Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2038
Views
10
Helpful
8
Replies

debug ip packet | Packets which are supposed to be CEF switched

NetworkingGeek1
Level 1
Level 1

‎02-20-2023 03:21 AM

Hello community,

I have a question regarding "debug ip packet" command. As far as I know, it should show only packets which Process Switched, i.e. packets destined to the Router/Switch itself. I run this command on Cisco Catalyst 9500, but I also see packets which are not destined to the Switch and also it reads: Routed via FIB. And also, it's not consistent, for example if I do the ping from the same host to another host, sometimes it's seen in debug ip packet output and sometimes it's not seen. Can you please clarify how "debug ip packet" should exactly behave?

Labels:
8 Replies 8

MHM Cisco World
VIP
VIP

‎02-20-2023 03:23 AM

good Q.

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame

‎02-20-2023 03:27 AM

 

 - FYI : https://www.cisco.com/c/en/us/support/docs/dial-access/integrated-services-digital-networks-isdn-channel-associated-signaling-cas/10374-debug.html#debugippacket
      >...Before using debugging ip packet, note that the router is doing fast-switching by default, or may be doing CEF switching if configured to do so. This means that, once those techniques are in place, the packet is not provided to the processor, hence the debugging does not show anything. For this to work, you need to disable fast-switching on the router with no ip route-cache (for unicast packets) or no ip mroute-cache (for multicast packets). This should be applied on the interfaces where the traffic is supposed to flow. Verify this with the show ip route command.

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

NetworkingGeek1
Level 1
Level 1
In response to Mark Elsen

‎02-20-2023 04:11 AM - edited ‎02-20-2023 04:12 AM

Hello @Mark Elsen  Yes, I read it already, that's why I mentioned that "debug ip packet" should show only what is Process Switched. So, my question is, why do I see packets in "debug ip packet" output which are supposed to be CEF switched and therefore I should not see them in "debug ip packet" output? It's even mentioned there: Routed via FIB.

0 Helpful

MHM Cisco World
VIP
VIP

‎02-20-2023 04:34 AM

case1 
enable ip cef 
enable debug ip packet 100 <<- 100 is access list to filter only icmp packet 

ping from R3 toward R2 
you can see since the packet is to R2 the packet is process by CPU (control plane) and hence it appear via debug 

Screenshot (388).png

Case2 
enable ip cef 
enable debug ip packet 100 <<- 100 is access list to filter only icmp packet 

ping from R3 toward R1
you can see since the packet is to R1 and we enable CEF the packet is NOT process by CPU (control plane) but via DATA plane  and hence it NOT appear via debug 

Screenshot (389).png

Case3 
DISABLE ip cef 
enable debug ip packet 100 <<- 100 is access list to filter only icmp packet 

ping from R3 toward R1
you can see since the packet is to R1 and we DISABLE CEF the packet is process by CPU (control plane) NOT via DATA plane  and hence it appear via debug 

Screenshot (390).png

NetworkingGeek1
Level 1
Level 1
In response to MHM Cisco World

‎02-20-2023 03:15 PM - edited ‎02-20-2023 03:16 PM

hello @MHM Cisco World  thanks for the reply. Your results are expected. The same I expected from Cisco Catalyst 9500, but for some reason its behavior looks different. Of course CEF is enabled there. For example, when I ping from one host to another and this ping is going through the switch (hence it's Data Plane), and I run debug ip packets, I see some debug output.

Also interesting part: it's not showing me output for all pings from the same stream, meaning if, for example I run 100 pings from the same source host to the same destination host, it will not show me all 100 pings in debug output.

0 Helpful

MHM Cisco World
VIP
VIP
In response to NetworkingGeek1

‎02-20-2023 03:22 PM - edited ‎02-20-2023 03:29 PM

 Data Plane when receive first packet it must send to  Control Plane, which build entry in CEF in data plane 
then any packet for same source/destination will forward via data plane not via control plane. 
and this explain the some packet appear in debug ip packet.  

You must sure that ping is success if ping is not success then always the CPU reply to ICMP request and if some of CPU reply is missing that meaning that the CoPP of CPU is drop some ICMP to protect CPU from high rate traffic.

0 Helpful

NetworkingGeek1
Level 1
Level 1
In response to MHM Cisco World

‎02-20-2023 05:29 PM - edited ‎02-20-2023 05:29 PM

@MHM Cisco World 

"Data Plane when receive first packet it must send to Control Plane, which build entry in CEF in data plane
then any packet for same source/destination will forward via data plane not via control plane" - this is behavior of Fast Switching, not CEF. CEF doesn't need to punt first packets to CPU.

"You must sure that ping is success if ping is not success then always the CPU reply to ICMP request and if some of CPU reply is missing that meaning that the CoPP of CPU is drop some ICMP to protect CPU from high rate traffic." - it's true only if you ping something which is not reachable via routing table of Router and Router has to reply "destination host unreachable", if host is just not replying, Router doesn't need to send anything to the source.

0 Helpful

MHM Cisco World
VIP
VIP

‎02-22-2023 08:42 AM

can I see the debug you get 

0 Helpful
Customers Also Viewed These Support Documents