本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。
思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。
本文說明如何在Catalyst 9000交換器上的軟體定義存取(SDA)中驗證第2層LISP。
思科建議您瞭解以下主題:
本文中的資訊係根據以下軟體和硬體版本:
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
SD-Access架構由為園區實施的交換矩陣技術提供支援。它支援使用在物理網路(底層網路)頂部運行的虛擬網路(重疊網路),以便建立連線裝置的備用拓撲。有關Cisco SD-Access解決方案不同元件的詳細資訊,請訪問:
L2-LISP例項的實際可用數比SDM模板上的最大數少64:
EDGE-1#show plat hardware fed switch active fwd-asic resource tcam utilization CAM Utilization for ASIC [0] Table Max Values Used Values -------------------------------------------------------------------------------- Unicast MAC addresses 32768/1024 44/21 L3 Multicast entries 8192/512 4/10 L2 Multicast entries 8192/512 1/9 Directly or indirectly connected routes 24576/8192 33/81 QoS Access Control Entries 5120 153 Security Access Control Entries 5120 180 Ingress Netflow ACEs 256 8 Policy Based Routing ACEs 1024 20 Egress Netflow ACEs 768 8 Flow SPAN ACEs 1024 13 Control Plane Entries 512 255 Tunnels 512 18 Lisp Instance Mapping Entries 512 16 Input Security Associations 256 4 Output Security Associations and Policies 256 5 SGT_DGT 8192/512 0/1 CLIENT_LE 4096/256 0/0 INPUT_GROUP_LE 1024 0 OUTPUT_GROUP_LE 1024 0 Macsec SPD 256 2
在這種情況下,載入了Cisco IOS® XE 16.9.8的邊緣節點的L2-LISP例項的實際可用數量為448(512 - 64)。
位於同一VN(虛擬網路)中的兩台主機,相同的VLAN/子網,但連線到不同的邊緣交換機。如拓撲圖所示,兩台邊緣交換機屬於同一SDA交換矩陣雲。兩台主機Client-1和Client-2是連線到VLAN 1021/子網10.90.10.1/24的同一VN Campus_VN的一部分。 ICMP資料包(ping)用於測試兩台主機之間的連通性。
Client-1>ping 10.90.10.20 Pinging 10.90.10.20 with 32 bytes of data: Reply from 10.90.10.20: bytes=32 time=4ms TTL=128 Reply from 10.90.10.20: bytes=32 time<1ms TTL=128 Reply from 10.90.10.20: bytes=32 time<1ms TTL=128 Ping statistics for 10.90.10.20: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 4ms, Average = 1ms Client-2>ping 10.90.10.10 Pinging 10.90.10.10 with 32 bytes of data: Reply from 10.90.10.10: bytes=32 time<1ms TTL=128 Reply from 10.90.10.10: bytes=32 time<1ms TTL=128 Reply from 10.90.10.10: bytes=32 time<1ms TTL=128 Ping statistics for 10.90.10.10: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
由於兩台邊緣交換機屬於同一個SDA交換矩陣,因此需要對邊緣1和邊緣2之間的所有生產流量進行VxLAN封裝。在這種情況下,邊緣交換器使用第3層執行個體ID(IID)4100和第2層執行個體ID 8191來封裝流量。
您首先需要確認控制平面資訊是否正確。如果來自控制平面的資訊(軟體狀態)看起來正常,則需要驗證資料平面(硬體狀態)。
如前所述,我們第一個場景中的兩台主機都駐留在VLAN 1021上,此VLAN/子網在SDA交換矩陣中延伸。首先,您需要從Digital Network Architecture Center(DNA Center或DNAC)在每台邊緣交換機上自動調配的VLAN 1021中檢查SVI的配置:
EDGE-1#show run int vlan 1021 Building configuration... Current configuration : 618 bytes ! interface Vlan1021 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f55e vrf forwarding Campus_VN ip address 10.90.10.1 255.255.255.0
ip helper-address 10.122.150.179 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility CAMPUS-WIRED-IPV4 end
EDGE-2#show run int vlan 1021 Building configuration... Current configuration : 618 bytes ! interface Vlan1021 description Configured from Cisco DNA-Center mac-address 0000.0c9f.f55e vrf forwarding Campus_VN ip address 10.90.10.1 255.255.255.0
ip helper-address 10.122.150.179 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility CAMPUS-WIRED-IPV4 end
正如您在輸出中看到的,L2和L3例項ID(IID)都不是SVI配置的一部分。在SDA環境中,這些例項由DNAC自動配置。因此,為了找到此資訊,您必須檢查裝置LISP running-configuration。但是,如果您有數百個VLAN,則查詢要驗證的實際的VLAN資訊並不容易
提示:提示:如果您事先不知道第2層ID資訊,可以運行此命令進行查詢(對於所討論的VLAN,請使用「包括」篩選器,在本例中為*VLAN 1021*
EDGE-1#show lisp instance-id * ethernet database | include Vlan 1021 LISP ETR MAC Mapping Database for EID-table Vlan 1021 (IID 8191), LSBs: 0x1
首先,您需要確認邊緣交換機的MAC地址表中同時存在兩個MAC地址(本地和遠端)。對於本地主機的MAC,還必須有一個ARP條目。您需要在兩台裝置上檢查相同的資訊。
EDGE-1#sh mac address-table | in 1021 1021 0000.0c9f.f55e STATIC Vl1021 1021000c.29ef.34d1 DYNAMIC Gi1/0/13 <<<< Local host
1021 2cab.eb4f.e6f5 STATIC Vl1021 1021000c.297b.3544 CP_LEARN Tu0 <<<< Remote host
EDGE-2#sh mac address-table | in 1021 1021 0000.0c9f.f55e STATIC Vl1021 1021 000c.297b.3544 STATIC Gi1/0/13 <<<< Local host
1021 70d3.79be.9675 STATIC Vl1021 1021 000c.29ef.34d1 CP_LEARN Tu0 <<<< Remote host
正如您在此輸出中所看到的,有一個條目將CP_LEARN作為遠端主機的地址型別。此條目來自Tu0,將在「解除封裝」一節中對此進行更詳細的討論。它顯示CP_LEARN,因為L2轉發從LISP控制平面(CP)獲取此資訊。
ARP表只包含本地主機的條目,因為遠端主機位置通過LISP解析,而不是直接通過ARP:
EDGE-1#sh ip arp vrf Campus_VN 10.90.10.10 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.90.10.10 0 000c.29ef.34d1 ARPA Vlan1021 <<<< Local host
EDGE-1#sh ip arp vrf Campus_VN 10.90.10.20
EDGE-1# <<<< Empty for remote host
EDGE-2#sh ip arp vrf Campus_VN 10.90.10.10
EDGE-2# <<<< Empty for remote host
EDGE-2#sh ip arp vrf Campus_VN 10.90.10.20
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.90.10.20 0 000c.297b.3544 ARPA Vlan1021 <<<< Local host
您從MAC地址表獲取的資訊也會填充到其硬體狀態對應項中,即MAC地址表管理器(MATM)。對於本地主機,交換機整合安全功能(SISF,也稱為裝置跟蹤)從客戶端監聽資訊並通知LISP CP有L2-EID(MAC)和L2-AR EID(IP/MAC)資訊,這是LISP Database填充的方式:
EDGE-1#show lisp instance-id 8191 ethernet database LISP ETR MAC Mapping Database for EID-table Vlan 1021 (IID 8191), LSBs: 0x1 Entries total 2, no-route 0, inactive 0000c.29ef.34d1/48, dynamic-eid Auto-L2-group-8191, inherited from default locator-set rloc_497d4d09-992e-4eaa-92c8-5c7e27d08734 Locator Pri/Wgt Source State 192.168.3.69 10/10 cfg-intf site-self, reachable
EDGE-2#show lisp instance-id 8191 ethernet database LISP ETR MAC Mapping Database for EID-table Vlan 1021 (IID 8191), LSBs: 0x1 Entries total 1, no-route 0, inactive 0000c.297b.3544/48, dynamic-eid Auto-L2-group-8191, inherited from default locator-set rloc_ccca08ff-fd0f-42e2-9fbb-a6521bb1b65e Locator Pri/Wgt Source State 192.168.3.68 10/10 cfg-intf site-self, reachable
此外,在LISP資料庫中,您還可以驗證本地主機的地址解析。這樣,您可以將L2資訊與第3層資料相關聯。如前所述,遠端主機的條目不會填充到裝置的常規ARP表中,因此此命令僅顯示通過ARP獲取的LISP EID資訊(僅針對本地主機):
提示:在此輸出中,您還可以找到與該主機/子網相關聯的L3 IID:4100。
EDGE-1#show lisp instance-id 8191 ethernet database address-resolution LISP ETR Address Resolution for EID-table Vlan 1021 (IID 8191) (*) -> entry being deleted Hardware Address Host Address L3 InstID 000c.29ef.34d1 10.90.10.10/32 4100
EDGE-2#show lisp instance-id 8191 ethernet database address-resolution LISP ETR Address Resolution for EID-table Vlan 1021 (IID 8191) (*) -> entry being deleted Hardware Address Host Address L3 InstID 000c.297b.3544 10.90.10.20/32 4100
另一個檢查是驗證遠端主機的位置。可以使用LIG命令解析和確定遠端MAC地址所在的RLOC(在這種情況下,可以通過cli手動觸發LIG,但當交換機需要將幀轉發到未知目標MAC時,它會自動發出LISP訊號以便解析該未知MAC的位置):
提示:由於您要檢查L2連線,因此您必須使用遠端主機的L2 ID和MAC地址作為LIG的EID。另一方面,如果要檢查第3層連線,則需要使用第3層ID(本例中為4100)和主機的實際IP作為LIG的EID。
EDGE-1#lig instance 8191 000c.297b.3544 Mapping information for EID 000c.297b.3544 from 192.168.2.2 with RTT 1 msecs 000c.297b.3544/48, uptime: 05:32:34, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt Encap-IID 192.168.3.68 05:32:34 up 10/10 - <<<< RLOC of Edge-2
EDGE-2#lig instance 8191 000c.29ef.34d1 Mapping information for EID 000c.29ef.34d1 from 192.168.2.2 with RTT 1 msecs 000c.29ef.34d1/48, uptime: 05:33:14, expires: 23:59:59, via map-reply, complete Locator Uptime State Pri/Wgt Encap-IID 192.168.3.69 05:33:14 up 10/10 - <<<< RLOC of Edge-1
來自遠端主機的RLOC也存在於LISP對映快取表中(如果您在此輸出中看不到來自遠端主機的資訊,請嘗試先為該主機執行LIG,然後再次檢查)。對於遠端主機,LISP使用LISP對映快取表中顯示的資訊更新交換機的L2轉發資訊,這就是通過Tu0以CP_LEARN型別獲取時,遠端主機的MAC地址顯示在交換機的MAC地址表中的原因:
EDGE-1#show lisp instance-id 8191 ethernet map-cache
LISP MAC Mapping Cache for EID-table Vlan 1021 (IID 8191), 1 entries
000c.297b.3544/48, uptime: 05:36:05, expires: 23:56:28, via map-reply, complete Locator Uptime State Pri/Wgt Encap-IID
192.168.3.68 05:36:05 up 10/10 - <<<< RLOC of Edge-2
EDGE-2#show lisp instance-id 8191 ethernet map-cache
LISP MAC Mapping Cache for EID-table Vlan 1021 (IID 8191), 1 entries
000c.29ef.34d1/48, uptime: 05:36:17, expires: 23:56:56, via map-reply, complete Locator Uptime State Pri/Wgt Encap-IID 192.168.3.69 05:36:17 up 10/10 - <<<< RLOC of Edge-1
SISF參與了監聽第3層到第2層對映的過程,以方便終端學習(通過DHCP和ARP監聽)。在L2-LISP中,邊緣節點完全基於第2層資訊轉發流量。SISF開始發揮作用,因為廣播ARP流量不會通過交換矩陣通過輸入/輸出隧道路由器(xTR - SDA架構中邊緣節點的另一個名稱)轉發。ARP流量通過交換矩陣進行隧道傳輸,而不是泛洪。
Edge節點的SISF元件在控制平面(CP)節點的對映伺服器和對映解析器(MSMR)功能上從其本地主機註冊ARP解析資訊(該資訊稱為終端ID - EID)。CP/MSMR節點維護由所有邊緣節點填充的對映資料庫。當主機嘗試通過ARP Request解析位於不同邊緣節點上的遠端主機的IP/MAC繫結時,本地邊緣節點會截獲並快取廣播ARP請求,然後偵聽資料包,並查詢CP/MSMR以進行IP到MAC的繫結。最後,邊緣節點將廣播目標Mac重寫為單播目標Mac(響應其查詢從CP/MSMR獲得),將單播ARP請求資料包封裝成VxLAN格式,並將其通過交換矩陣傳送到包含該目標的遠端邊緣節點。
SISF不僅幫助監聽資料包,而且通過適當使用ARP探測功能在裝置跟蹤資料庫中刷新本地條目。
EDGE-1#sh device-tracking database vlanid 1021 vlanDB has 5 entries for vlan 1021, 2 dynamic <snip> Network Layer Address Link Layer Address Interface vlan prlvl age state Time left ARP 10.90.10.20 000c.297b.3544 Tu0 1021 0005 15s REACHABLE 234s <<<< Remote host (info from the CP node via MSMR query)
ARP 10.90.10.1 0000c.29ef.34d1 Gi1/0/13 1021 0005 15s REACHABLE 300s <<<< Local host
EDGE-1#sh device-tracking database mac MAC Interface vlan prlvl state time left policy <snip> 000c.29ef.34d1 Gi1/0/13 1021 NO TRUST MAC-REACHABLE 284s IPDT_POLICY <<<< Local host
000c.297b.3544 Tu0 1021 NO TRUST MAC-REACHABLE 87s LISP-DT-GUARD-VLAN <<<< Remote host (info from the CP node via MSMR query)
EDGE-1#sh device-tracking database address all Network Layer Address Link Layer Address Interface vlan prlvl age state Time left <snip> ARP 10.90.10.20 000c.297b.3544 Tu0 1021 0005 2s REACHABLE 243s <<<< Remote host (info from the CP node via MSMR query)
ARP 10.90.10.10 000c.29ef.34d1 Gi1/0/13 1021 0005 2s REACHABLE 304s <<<< Local host
EDGE-2#sh device-tracking database vlanid 1021 vlanDB has 5 entries for vlan 1021, 2 dynamic <snip> Network Layer Address Link Layer Address Interface vlan prlvl age state Time left ARP 10.90.10.20 000c.297b.3544 Gi1/0/13 1021 0005 2s REACHABLE 250s <<<< Local host
ARP 10.90.10.10 000c.29ef.34d1 Tu0 1021 0005 2s REACHABLE 244s <<<< Remote host (info from the CP node via MSMR query)
EDGE-2#sh device-tracking database mac MAC Interface vlan prlvl state time left policy <snip> 000c.29ef.34d1 Tu0 1021 NO TRUST MAC-REACHABLE 187s LISP-DT-GUARD-VLAN <<<< Remote host (info from the CP node via MSMR query) 000c.297b.3544 Gi1/0/13 1021 NO TRUST MAC-REACHABLE 239s IPDT_POLICY <<<< Local host
EDGE-2#sh device-tracking database address all Network Layer Address Link Layer Address Interface vlan prlvl age state Time left <snip> ARP 10.90.10.20 000c.297b.3544 Gi1/0/13 1021 0005 29s REACHABLE 211s <<<< Local host
ARP 10.90.10.10 000c.29ef.34d1 Tu0 1021 0005 138s REACHABLE 108s <<<< Remote host (info from the CP node via MSMR query)
驗證控制平面資訊完整且正確後,現在可以檢視「資料平面」部分。
MATM代表MAC地址表管理器和常規MAC地址表的硬體抽象。
提示:本節中的命令與裝置的硬體抽象層相關。這表示,如果在堆疊組態中部署裝置,則不僅需要對Active成員執行命令,而且還需要對要驗證的成員交換器執行命令(例如,如果主機連線到堆疊的成員2,則也需要在cli上使用「switch 2」)。本文只使用獨立交換機,因此只驗證活動例項的資訊。
EDGE-1#show platform software fed switch active matm macTable vlan 1021
VLAN MAC Type Seq# EC_Bi Flags machandle siHandle riHandle diHandle *a_time *e_time ports ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ <snip> 1021 000c.29ef.34d1 0x1 1 0 0 0x7f9e1caa4358 0x7f9e1caf3fc8 0x0 0x7f9e1c7b5228 300 21 GigabitEthernet1/0/13
1021 000c.297b.3544 0x1000001 0 0 64 0x7f9e1cded158 0x7f9e1ce092f8 0x7f9e1ce08de8 0x7f9e1c2f4a48 0 16 RLOC 192.168.3.68 adj_id 23 Total Mac number of addresses:: 1 Summary: Total number of secure addresses:: 0 Total number of drop addresses:: 0 Total number of lisp local addresses:: 0 Total number of lisp remote addresses:: 0 *a_time=aging_time(secs) *e_time=total_elapsed_time(secs) Type: MAT_DYNAMIC_ADDR 0x1 MAT_STATIC_ADDR 0x2 MAT_CPU_ADDR 0x4 MAT_DISCARD_ADDR 0x8 MAT_ALL_VLANS 0x10 MAT_NO_FORWARD 0x20 MAT_IPMULT_ADDR 0x40 MAT_RESYNC 0x80 MAT_DO_NOT_AGE 0x100 MAT_SECURE_ADDR 0x200 MAT_NO_PORT 0x400 MAT_DROP_ADDR 0x800 MAT_DUP_ADDR 0x1000 MAT_NULL_DESTINATION 0x2000 MAT_DOT1X_ADDR 0x4000 MAT_ROUTER_ADDR 0x8000 MAT_WIRELESS_ADDR 0x10000 MAT_SECURE_CFG_ADDR 0x20000 MAT_OPQ_DATA_PRESENT 0x40000 MAT_WIRED_TUNNEL_ADDR 0x80000 MAT_DLR_ADDR 0x100000 MAT_MRP_ADDR 0x200000 MAT_MSRP_ADDR 0x400000 MAT_LISP_LOCAL_ADDR 0x800000 MAT_LISP_REMOTE_ADDR 0x1000000 MAT_VPLS_ADDR 0x2000000
如前面的輸出所示,遠端主機的MAC地址的位對映型別為0x100001:位0x1000000表示LISP遠端條目,位0x1為動態條目設定。此表中的其他重要值是machandle、siHandle和riHandle,請在下次驗證時使用此資訊。
電腦用於驗證此對象的硬體上程式設計的資訊,本例中為遠端MAC地址:
EDGE-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f9e1cded158 1 Handle:0x7f9e1cded158 Res-Type:ASIC_RSC_HASH_TCAM Res-Switch-Num:0 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_L2_SRC_MAC_VLAN ref_count:1 priv_ri/priv_si Handle: (nil)Hardware Indices/Handles: handle [ASIC: 0]: 0x7f9e1cded368 Features sharing this resource:Cookie length: 12 7b 29 0c 00 44 35 06 80 07 00 00 00 Detailed Resource Information (ASIC# 0) ---------------------------------------- Number of HTM Entries: 1 Entry 0: (handle 0x7f9e1cded368) Absolute Index: 4100 Time Stamp: 231
KEY - vlan:6 mac:0xc297b3544 l3_if:0 gpn:3401 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 MASK - vlan:0 mac:0x0 l3_if:0 gpn:0 epoch:0 static:0 flood_en:0 vlan_lead_wless_flood_en: 0 client_home_asic: 0 learning_peerid 0, learning_peerid_valid 0 SRC_AD - need_to_learn:0 lrn_v:0 catchall:0 static_mac:0 chain_ptr_v:0 chain_ptr: 0 static_entry_v:0 auth_state:0 auth_mode:0 auth_behavior_tag:0 traf_m:0 is_src_ce:0 DST_AD - si:0xd5 bridge:0 replicate:0 blk_fwd_o:0 v4_rmac:0 v6_rmac:0 catchall:0 ign_src_lrn:0 port_mask_o:0 afd_cli_f:0 afd_lbl:0 prio:3 dest_mod_idx:0 destined_to_us:0 pv_trunk:0 smr:1 ==============================================================
以下是Edge-1上一輸出中最重要的欄位:
先前輸出的主要VLAN ID必須與分配給VLAN 1021的硬體MVID值相符,您可以在以下命令輸出中找到該資訊:
EDGE-1#show platform software fed switch active vlan 1021 VLAN Fed Information Vlan Id IF Id LE Handle STP Handle L3 IF Handle SVI IF ID MVID ----------------------------------------------------------------------------------------------------------------------- 1021 0x0000000000420010 0x00007f9e1c65d268 0x00007f9e1c65da98 0x00007f9e1c995e18 0x000000000000003a 6
已確認,VLAN 1021的MVID值等於6!
若要檢查L2-LISP Tunnel0使用的GPN值,需要幾個命令。首先必須確認分配給Tunnel0的硬體介面ID:
EDGE-1#show platform software dpidb l2lisp 8191
Instance Id:8191, dpidx:4325400, vlan:1021, Parent Interface:Tunnel0(if_id:64) ### or alternatively you can use command: EDGE-1#show platform software fed sw active ifm interfaces l2-lisp
Interface IF_ID State ----------------------------------------------------------------------
Tunnel0 0x00000040 READY
現在,您可以在介面功能管理器(IFM)中驗證分配給該介面ID的屬性:
EDGE-1#show platform software fed switch active ifm if-id 64 <<<< 64 DEC = 0x40 HEX Interface IF_ID : 0x0000000000000040 Interface Name : Tunnel0 Interface Block Pointer : 0x7f9e1c91d5c8 Interface Block State : READY Interface State : Enabled Interface Status : ADD, UPD Interface Ref-Cnt : 2 Interface Type : L2_LISP <<<< Tunnel Type Is top interface : TRUE Asic_num : 0 Switch_num : 0 AAL port Handle : cc00005d Source Ip Address : 192.168.3.69 <<<< Tunnel Source Address (Lo0), RLOC of Edge-1 Vlan Id : 0 Instance Id : 0 Dest Port : 4789 <<<< VxLAN UDP Port SGT : Disable <<<< CTS not configured for this scenario Underlay VRF (V4) : 0 Underlay VRF (V6) : 0 Flood Access-tunnel : Disable Flood unknown ucast : Disable Broadcast : Disable Multicast Flood : Disable Decap Information TT HTM handle : 0x7f9e1c9c40e8 Port Information Handle ............ [0xcc00005d] Type .............. [L2-LISP-top] Identifier ........ [0x40] Unit .............. [64] L2 LISP Topology interface Subblock Switch Num : 1 Asic Num : 0 Encap PORT LE handle : 0x7f9e1c9befe8 Decap PORT LE handle : 0x7f9e1c91d818 L3IF LE handle : 0x7f9e1c9bf2b8 SI handle decap : 0x7f9e1c9c8568 DI handle : 0x7f9e1c2f4a48 RI handle : 0x7f9e1c9c4498 RCP Service ID : 0x0 GPN : 3401 <<<< GPN TRANS CATCH ALL handle : 0x7f9e1c2f5698 <snip>
除了3401的GPN值(與對遠端MAC的電腦進行硬體抽象驗證時獲取的資訊相匹配)之外,在前面的輸出中,您還有一些其他有用資訊,用於在通過L2-LISP隧道傳送時封裝流量,例如:隧道型別、隧道源IP地址、UDP目標埠等。
透過站台索引,您可以取得目的地索引和重寫索引,用於透過L2-LISP通道傳送流量。此資訊告訴我們如何和WHERE傳送封包:
提示:在此步驟中,您將收集另外兩個值,即DI(目標索引)和RI(重寫索引),以便將來參考。
EDGE-1#show platform hardware fed switch active fwd-asic resource asic all station-index range 0xd5 0xd5 ASIC#0: Station Index (SI) [0xd5] RI = 0x28 <<<< Rewrite Index DI = 0x5012 <<<< Destination Index stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD ASIC#1: Station Index (SI) [0xd5] RI = 0x28 DI = 0x5012 stationTableGenericLabel = 0 stationFdConstructionLabel = 0x7 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: RD CD
本節的重要內容是,物理埠的埠對映值(pmap)是全零,並且再循環埠對映(rcp_pmap)等於ASIC 0上的1。由於這些值使用布林邏輯,因此該輸出實際上意味著交換機不使用物理埠,而是使用邏輯介面 — Tunnel0 — 來轉發流量。請注意,僅ASIC 0的rcp_pmap為ON。
提示:用於轉發流量的實際ASIC取決於用於建立L2-LISP隧道(到上游裝置的底層連線)的物理埠,因為每個物理埠都對映到特定ASIC例項。此外,還要考慮交換機上的ASIC數量因型號而異。
EDGE-1#show platform hardware fed switch active fwd-asic resource asic all destination-index range 0x5012 0x5012 ASIC#0: Destination Index (DI) [0x5012] portMap = 0x00000000 00000000 <<<< All bits for physical ports are off cmi1 = 0 rcpPortMap = 0x1 <<<< Recirculation port-map bit is enabled CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0
ASIC#1: Destination Index (DI) [0x5012] portMap = 0x00000000 00000000 <<<< All bits for physical ports are off cmi1 = 0 rcpPortMap = 0 CPU Map Index (CMI) [0] ctiLo0 = 0 ctiLo1 = 0 ctiLo2 = 0 cpuQNum0 = 0 cpuQNum1 = 0 cpuQNum2 = 0 npuIndex = 0 stripSeg = 0 copySeg = 0
若要驗證此索引,必須使用與步驟1輸出的MATM表上的遠端MAC關聯的riHandle,在本例中為0x7f9e1ce08de8。重寫索引提供在封包透過L2-LISP通道傳送前強加給封包的VxLAN標頭的最終詳細資訊:
提示:此輸出中的RI值40必須與步驟5中的RI索引0x28(40 DEC = 0x28 HEX)相符。
EDGE-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f9e1ce08de8 1 Handle:0x7f9e1ce08de8 Res-Type:ASIC_RSC_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_L2_WIRELESS Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f9e1cded678Hardware Indices/Handles: index0:0x28 mtu_index/l3u_ri_index0:0x0 index1:0x28 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:58 (1)] Cookie length: 56 00 00 00 00 00 00 00 00 fd 03 00 00 00 00 00 00 00 00 00 00 07 00 00 0c 29 7b 35 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC# 0) ---------------------------------------- Rewrite Data Table Entry, ASIC#:0, rewrite_type:116, RI:40 <<<< Must match RI Index 0x28 from Step 5 Src IP: 192.168.3.69 <<<< VxLAN header (RLOC of the Local Edge node Edge-1) Dst IP: 192.168.3.68 <<<< VxLAN header (RLOC of the Remote Edge node Edge-2) iVxlan dstMac: 0x0c:0x297b:0x3544 <<<< MAC address of the Remote host iVxlan srcMac: 0x00:0x00:0x00 IPv4 TTL: 0 iid present: 1 lisp iid: 0 lisp flags: 0 dst Port: 46354 update only l3if: 0 is Sgt: 1 is TTL Prop: 0 L3if LE: 0 (0) Port LE: 276 (0) Vlan LE: 6 (0) Detailed Resource Information (ASIC# 1) ---------------------------------------- Rewrite Data Table Entry, ASIC#:1, rewrite_type:116, RI:40 Src IP: 192.168.3.69 Dst IP: 192.168.3.68 iVxlan dstMac: 0x0c:0x297b:0x3544 iVxlan srcMac: 0x00:0x00:0x00 IPv4 TTL: 0 iid present: 1 lisp iid: 0 lisp flags: 0 dst Port: 46354 update only l3if: 0 is Sgt: 1 is TTL Prop: 0 L3if LE: 0 (0) Port LE: 276 (0) Vlan LE: 6 (0) ==============================================================
定向到Client-2 - IP:10.90.10.20的原始ICMP資料包的轉發決策指向LISP介面:
EDGE-1#sh ip cef vrf Campus_VN 10.90.10.20 10.90.10.0/24 attached to LISP0.4100
原始資料包經過封裝並且在其後面附加了正確的VxLAN報頭後,您現在必須根據頂部的VxLAN欄位檢查轉發決策。在本例中,目的IP地址192.168.3.68(來自遠端邊緣2交換機的RLOC):
EDGE-1#show ip route 192.168.3.68 Routing entry for 192.168.3.68/32 Known via "isis", distance 115, metric 30, type level-1 Redistributing via isis Advertised by isis (self originated) Last update from 192.168.3.74 on TenGigabitEthernet1/1/1, 01:15:14 ago Routing Descriptor Blocks: * 192.168.3.74, from 192.168.3.68, 01:15:14 ago, via TenGigabitEthernet1/1/1 Route metric is 30, traffic share count is 1 EDGE-1#show ip cef 192.168.3.68 detail 192.168.3.68/32, epoch 3, per-destination sharing Adj source: IP midchain out of Tunnel0, addr 192.168.3.68 7FEADF30A390 Dependent covered prefix type adjfib, cover 0.0.0.0/0 1 RR source [no flags] nexthop 192.168.3.74 TenGigabitEthernet1/1/1 EDGE-1#show adjacency 192.168.3.68 detail Protocol Interface Address IP Tunnel0 192.168.3.68(4) 0 packets, 0 bytes epoch 0 sourced in sev-epoch 10 Encap length 28 4500000000000000FF113413C0A80345 C0A8034412B512B500000000 Tun endpt <<<< Adjacency type: Tunnel Next chain element: IP adj out of TenGigabitEthernet1/1/1, addr 192.168.3.74 <<<< Upstream connection from Underlay network
為了到達IP 192.168.3.68,流量必須通過介面Te1/1/1上的下一跳192.168.3.74,因此您還需要檢查下一跳IP的鄰接關係:
EDGE-1#show ip route 192.168.3.74 Routing entry for 192.168.3.74/31 Known via "connected", distance 0, metric 0 (connected, via interface) Advertised by isis level-2 Routing Descriptor Blocks: * directly connected, via TenGigabitEthernet1/1/1 Route metric is 0, traffic share count is 1 EDGE-1#show ip cef 192.168.3.74 detail 192.168.3.74/32, epoch 3, flags [attached] Interest List: - fib bfd tracking BFD state up, tracking attached BFD session on TenGigabitEthernet1/1/1 Adj source: IP adj out of TenGigabitEthernet1/1/1, addr 192.168.3.74 7FEADEADCFA8 Dependent covered prefix type adjfib, cover 192.168.3.74/31 1 IPL source [no flags] attached to TenGigabitEthernet1/1/1 EDGE-1#show adjacency 192.168.3.74 detail Protocol Interface Address IP TenGigabitEthernet1/1/1 192.168.3.74(40) 0 packets, 0 bytes epoch 0 sourced in sev-epoch 10 Encap length 14 00A3D14415582CABEB4FE6C60800 <<<< Layer-2 Rewrite Information for the traffic forwarded through this adjacency L2 destination address byte offset 0 L2 destination address byte length 6 Link-type after encap: ip ARP EDGE-1#show interfaces tenGigabitEthernet 1/1/1 | in bia Hardware is Ten Gigabit Ethernet, address is 2cab.eb4f.e6c6 (bia 2cab.eb4f.e6c6) EDGE-1#show ip arp Te1/1/1 Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.3.74 98 00a3.d144.1558 ARPA TenGigabitEthernet1/1/1
為了驗證交換機如何處理傳入VxLAN資料包,首先您需要瞭解在Tunnel0虛擬介面上收到流量時,如何解除封裝流。還記得上一步收集的Interface Manager(IFM)命令嗎?那時,您檢查了命令輸出的第一部分的資訊,現在,您必須驗證命令輸出的第二部分,即與Decap Information相關的部分:
EDGE-1#show platform software fed switch active ifm if-id 64 Interface IF_ID : 0x0000000000000040 Interface Name : Tunnel0 Interface Block Pointer : 0x7f9e1c91d5c8 <snip> Decap Information TT HTM handle : 0x7f9e1c9c40e8 Port Information Handle ............ [0xcc00005d] Type .............. [L2-LISP-top] Identifier ........ [0x40] Unit .............. [64] L2 LISP Topology interface Subblock Switch Num : 1 Asic Num : 0 Encap PORT LE handle : 0x7f9e1c9befe8 Decap PORT LE handle : 0x7f9e1c91d818 L3IF LE handle : 0x7f9e1c9bf2b8 SI handle decap : 0x7f9e1c9c8568 <<<< Station Index Handle DI handle : 0x7f9e1c2f4a48 RI handle : 0x7f9e1c9c4498 <<<< Rewrite Index Handle RCP Service ID : 0x0 GPN : 3401 TRANS CATCH ALL handle : 0x7f9e1c2f5698 Port L2 Subblock Enabled ............. [No] Allow dot1q ......... [No] Allow native ........ [No] Default VLAN ........ [0] Allow priority tag ... [No] Allow unknown unicast [No] Allow unknown multicast[No] Allow unknown broadcast[No] Allow unknown multicast[Enabled] Allow unknown unicast [Enabled] Protected ............ [No] IPv4 ARP snoop ....... [No] IPv6 ARP snoop ....... [No] Jumbo MTU ............ [0] Learning Mode ........ [0] Vepa ................. [Disabled] Port QoS Subblock Trust Type .................... [0x7] Default Value ................. [0] Ingress Table Map ............. [0x0] Egress Table Map .............. [0x0] Queue Map ..................... [0x0] Port Netflow Subblock Port CTS Subblock Disable SGACL .................... [0x0] Trust ............................ [0x0] Propagate ........................ [0x0] %Port SGT .......................... [1251474769] Ref Count : 2 (feature Ref Counts + 1) IFM Feature Ref Counts FID : 95 (AAL_FEATURE_L2_MULTICAST_IGMP), Ref Count : 1 No Sub Blocks Present
您必須考慮此輸出中的兩個值:Decap Information部分的L3介面邏輯實體(L3IF LE)控制代碼和Station Index(SI)控制代碼。
若要驗證與Tunnel0介面相關的功能,您需要從關聯的L3IF LE控制代碼取得資源控制代碼資訊。在此輸出中,您可以看到在布林邏輯中在該介面上啟用的功能,例如:在此隧道介面上啟用了LISP_VXLAN_ENABLE_IPV4功能。
EDGE-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f9e1c9bf2b8 1 | in VXLAN LEAD_L3IF_LISP_VXLAN_ENABLE_IPV4 value 1 Pass <<<< ASIC 0 LEAD_L3IF_LISP_VXLAN_ENABLE_IPV6 value 0 Pass LEAD_L3IF_LISP_VXLAN_ENABLE_IPV4 value 1 Pass <<<< ASIC 1 LEAD_L3IF_LISP_VXLAN_ENABLE_IPV6 value 0 Pass
您需要再次使用resource handle命令,以便檢查Station Index(SI Handle),並取得透過Tunnel0介面接收的流量使用的重寫索引(RI)和Destination Index(DI),且交換器需要將其解除封裝,然後再透過常規第2層轉送(本地MAC位址表)傳送到其最終目的地:
EDGE-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f9e1c9c8568 1 Handle:0x7f9e1c9c8568 Res-Type:ASIC_RSC_SI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f9e1c9c4498Hardware Indices/Handles: index0:0xac mtu_index/l3u_ri_index0:0x0 index1:0xac mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC# 0) ---------------------------------------- Station Index (SI) [0xac] RI = 0xa800 <<<< Rewrite Index DI = 0x5012 <<<< Destination Index stationTableGenericLabel = 0 stationFdConstructionLabel = 0x4 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: LD Detailed Resource Information (ASIC# 1) ---------------------------------------- Station Index (SI) [0xac] RI = 0xa800 DI = 0x5012 stationTableGenericLabel = 0 stationFdConstructionLabel = 0x4 lookupSkipIdIndex = 0 rcpServiceId = 0 dejaVuPreCheckEn = 0 Replication Bitmap: RD CD ==============================================================
從先前的輸出中,您已經知道DI = 0x5012意味著內部重新循環,這是有意義的,因為交換機需要在內部重新循環資料包以進行VxLAN報頭的沈積。這表示當交換機在隧道介面上收到VxLAN資料包時,需要重新循環該資料包,以刪除VxLAN報頭,從而能夠使用原始幀中的目的MAC地址將其傳送到最終目的地。為了驗證重寫索引,您必須從本節的步驟1中收集的RI控制代碼中檢查資源控制代碼資訊:
提示:此輸出中的RI值43008必須與上一步中的RI索引0xa800相匹配(43008 DEC = 0xa800 HEX)。
EDGE-1#show platform hardware fed switch active fwd-asic abstraction print-resource-handle 0x7f9e1c9c4498 1 Handle:0x7f9e1c9c4498 Res-Type:ASIC_RSC_PORT_LE_RI Res-Switch-Num:255 Asic-Num:255 Feature-ID:AL_FID_LISP Lkp-ftr-id:LKP_FEAT_INVALID ref_count:1 priv_ri/priv_si Handle: 0x7f9e1c9c87f8Hardware Indices/Handles: index0:0xa800 mtu_index/l3u_ri_index0:0x0 index1:0xa800 mtu_index/l3u_ri_index1:0x0 Features sharing this resource:109 (1)] Cookie length: 56 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Detailed Resource Information (ASIC# 0) ---------------------------------------- Rewrite Data Table Entry, ASIC#:0, rewrite_type:114, RI:43008 <<<< 43008 DEC = 0xa800 HEX Port LE handle: 0 Port LE Index: 275 Detailed Resource Information (ASIC# 1) ---------------------------------------- Rewrite Data Table Entry, ASIC#:1, rewrite_type:114, RI:43008 Port LE handle: 0 Port LE Index: 275 ==============================================================
您可以使用EPC工具確認通過Tunnel0介面轉發資料包時是否使用正確的VxLAN信息進行封裝。為此,您只需在構成Tunnel0(與上游裝置的底層連線)的物理介面上設定EPC捕獲,並使用過濾器僅捕獲傳送到另一台邊緣交換機的RLOC的資訊:
EDGE-1#show ip access-lists TAC Extended IP access list TAC 10 permit ip host 192.168.3.69 host 192.168.3.68 20 permit ip host 192.168.3.68 host 192.168.3.69 EDGE-1#mon cap tac int te1/1/1 both access-list TAC buffer size 100 EDGE-1#show mon cap tac Status Information for Capture tac Target Type: Interface: TenGigabitEthernet1/1/1, Direction: BOTH Status : Inactive Filter Details: Access-list: TAC Buffer Details: Buffer Type: LINEAR (default) Buffer Size (in MB): 100 File Details: File not associated Limit Details: Number of Packets to capture: 0 (no limit) Packet Capture duration: 0 (no limit) Packet Size to capture: 0 (no limit) Packet sampling rate: 0 (no sampling) EDGE-1#mon cap tac start Started capture point : tac
#### Four ICMP Requests from local host 10.90.10.10 to remote host 10.90.10.20 were sent and then the capture was stopped. EDGE-1#mon cap tac stop Capture statistics collected at software: Capture duration - 19 seconds Packets received - 12 Packets dropped - 0 Packets oversized - 0 Bytes dropped in asic - 0 Capture buffer will exists till exported or cleared Stopped capture point : tac EDGE-1#show mon cap tac buffer brief Starting the packet display ........ Press Ctrl + Shift + 6 to exit 1 0.000000 00:0c:29:ef:34:d1 -> 00:0c:29:7b:35:44 ARP 110 Who has 10.90.10.20? Tell 10.90.10.10 <<<< Unicast ARP Request 2 0.000744 00:0c:29:7b:35:44 -> 00:0c:29:ef:34:d1 ARP 110 10.90.10.20 is at 00:0c:29:7b:35:44 3 0.001387 10.90.10.10 -> 10.90.10.20 ICMP 124 Echo (ping) request id=0x0001, seq=66/16896, ttl=128 4 0.131122 00:0c:29:7b:35:44 -> 00:0c:29:ef:34:d1 ARP 110 Who has 10.90.10.10? Tell 10.90.10.20 <<<< Unicast ARP Request 5 0.132059 00:0c:29:ef:34:d1 -> 00:0c:29:7b:35:44 ARP 110 10.90.10.10 is at 00:0c:29:ef:34:d1 6 0.299394 10.90.10.20 -> 10.90.10.10 ICMP 124 Echo (ping) reply id=0x0001, seq=66/16896, ttl=128 (request in 3) 7 0.875191 10.90.10.10 -> 10.90.10.20 ICMP 124 Echo (ping) request id=0x0001, seq=67/17152, ttl=128 8 0.875465 10.90.10.20 -> 10.90.10.10 ICMP 124 Echo (ping) reply id=0x0001, seq=67/17152, ttl=128 (request in 7) 9 1.889098 10.90.10.10 -> 10.90.10.20 ICMP 124 Echo (ping) request id=0x0001, seq=68/17408, ttl=128 10 1.889384 10.90.10.20 -> 10.90.10.10 ICMP 124 Echo (ping) reply id=0x0001, seq=68/17408, ttl=128 (request in 9) 11 2.902932 10.90.10.10 -> 10.90.10.20 ICMP 124 Echo (ping) request id=0x0001, seq=69/17664, ttl=128 12 2.903234 10.90.10.20 -> 10.90.10.10 ICMP 124 Echo (ping) reply id=0x0001, seq=69/17664, ttl=128 (request in 11) #### You can also see the entire packet details with 'buffer detailed' option (use a filter for the appropriate Frame number): EDGE-1#show mon cap tac buffer detailed | be Frame 7 Frame 7: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) on interface 0 <snip> [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:icmp:data] Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00) <<<< Outer Layer-2 Data (VxLAN header). EPC is collected before outer layer-2 fields are added to the original frame, which is the reason why this section is empty (all-zeroes) Destination: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:00:00:00:00:00 (00:00:00:00:00:00) Address: 00:00:00:00:00:00 (00:00:00:00:00:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.3.69, Dst: 192.168.3.68 <<<< Outer IP Data (VxLAN header) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 110 Identification: 0x2204 (8708) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: UDP (17) Header checksum: 0xd1a0 [validation disabled] [Good: False] [Bad: False] Source: 192.168.3.69 Destination: 192.168.3.68 User Datagram Protocol, Src Port: 65344 (65344), Dst Port: 4789 (4789) Source Port: 65344 Destination Port: 4789 <<<< VxLAN UDP Port Length: 90 Checksum: 0x0000 (none) [Good Checksum: False] [Bad Checksum: False] [Stream index: 0] Virtual eXtensible Local Area Network Flags: 0x8800, GBP Extension, VXLAN Network ID (VNI) 1... .... .... .... = GBP Extension: Defined .... .... .0.. .... = Don't Learn: False .... 1... .... .... = VXLAN Network ID (VNI): True .... .... .... 0... = Policy Applied: False .000 .000 0.00 .000 = Reserved(R): False Group Policy ID: 0 VXLAN Network Identifier (VNI): 8191 <<<< VNI mapped to L2 Instance ID 8191 for L2-LISP Reserved: 0
########## Original Frame starts here (Inner headers) ########## Ethernet II, Src: 00:0c:29:ef:34:d1 (00:0c:29:ef:34:d1), Dst: 00:0c:29:7b:35:44 (00:0c:29:7b:35:44) Destination: 00:0c:29:7b:35:44 (00:0c:29:7b:35:44) <<<< MAC of Remote host Address: 00:0c:29:7b:35:44 (00:0c:29:7b:35:44) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: 00:0c:29:ef:34:d1 (00:0c:29:ef:34:d1) <<<< MAC of Local host Address: 00:0c:29:ef:34:d1 (00:0c:29:ef:34:d1) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.90.10.10, Dst: 10.90.10.20 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0x30b7 (12471) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ICMP (1) Header checksum: 0xe138 [validation disabled] [Good: False] [Bad: False] Source: 10.90.10.10 <<<< IP of Local host Destination: 10.90.10.20 <<<< IP of Remote host Internet Control Message Protocol Type: 8 (Echo (ping) request) Code: 0 Checksum: 0x4d18 [correct] Identifier (BE): 1 (0x0001) Identifier (LE): 256 (0x0100) Sequence number (BE): 67 (0x0043) Sequence number (LE): 17152 (0x4300) Data (32 bytes) 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi Data: 6162636465666768696a6b6c6d6e6f707172737475767761... [Length: 32]
修訂 | 發佈日期 | 意見 |
---|---|---|
1.0 |
14-Jun-2023 |
初始版本 |