Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
5
Helpful
4
Replies

Outgoing SPAN packets not spanned in Fabric SPAN

RedNectar
VIP
VIP

‎02-05-2022 08:11 PM - edited ‎02-07-2022 11:08 AM

Hi,

TBH, I think I'm actually documenting a bug, but I hope someone cam either

  1. tell me I'm wrong and why, or
  2. actually do something about fixing the bug

Here's my picture

image.png

I have two PCs on the same subnet, one being attached via a VPC to a L2 switch - but the VPC link is down (as in shutdown at both ends).

I want to demonstrate that with the leg of the VPC being unavailable, traffic is then forced to go via the spine, so I set up a Fabric Span with the destination monitor PC attached to Leaf2201, and defined port 1/49 on each leaf to SPAN traffic in both directions for the relevant VPC.

TEST#1

I issue a single ping from the PC on the far right (10.218.12.10) to it's same-subnet neighbour 10.218.12.200 which is only reachable via the VPC orphan port on leaf 2201

WHAT I EXPECTED TO SEE ON THE MONITOR PC

I expected to see on the monitor PC

  1. An ICMP ping ECHO being SPANned from port 1/49 on leaf 2202 on its way to leaf 2201
  2. An ICMP ping ECHO being SPANned from port 1/49 on leaf 2201 as it arrived
  3. An ICMP ping REPLY being SPANned from port 1/49 on leaf 2201 on its way to leaf 2202
  4. An ICMP ping REPLY being SPANned from port 1/49 on leaf 2202 as it arrived

In other words, I expect to see TWO copies of the ping ECHO and TWO copies of the ping REPLY

WHAT I ACTUALLY SAW ON THE MONITOR PC

The monitor PC showed only packets 2,3 and 4.

THE OUTGOING PACKET FROM 1/49 ON LEAF 2202 was NOT spanned!  As you can see below, only ONE copy of the ping ECHO was spanned, but both copied of the ping REPLY.

image.png

TEST#2

I also tested pinging in the reverse direction. From 10.218.12.200 (the orphaned PC) to 10.218.12.10.

WHAT I EXPECTED TO SEE ON THE MONITOR PC

I expected to see on the monitor PC

  1. An ICMP ping ECHO being SPANned from port 1/49 on leaf 2201 on its way to leaf 2202
  2. An ICMP ping ECHO being SPANned from port 1/49 on leaf 2202 as it arrived
  3. An ICMP ping REPLY being SPANned from port 1/49 on leaf 2202 on its way to leaf 2201
  4. An ICMP ping REPLY being SPANned from port 1/49 on leaf 2201 as it arrived

Like last time, I expected to see TWO copies of the ping ECHO and TWO copies of the ping REPLY

WHAT I ACTUALLY SAW ON THE MONITOR PC

The monitor PC showed only packets 1,2 and 4.

AGAIN THE OUTGOING PACKET FROM 1/49 ON LEAF 2202 was NOT spanned!  As you can see below, the incoming ICMO ECHO on Leaf2202 was SPANned, but NOT the outgoing REPLY.

image.png

My Theory

I believe that when a switch participates in a VPC, it doe NOT SPAN outgoing packets when the VPC is broken.  <Edit>I haven't tried in the reverse direction, but </Edit> given that Test#1 and Test#2 above BOTH fail ONLY on leaf 2202, it is something to do with the VPC

<edit>I have now tried the complete reversal, shutting down the other leg of the VPC and forcing traffic between Leaf2201 and 2202 via the Spine. In this variation, it is Leaf2201 that refuses to SPAN forwarded packets, validating my hunch about the VPC. </edit>

FYI - If I reconfigure the topology to remove the VPC and just have a regular Access Port connection, then all four ICMP packets are SPANned as expected.

FYI - I have demonstrated this in the past (earlier versions of ACI) with out a problem.

 

For more detail, watch this. [Please mentally edit each occurrence of when I say "2201" but mean "2202" - of course, SOMETIMES I actually do mean "2201". You'll work it out.]

(view in My Videos)

Technical details:

apic1# show version
 Role        Pod         Node        Name                      Version
 ----------  ----------  ----------  ------------------------  --------------------
 controller  1           1           apic1                     5.2(3g)
 spine       1           2101        Spine2101                 n9000-15.2(3g)
 leaf        1           2201        Leaf2201                  n9000-15.2(3g)
 leaf        1           2202        Leaf2202                  n9000-15.2(3g)

apic1# fabric 2101,2201-2202 show version | grep -A1 Hardware
Hardware
  cisco N9K-C93180YC-FX ("supervisor")
--
Hardware
  cisco N9K-C93180YC-FX ("supervisor")
--
Hardware
  cisco N9K-C9332C ("supervisor")

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Labels:
4 Replies 4

Robert Burns
Cisco Employee
Cisco Employee

‎02-07-2022 07:52 AM

Chris, 

What's the Spine & Leaf HW models?

Robert

0 Helpful

RedNectar
VIP
VIP
In response to Robert Burns

‎02-07-2022 11:03 AM

Hi @Robert Burns ,

Thanks for checking - and sorry I forgot to include:

apic1# fabric 2101,2201-2202 show version | grep -A1 Hardware
Hardware
  cisco N9K-C93180YC-FX ("supervisor")
--
Hardware
  cisco N9K-C93180YC-FX ("supervisor")
--
Hardware
  cisco N9K-C9332C ("supervisor")

 

Full show version below

 

apic1# fabric 2101,2201-2202 show version
----------------------------------------------------------------
 Node 2201 (Leaf2201)
----------------------------------------------------------------
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Software
  BIOS:      version 05.45
  kickstart: version 15.2(3g) [build 15.2(3g)]
  system:    version 15.2(3g) [build 15.2(3g)]
  PE:        version 5.2(3g)
  BIOS compile time:       07/05/2021
  kickstart image file is: /bootflash/aci-n9000-dk9.15.2.3g.bin
  kickstart compile time:  12/17/2021 10:02:36 [12/17/2021 10:02:36]
  system image file is:    /bootflash/auto-s
  system compile time:     12/17/2021 10:02:36 [12/17/2021 10:02:36]


Hardware
  cisco N9K-C93180YC-FX ("supervisor")
   Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 24436736 kB of memory.
  Processor Board ID FDO23340LX2

  Device name: Leaf2201
  bootflash:    125029376 kB

Kernel uptime is 06 day(s), 22 hour(s), 31 minute(s), 26 second(s)

Last reset at 667000 usecs after Tue Feb 01 07:29:43 2022 AEDT
  Reason: system-power-cycled-due-to-cold-boot
  System version: 15.2(3g)
  Service: Power Cycle

plugin
  Core Plugin, Ethernet Plugin

----------------------------------------------------------------
 Node 2202 (Leaf2202)
----------------------------------------------------------------
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Software
  BIOS:      version 05.45
  kickstart: version 15.2(3g) [build 15.2(3g)]
  system:    version 15.2(3g) [build 15.2(3g)]
  PE:        version 5.2(3g)
  BIOS compile time:       07/05/2021
  kickstart image file is: /bootflash/aci-n9000-dk9.15.2.3g.bin
  kickstart compile time:  12/17/2021 10:02:36 [12/17/2021 10:02:36]
  system image file is:    /bootflash/auto-s
  system compile time:     12/17/2021 10:02:36 [12/17/2021 10:02:36]


Hardware
  cisco N9K-C93180YC-FX ("supervisor")
   Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 32694272 kB of memory.
  Processor Board ID FDO244610PH

  Device name: Leaf2202
  bootflash:    125029376 kB

Kernel uptime is 06 day(s), 22 hour(s), 47 minute(s), 02 second(s)

Last reset at 423000 usecs after Tue Feb 01 07:14:13 2022 AEDT
  Reason: system-power-cycled-due-to-cold-boot
  System version: 15.2(3g)
  Service: Power Cycle

plugin
  Core Plugin, Ethernet Plugin

----------------------------------------------------------------
 Node 2101 (Spine2101)
----------------------------------------------------------------
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Software
  BIOS:      version 05.45
  kickstart: version 15.2(3g) [build 15.2(3g)]
  system:    version 15.2(3g) [build 15.2(3g)]
  PE:        version 5.2(3g)
  BIOS compile time:       07/05/2021
  kickstart image file is: /bootflash/aci-n9000-dk9.15.2.3g.bin
  kickstart compile time:  12/17/2021 10:02:36 [12/17/2021 10:02:36]
  system image file is:    /bootflash/auto-s
  system compile time:     12/17/2021 10:02:36 [12/17/2021 10:02:36]


Hardware
  cisco N9K-C9332C ("supervisor")
   Intel(R) Xeon(R) CPU D-1526 @ 1.80GHz with 16203776 kB of memory.
  Processor Board ID FDO2329119D

  Device name: Spine2101
  bootflash:    125029376 kB

Kernel uptime is 07 day(s), 14 hour(s), 23 minute(s), 47 second(s)

Last reset at 676000 usecs after Mon Jan 31 15:32:41 2022 AEDT
  Reason: reset-by-installer
  System version: 15.2(3e)
  Service: Upgrade

plugin
  Core Plugin, Ethernet Plugin

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to RedNectar

‎02-07-2022 11:16 AM - edited ‎02-07-2022 11:39 AM

Just to be clear, there's no issue per say, other than you missing a phantom Spine packet in the SPAN test - and this behavior seems to have since changed since your last test.  Accurate?

And silly question (but needs to be asked), your Leafs only have a single uplink connected to the Spine?

Robert

0 Helpful

RedNectar
VIP
VIP
In response to Robert Burns

‎02-07-2022 11:26 AM

@Robert Burns wrote:

Just to be clear, there's no issue per say, other than you missing a phantom Spine packet in the ICMP test

Correct - at least that's all I've noticed.

- and this behavior seems to have since changed since your last test.  Accurate?

This is a lab - we do things like erase everything and re-install a couple of times a year, and try to keep it running the very latest release software.  TBH - I haven't played with SPAN for well over over a year - I think my previous experience was with v 4.x - so this MAY have been happening since v5.0 - or even earlier.

And silly question (but needs to be asked), your Leafs only have a single uplink connected to the Spine?

Correct

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License