Re: N5K ethanalyzer port mapping

andy!doesnt!like!uucp · ‎10-22-2020

Hi All

i've faced the usecase of ethanalyzer with decode-internal keyword on the N5548UP 7.0.7.N1.1 to findout the egress&ingress interfaces for the flow. Finally i've obtained something like below in packet header & now looking for the way to decode Hdr sup_dst / Hdr sup_src_if values (which i believe are the internal indexes of SUP or physical interfaces. Surprisingly it didnt come easy. Anybody can help with good source document?

N5K Protocol
NSH WORD 1: 0x00000000
CDCE DA: eid_lo: 0 ul: 0 ig: 0 eid_hi: 0 sw_id: 0 sswid: 0
NSH WORD 2: 0x00000200
CDCE DA: lid: 0, CDCE SA: eid_lo 0 ul: 1 ig: 0 eid_hi: 0 sid_hi: 0
NSH WORD 3: 0x30000003
CDCE SA: sid_lo: 30 ssid: 0 lid: 3
NSH WORD 4: 0x01260020
sys_hdr_type: 0, tr_opt: 0, sup_src_if_mask: 1,
sup_code: 38, ftag: 0, l2mp_ttl: 32
NSH L2 Hdr DA: 1005CABF6F46
NSH L2 Hdr SA: 002A6ABEE781
NSH L2 Hdr sup_dst: 0xc2
NSH L2 Hdr sup_src_if: 0x01
NSH L2 Hdr stag: 0x00c9

Christopher Hart · ‎10-23-2020

Hi Andy!

Unfortunately, there is no public-facing document that describes how to map the sup_dst and sup_src_if values found in the N5K shim header to front-panel ports. However, mapping these values to front-panel interface is relatively straightforward.

In my lab, I have a Nexus 5548UP running NX-OS software release 7.3(2)N1(1) named LEAF-30.

LEAF-30# show module 
Mod Ports Module-Type                         Model                  Status
--- ----- ----------------------------------- ---------------------- -----------
1   32    O2 32X10GE/Modular Universal Platfo N5K-C5548UP-SUP        active *
3   0     O2 Daughter Card with L3 ASIC       N55-D160L3-V2          ok

Mod  Sw              Hw      World-Wide-Name(s) (WWN)
---  --------------  ------  ---------------------------------------------------
1    7.3(2)N1(1)     1.0     --
3    7.3(2)N1(1)     1.0     --

This switch is connected to a Nexus 7004 switch (named SPINE-2) through interface Ethernet1/3. The Nexus 7004 switch is visible as a CDP neighbor, which indicates that we are receiving CDP packets on Ethernet1/3.

LEAF-30# show cdp neighbors interface Ethernet1/3
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute


Device-ID             Local Intrfce Hldtme Capability  Platform         Port ID
SPINE-2(REDACTED)
                    Eth1/3         139    R S I s   N7K-C7004          Eth4/48

This means we should see CDP packets in the control plane of the switch, as shown by the example below.

LEAF-30# ethanalyzer local interface inbound-hi display-filter cdp limit-captured-frames 0

Capturing on inband
2020-10-23 18:40:07.018010 84:78:ac:0b:60:46 -> 01:00:0c:cc:cc:cc CDP Device ID: SPINE-2(REDACTED)  Port ID: Ethernet4/48

A detailed view of this packet with the internal N5K shim header decoded is shown below. Some fields are cut out for brevity:

LEAF-30# ethanalyzer local interface inbound-hi decode-internal display-filter cdp limit-captured-frames 0 detail
<snip>
Capturing on inband
N5K Protocol
    NSH WORD 1: 0x01000000
        CDCE DA: eid_lo: 0 ul: 0 ig: 1 eid_hi: 0 sw_id: 0 sswid: 0
    NSH WORD 2: 0x00050200
        CDCE DA: lid:   5, CDCE SA: eid_lo 0 ul: 1 ig: 0 eid_hi: 0 sid_hi: 0
    NSH WORD 3: 0x1e000005
        CDCE SA: sid_lo: 1e ssid: 0 lid: 5
    NSH WORD 4: 0x00040020
        sys_hdr_type: 0, tr_opt: 0, sup_src_if_mask: 0,
        sup_code: 4, ftag: 0, l2mp_ttl: 32
    NSH L2 Hdr DA: 01000CCCCCCC
    NSH L2 Hdr SA: 8478AC0B6046
    NSH L2 Hdr sup_dst: 0xc3
    NSH L2 Hdr sup_src_if: 0x03
    NSH L2 Hdr stag: 0xa00e
Frame 26 (243 bytes on wire, 243 bytes captured)
Ethernet II, Src: 84:78:ac:0b:60:46 (84:78:ac:0b:60:46), Dst: 01:00:0c:cc:cc:cc (01:00:0c:cc:cc:cc)
802.1Q Virtual LAN, PRI: 5, CFI: 0, ID: 14
Logical-Link Control
Cisco Discovery Protocol
    Version: 2
    TTL: 180 seconds
    Checksum: 0x55a8 [correct]
    Device ID: SPINE-2(REDACTED)
    Port ID: Ethernet4/48

The internal header of this packet has a sup_src_if hex value of 0x03 (decimal value of 3). It also has a sup_dst hex value of 0xc3 (decimal value of 195), but this isn't terribly useful to us, as we already know what internal inband interface of the supervisor it ingresses since we performed our Ethanalyzer capture with the inbound-hi keyword.

In our scenario, we already know that this packet ingresses via Ethernet1/3. We can find the sup_src_if value of Ethernet1/3 with the show platform fwm info pif Ethernet1/3 command. The output of this command will display a "sup_src_dst_if" value, which will be the decimal equivalent of the sup_src_if hex value found in our Ethanalyzer capture. An example of this is shown below:

LEAF-30# show platform fwm info pif Ethernet1/3
<snip>
Eth1/3 pd: sup_src_dst_if 3  lif_blk -1--1

In scenarios wherein we know the sup_src_if hex value from Ethanalyzer, but don't know the front-panel interface that maps to this value, we can use the show platform fwm info pif all command and search for the sup_src_if's decimal value. For example, LEAF-30 is also receiving a CDP packet from another switch named SPINE-1:

LEAF-30# ethanalyzer local interface inbound-hi display-filter cdp limit-captured-frames 0
<snip>
Capturing on inband
2020-10-23 18:52:29.541020 84:78:ac:0c:7b:46 -> 01:00:0c:cc:cc:cc CDP Device ID: SPINE-1(REDACTED)  Port ID: Ethernet4/47  

LEAF-30# ethanalyzer local interface inbound-hi decode-internal display-filter cdp limit-captured-frames 0 detail 
<snip>
N5K Protocol
    NSH WORD 1: 0x01000000
        CDCE DA: eid_lo: 0 ul: 0 ig: 1 eid_hi: 0 sw_id: 0 sswid: 0
    NSH WORD 2: 0x00050200
        CDCE DA: lid:   5, CDCE SA: eid_lo 0 ul: 1 ig: 0 eid_hi: 0 sid_hi: 0
    NSH WORD 3: 0x1e000007
        CDCE SA: sid_lo: 1e ssid: 0 lid: 7
    NSH WORD 4: 0x00040020
        sys_hdr_type: 0, tr_opt: 0, sup_src_if_mask: 0,
        sup_code: 4, ftag: 0, l2mp_ttl: 32
    NSH L2 Hdr DA: 01000CCCCCCC
    NSH L2 Hdr SA: 8478AC0C7B46
    NSH L2 Hdr sup_dst: 0xc3
    NSH L2 Hdr sup_src_if: 0x04
    NSH L2 Hdr stag: 0xa00e
Frame 50 (218 bytes on wire, 218 bytes captured)
Ethernet II, Src: 84:78:ac:0c:7b:46 (84:78:ac:0c:7b:46), Dst: 01:00:0c:cc:cc:cc (01:00:0c:cc:cc:cc)
802.1Q Virtual LAN, PRI: 5, CFI: 0, ID: 14
Logical-Link Control
Cisco Discovery Protocol
    Version: 2
    TTL: 180 seconds
    Checksum: 0x870c [correct]
    Device ID: SPINE-1(REDACTED)
    Port ID: Ethernet4/47

Our sup_src_if hex value is 0x04, so the equivalent decimal value would be 4:

LEAF-30# show platform fwm info pif all | include "sup_src_dst_if 4"
Eth1/4 pd: sup_src_dst_if 4  lif_blk -1--1

Sure enough, CDP reports that it knows of a Nexus 7004 switch named SPINE-1 on Ethernet1/4:

LEAF-30# show cdp neighbors interface Ethernet1/4
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute


Device-ID             Local Intrfce Hldtme Capability  Platform         Port ID
SPINE-1(REDACTED)
                    Eth1/4         141    R S I s   N7K-C7004          Eth4/47

I hope this helps - please let me know if you have any questions!

Thank you!

-Christopher

andy!doesnt!like!uucp · ‎10-23-2020

Hi Chris

thanks for the hint. but i have complexity in my case: unknown variable of where the ingress to N5K for this specific TCP flow comes from if i have n asymmetry (at the moment it looks like it's the case). meaning it's quite possible there is no control traffic from that unknown interface at all & i'll be not able to associate proper intf by other ingress packet's properties like source MAC. anyway i'll review my case from your hint perspective & take a scorepoint to your karma :0)