on 03-05-2014 04:06 AM
CRS-I-------->ASR9010-A------->ASR9010-B (loopback IP 140.4.2.2).
Capturing egress packets which are sent as mpls packets.
We will look into both MPLS ping and normal ping.
Packet capture:
There are two methods to capture the packet on XR.
Please note: this method doesn't work for ASR9k.
interface GigabitEthernet0/1/0/6
cdp
ipv4 address 16.16.16.1 255.255.255.252
flow mpls monitor rak-mon sampler rak-sample egress
capture software packets
RP/0/RP0/CPU0:CRS-I#show cef 140.4.2.2 detail
140.4.2.2/32, version 1458, internal 0x4004001 (ptr 0x76547d44) [1], 0x0 (0x724969b8), 0x450 (0x72d85be0)
Updated Mar 5 09:45:11.731
remote adjacency to GigabitEthernet0/1/0/6
Prefix Len 32, traffic index 0, precedence routine (0), priority 1
gateway array (0x72237840) reference count 9, flags 0xd0, source lsd (3), 1 backups
[4 type 5 flags 0x10101 (0x72db76c8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0x724969b8, sh-ldi=0x72db76c8]
via 16.16.16.2, GigabitEthernet0/1/0/6, 4 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 [0x7340e224 0x0]
next hop 16.16.16.2
remote adjacency
local label 1000006 labels imposed {17042}
Make sure captured packet stats are clear before you execute the command.
clear captured packets egress interface gi 0/1/0/6 location 0/1/cpu0
RP/0/RP0/CPU0:CRS-I#ping 140.4.2.2 size 2000 donotfrag tim 0
Wed Mar 5 10:54:33.316 UTC
Type escape sequence to abort.
Sending 5, 2000-byte ICMP Echos to 140.4.2.2, timeout is 0 seconds:
.....
Success rate is 0 percent (0/5)
RP/0/RP0/CPU0:CRS-I#show captured packets egress interface gi 0/1/0/6 location 0/1/cpu0
Wed Mar 5 10:54:40.083 UTC
-------------------------------------------------------
packets captured on interface in egress direction
buffer overflow pkt drops:0, current: 6, non wrapping: 0 maximum: 200
-------------------------------------------------------
Wrapping entries
-------------------------------------------------------
[2] Mar 5 10:54:33.629, len: 186, hits: 1, o/p i/f: GigabitEthernet0/1/0/6
[punt reason: MPLS_INCOMPLETE_ADJ] [PPE used: cluster=0 ppe=0]
[ether dst: 4055.396b.1076 src: 6400.f19d.c47c type/len: 0x8847]
[MPLS label: 17042, exp 0x0, eos 1, ttl 255]
450000a8 be9e0000 ff01bc94 10101001 10101001 03041f20 000005d8 450007d0
00004000 ff01c615 10101001 8c040202 0800e076 61610000 abcdabcd abcdabcd
abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd
abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd
abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd 2000b8ce
00080101 042921ff
[3] Mar 5 10:54:33.629, len: 186, hits: 1, o/p i/f: GigabitEthernet0/1/0/6
[punt reason: MPLS_INCOMPLETE_ADJ] [PPE used: cluster=0 ppe=0]
[ether dst: 4055.396b.1076 src: 6400.f19d.c47c type/len: 0x8847]
[MPLS label: 17042, exp 0x0, eos 1, ttl 255]
450000a8 be9f0000 ff01bc93 10101001 10101001 03041f20 000005d8 450007d0
00014000 ff01c614 10101001 8c040202 0800e075 61610001 abcdabcd abcdabcd
abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd
abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd
abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd abcdabcd 2000b8ce
00080101 042921ff
Analysis:
Outgoing label: 17042 exp 0x0, End of stack 1, TTL 255.
Make sure ethernet type field is 0x8847 (mpls) in the packet
Decode the one in yellow which is a IP content.
Packet decoder:
Pick any Hex2IP decoder and put the entire hex content in bold.
output:
Internet Protocol, Src: 16.16.16.1 (16.16.16.1), Dst: 140.4.2.2 (140.4.2.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 2000
Identification: 0x0001 (1)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (0x01)
Header checksum: 0xc614 [correct]
[Good: True]
[Bad : False]
Source: 16.16.16.1 (16.16.16.1)
Destination: 140.4.2.2 (140.4.2.2)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0 ()
Checksum: 0xe075 [incorrect, should be 0x0872]
Identifier: 0x6161
Sequence number: 1 (0x0001)
Data (112 bytes)
0000 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0040 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0050 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0060 ab cd ab cd 20 00 b8 ce 00 08 01 01 04 29 21 ff .... ........)!.
Data: ABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCD...
[Length: 112]
Doing the same for MPLS ping: These packets by default be captured by LC CPU. No need to mention size.
clear captured packets egress interface gi 0/1/0/6 location 0/1/cpu0
RP/0/RP0/CPU0:CRS-I#ping mpls ipv4 140.4.2.2/32
Sending 5, 100-byte MPLS Echos to 140.4.2.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
RP/0/RP0/CPU0:CRS-I#show captured packets egress interface gi 0/1/0/6 location 0/1/cpu0
Wed Mar 5 11:07:45.861 UTC
-------------------------------------------------------
packets captured on interface in egress direction
buffer overflow pkt drops:0, current: 6, non wrapping: 0 maximum: 200
-------------------------------------------------------
Wrapping entries
-------------------------------------------------------
[2] Mar 5 11:07:18.618, len: 114, hits: 1, o/p i/f: GigabitEthernet0/1/0/6
[punt reason: MPLS_INCOMPLETE_ADJ] [PPE used: cluster=0 ppe=0]
[ether dst: 4055.396b.1076 src: 6400.f19d.c47c type/len: 0x8847]
[MPLS label: 17042, exp 0x0, eos 1, ttl 255]
46000060 11d84000 0111339f 10101001 7f000001 94040000 0daf0daf 0048fd9a
00010000 01020000 00000036 00000001 d6c183e6 9de6a351 00000000 00000000
fc00000c 00000009 00010004 00000004 0001000c 00010005 8c040202 20000000
[3] Mar 5 11:07:18.624, len: 114, hits: 1, o/p i/f: GigabitEthernet0/1/0/6
[punt reason: MPLS_INCOMPLETE_ADJ] [PPE used: cluster=0 ppe=0]
[ether dst: 4055.396b.1076 src: 6400.f19d.c47c type/len: 0x8847]
[MPLS label: 17042, exp 0x0, eos 1, ttl 255]
46000060 11d94000 0111339e 10101001 7f000001 94040000 0daf0daf 0048d1a7
00010000 01020000 00000036 00000002 d6c183e6 9f6fcdba 00000000 00000000
fc00000c 00000009 00010004 00000004 0001000c 00010005 8c040202 20000000
Pick any Hex2IP decoder and put the entire hex content in bold.
output:
Internet Protocol, Src: 16.16.16.1 (16.16.16.1), Dst: 127.0.0.1 (127.0.0.1)
Version: 4
Header length: 24 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 96
Identification: 0x2c41 (11329)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 1
[Expert Info (Note/Sequence): "Time To Live" only 1]
[Message: "Time To Live" only 1]
[Severity level: Note]
[Group: Sequence]
Protocol: UDP (0x11)
Header checksum: 0x1936 [correct]
[Good: True]
[Bad : False]
Source: 16.16.16.1 (16.16.16.1)
Destination: 127.0.0.1 (127.0.0.1)
Options: (4 bytes)
Router Alert: Every router examines packet
User Datagram Protocol, Src Port: 3503 (3503), Dst Port: 3503 (3503)
Source port: 3503 (3503)
Destination port: 3503 (3503)
Length: 72
Checksum: 0xe5ea [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Multiprotocol Label Switching Echo
Version: 1
Global Flags: 0x0000
0000 0000 0000 000. = Reserved: 0x0000
.... .... .... ...0 = Validate FEC Stack: False
Message Type: MPLS Echo Request (1)
Reply Mode: Reply via an IPv4/IPv6 UDP packet (2)
Return Code: No return code (0)
Return Subcode: 0
Sender's Handle: 0x00000038
Sequence Number: 6261
Timestamp Sent: Mar 5, 2014 11:10:43.4066 UTC
Timestamp Received: NULL
Vendor Private
Type: Vendor Private (64512)
Length: 12
Vendor Id: ciscoSystems (9)
Value: 0001000400000004
Target FEC Stack
Type: Target FEC Stack (1)
Length: 12
FEC Element 1: LDP IPv4 prefix
Type: LDP IPv4 prefix (1)
Length: 5
IPv4 Prefix: 140.4.2.2 (140.4.2.2)
Prefix Length: 32
Padding
2. You could use netflow on the interface CRS interface to capture how CRS sending out the ICMP packet.
Please note: Netflow will only capture header content, but not the payload.
Drawback:
The flow monitor would not record MPLS ping packets (UDP) but works well for regular ping.. But if you do the netflow on the ingress of the peer router, you could see the mpls ping packets recorded by the netflow.
Ex:
flow monitor-map rak-mon
record mpls ipv4-fields labels 1
exporter rak
cache timeout active 604000
cache timeout inactive 604000
flow exporter-map flow-export
version v9
options interface-table
!
!
sampler-map rak-sample
random 1 out-of 5
RP/0/RP0/CPU0:CRS-I#show run int gi 0/1/0/6
Wed Mar 5 09:36:07.259 UTC
interface GigabitEthernet0/1/0/6
cdp
ipv4 address 16.16.16.1 255.255.255.252
flow mpls monitor rak-mon sampler rak-sample egress
Load distribution: 0 (refcount 4)
Hash OK Interface Address
0 Y GigabitEthernet0/1/0/6 remote
RP/0/RP0/CPU0:CRS-I#ping 140.4.2.2 count 1000 tim 0
Wed Mar 5 09:58:37.360 UTC
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 140.4.2.2, timeout is 0 seconds:
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
....................
Success rate is 0 percent (0/1000)
RP/0/RP0/CPU0:CRS-I#show flow monitor rak-mon cache location 0/1/cpu0
Wed Mar 5 09:58:43.139 UTC
Cache summary for Flow Monitor rak-mon:
Cache size: 65535
Current entries: 1
High Watermark: 62258
Flows added: 1
Flows not added: 0
Ager Polls: 11
- Active timeout 0
- Inactive timeout 0
- TCP FIN flag 0
- Watermark aged 0
- Emergency aged 0
- Counter wrap aged 0
- Total 0
Periodic export:
- Counter wrap 0
- TCP FIN flag 0
Flows exported 0
LabelType Prefix/Length Label1-EXP-S InputInterface OutputInterface ForwardStatus FirstSwitched LastSwitched ByteCount PacketCount Dir SamplerID IPV4SrcAddr IPV4DstAddr IPV4TOS IPV4Prot L4SrcPort L4DestPort L4TCPFlags
LDP 140.4.2.2/32 17042-0-1 0 Gi0/1/0/6 FwdNoFrag 41 10:55:30:253 41 10:55:30:329 19344 186 Egr 6 16.16.16.1 140.4.2.2 0 icmp 0 2048 0
Matching entries: 1
Total packets : 186 ( since we are doing 1 packet out of 5 as sampling rate).
Out going label : 17042 0 (exp) End of stack 1.
To clear the cache,
clear flow monitor rak-mon cache loc 0/1/cpu0
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: