 只有在達到準確的MTU時,ELAM才會觸發。
module-1(TAH-elam-insel6)# set outer ipv4 src_ip 172.16.35.31 dst_ip 172.16.35.126 packet-len 1500
Dst IPv4 address: 172.16.35.126
Src IPv4 address: 172.16.35.31
Ver = 4, DSCP = 0, Don't Fragment = 1
Proto = 1, TTL = 64, More Fragments = 0
Hdr len = 20, Pkt len = 1500, Checksum = 0x1758
L4 Protocol : 1
ICMP type : 8
ICMP code : 0
從虛擬機器(VM)到上游網路的ARP請求,將MAC地址設定為過濾器:
RCH-SV-FFAIII-B(nx-os)# attach module 1
module-1# debug platform internal tah elam asic 0
module-1(TAH-elam)# trigger init asic 0 slice 0 lu-a2d 1 in-select 6 out-select 1
param values: start asic 0, start slice 0, lu-a2d 1, in-select 6, out-select 1
module-1(TAH-elam-insel6)# set outer l2 src_mac 00:25:c5:00:00:1e dst_mac ff:ff:ff:ff:ff:ff
module-1(TAH-elam-insel6)# start
GBL_C++: [MSG] rocky_elam_wrapper_init:36:asic type 8 inst 0 slice 0 a_to_d 1 insel 6 outsel 1
GBL_C++: [MSG] rocky_elam_wrapper_enable:95:asic type 8 inst 0 slice 0 a_to_d 1
GBL_C++: [MSG] - writing data=0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000015820463E004B8A00003C0000000000000000000002000000000000000000000000000000000000000000000000000000000001
GBL_C++: [MSG] - writing mask=0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000001FFFFFFFFFFFFFFFFFFFE0000000000000000000003800000000000000000000000000000000000000000000000000000000001
module-1(TAH-elam-insel6)# report
HOMEWOOD ELAM REPORT SUMMARY
slot - 1, asic - 0, slice - 0
============================
Incoming Interface: Eth1/33
Src Idx : 0x1002, Src BD : 35
Outgoing Interface Info: dmod 1, dpid 4
Dst Idx : 0x604, Dst BD : 35
Packet Type: ARP
Dst MAC address: FF:FF:FF:FF:FF:FF
Src MAC address: 00:25:C5:00:00:1E
.1q Tag0 VLAN: 35, cos = 0x1
Target Hardware address: 00:00:00:00:00:00
Sender Hardware address: 00:25:C5:00:00:1E
Target Protocol address: 172.16.35.110
Sender Protocol address: 172.16.35.31
ARP opcode: 1
Drop Info:
----------
LUA:
LUB:
LUC:
LUD:
Final Drops:
系統會將資料包識別為ARP,當在VM或網關級別的ARP條目不完整時,這一點尤其有用。
如果適用,還將列出TCP/UDP埠,此處會測試SSH:
RCH-SV-FFAIII-B(nx-os)# attach module 1
module-1# debug platform internal tah elam asic 0
module-1(TAH-elam)# trigger init asic 0 slice 0 lu-a2d 1 in-select 6 out-select 1
param values: start asic 0, start slice 0, lu-a2d 1, in-select 6, out-select 1
module-1(TAH-elam-insel6)# set outer ipv4 src_ip 172.16.35.126 dst_ip 172.16.35.31
module-1(TAH-elam-insel6)# start
GBL_C++: [MSG] rocky_elam_wrapper_init:36:asic type 8 inst 0 slice 0 a_to_d 1 insel 6 outsel 1
GBL_C++: [MSG] rocky_elam_wrapper_enable:95:asic type 8 inst 0 slice 0 a_to_d 1
GBL_C++: [MSG] - writing data=0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000560811BF0000
000000000000000000005608118F80000000000000000000001000000000000000000000000000000000000000000000000000000000001
GBL_C++: [MSG] - writing mask=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000007FFFFFFF8000
000000000000000000007FFFFFFF80000000000000000000003800000000000000000000000000000000000000000000000000000000001
module-1(TAH-elam-insel6)# report
HOMEWOOD ELAM REPORT SUMMARY
slot - 1, asic - 0, slice - 0
============================
Incoming Interface: Eth1/14
Src Idx : 0x604, Src BD : 35
Outgoing Interface Info: dmod 1, dpid 44
Dst Idx : 0x1002, Dst BD : 35
Packet Type: IPv4
Dst MAC address: 00:25:C5:00:00:1E
Src MAC address: 8C:60:4F:CD:FD:7C
.1q Tag0 VLAN: 35, cos = 0x0
Dst IPv4 address: 172.16.35.31
Src IPv4 address: 172.16.35.126
Ver = 4, DSCP = 0, Don't Fragment = 0
Proto = 6, TTL = 64, More Fragments = 0
Hdr len = 20, Pkt len = 60, Checksum = 0x27f5
L4 Protocol : 6
TCP Dst Port : 22
TCP Src Port : 15067
Drop Info:
----------
LUA:
LUB:
LUC:
LUD:
Final Drops:
疑難排解
丟棄也記錄下來。FI會捨棄ARP請求:
RCH-SV-FFAIII-B(nx-os)# attach module 1
module-1# debug platform internal tah elam asic 0
module-1(TAH-elam)# trigger init asic 0 slice 0 lu-a2d 1 in-select 6 out-select 1
param values: start asic 0, start slice 0, lu-a2d 1, in-select 6, out-select 1
module-1(TAH-elam-insel6)# set outer l2 src_mac 00:25:c5:00:00:1e dst_mac ff:ff:ff:ff:ff:ff
module-1(TAH-elam-insel6)# start
GBL_C++: [MSG] rocky_elam_wrapper_init:54:asic type 8 inst 0 slice 0 a_to_d 1 insel 6 outsel 1
GBL_C++: [MSG] rocky_elam_wrapper_enable:149:asic type 8 inst 0 slice 0 a_to_d 1
GBL_C++: [MSG] - writing data=0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000971400007BFFFFFFFFFFFC00001
GBL_C++: [MSG] - writing mask=0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000003FFFFFFFFFFFFFFFFFFFFFFFC00001
module-1(TAH-elam-insel6)# report
HOMEWOOD ELAM REPORT SUMMARY
slot - 1, asic - 0, slice - 0
============================
Incoming Interface: Eth1/18
Src Idx : 0x603, Src BD : 35
Outgoing Interface Info: dmod 0, dpid 0
Dst Idx : 0x0, Dst BD : 35
Packet Type: ARP
Dst MAC address: FF:FF:FF:FF:FF:FF
Src MAC address: 00:25:C5:00:00:1E
.1q Tag0 VLAN: 35, cos = 0x1
Target Hardware address: 00:00:00:00:00:00
Sender Hardware address: 00:25:C5:00:00:1E
Target Protocol address: 172.16.35.99
Sender Protocol address: 172.16.35.31
ARP opcode: 1
Drop Info:
----------
LUA:
LUB:
LUC:
LUD:
MC_RPF_FAIILURE
SRC_VLAN_MBR
Final Drops:
MC_RPF_FAIILURE
SRC_VLAN_MBR
FI在連線埠1/18(這是上行鏈路連線埠)上收到一個ARP要求,其來源MAC為00:25:c5:00:00:1e,這可在虛擬乙太網路(vEth)連線埠上本地得知。此條件會觸發反向路徑轉發(RPF)丟棄。請注意,Outgoing Interface Info報告dpid 0,即丟棄。
連線埠1/18上不允許VLAN 35,這也會觸發捨棄SRC_VLAN_MBR。
RCH-SV-FFAIII-A(nx-os)# show run interface ethernet 1/18
interface Ethernet1/18
description U: Uplink
pinning border
switchport mode trunk
switchport trunk allowed vlan 1
channel-group 105 mode active
意見