cisco 7600 packet_capture

1、Packet Capturing,By: wyuFeb, 2006,Agenda,,Packet Capture ToolsGeneral Packet Capture ModeCapture TipsUsing 7600 ELAM,Packet Capture/Analysis Tools,Most Commonly Used Packet Capture/Analysis Tool,Commercial Equipment:

2、 Agilent, Ixia, Spirent, etc.,PC based Software: Packet Sniffer, Ethereal, TCPdump, etc.,Cisco Proprietary: Pagent, ELAM,General Packet Capture Mode,Continuous Packet CapturingCapture all packets that meets the co

3、ndition that set by users in a fixed packet buffer.Packets are stored in the ring-type buffer and dropped in first-in first-out basis. Depending on the equipment vendor, capturing could stop whenever the packet buffer

4、 is full. Packet buffer size can be adjusted by usersTriggered Packet CapturingPacket capturing starts only when triggered condition meets.Capture stops after packet buffer is feltUsers might be able to set number o

5、f packets to be saved before trigger packets occurs,Capture Tips,Always set good filtersEliminate unwanted packets begin capture and waste buffer memoryNarrowed the scope for what packets to look forBe aware of promis

6、cuous mode being set by default, especially in the Ethernet case, it capture everything on the wire. Ensure correct physical layer property setting and L2 ProtocolEliminate the possibility for not being able to

7、capture packets due to CRC or Scrambling incorrectly setSet with correct L2 protocol, it helps the packet analyzer to decode packet with correct packet format as cases like encapsulation PPP/HDLC,My favorite capture set

8、up,TrafficSource,UUT,,Remote End,Fiber Splitter,,,Capture Tool,,Packets capturedOn this way out,,,,,,,,,,,,,,,,,,,Using 7600 ELAM,What’s ELAMELAM – Embedded Logic Analyzer ModuleIt is a EARL built-in logic analyzer

9、that can be used as a packet capture tool for superman and tycho ASIC’sWhat can it do and how to use it?How to enable it ? By configuring ‘service internal’.Where can I use it ? On any module that has an EARL7 ASIC co

10、mplex. A Supervisor 720 or a DFC3 capable card.On which prompt do I start it ? Either RP or SP prompt.How many packets can I capture ? ONEHow do I find the packet that I need ? By setting a trigger.How do I find out

11、which ASIC’s are available ?sh platform capture system asicRemember, ELAM only captures on superman and tycho asic!,SUP720 ASIC’s Physical Location,7600 Logical Block Diagram,SUP Complex : ASIC’s,Superman L2 Forwarding

12、 ASIC – EARL7 Tycho L3 Forwarding, Security and QoS ACL ASIC - EARL7 Super Solano 18 port Crossbar ASIC for the Sup720 that provides an aggregate bandwidth of 360 Gbps Pinnacle 4 port Gigabit ASIC Hyperion Fabric Int

13、erface and Multicast Replication ASIC ; NextGen Titan & Medusa Combo Titan ASIC which does Layer 2/3 packet replication Medusa Crossbar & Bus Fabric ASIC for Constellation+ and Super Constellation Systems,ELAM

14、CLI Options,centa#show platform capture elam ? asic select ELAM ASIC data show capture data help helper for elam capture release release ELAM lock start start capture status show capture sta

15、tus trigger define ELAM trigger,ELAM Usage Steps,1.) Specify ASIC where you want to use ELAM ELAM support is per ASIC, not per system. To see which ASICs have ELAM support in a system use ‘sh platform capture elam

16、 asic’ Example:harco#show platform capture elam asic Slot Cpu Asic Inst Ver PB Elam Active Lock---- --- -------- ---- --- -- ---- ------ ----6 0 TYCHO 0 2.2 Y 0 SUPERMAN 0

17、 1.3 Y * *2.) To select an actual ASIC use the use sh platform capture elam asic [slot ] [inst ],ELAM Usage Steps (Set Trigger),3.) Specify capture triggerMost challenging part of using ELAM is choosin

18、g the right trigger!CLI command to configure a trigger is ‘sh platform capture elam trigger …if …’Need to specify where the trigger will be applied:‘DBUS’ to match on DBUS header‘RBUS’ to match on RBUS header‘DE’

19、to match on Tycho’s decision engineNeed to specify the packet format to be capturedIPv4,IPv6,OthersFinally specify an actual trigger after ‘if’. For list of available parameters use ‘sh platform cap elam trigger … hel

20、p’ Note each asic/bus provides different set of triggers to match onTriggers from multiple ASICs cannot be mixed when using CLIWhen more than one trigger is specified (separated by space) they are logically AND (i.e. a

21、ll triggers should be true for packet to be captured). It is not possibly to logically OR the triggersAlso useful to see ENG-14749 “Constellation Bus Specification” for definition of the DBUS/RBUS fields,Dbus Capture Sa

22、mpleharco#show platform capture elam trigger dbus ipv4 if ip_da=160.1.1.1[255.255.255.255],ELAM Usage Steps (Start Capturing),4.) Start capturing harco#show platform capture elam start 5.) View capture statusharco

23、#show platform capture elam statu active ELAM info:Slot Cpu Asic Inst Ver PB Elam---- --- -------- ---- --- -- ----6 0 SUPERMAN 0 1.3 Y DBUS trigger: FORMAT=IP L3_PROTOCOL=IPV4 IP_DA=160.1.1.1[255.

24、255.255.255]elam capture in progress6.) View captured dataharco#show platform capture elam data,It changes to CompleteWhen packet is captured,,Captured Packet Content (dbus data),harco#show platform capture elam data

25、 DBUS data:SEQ_NUM [5] = 0x15QOS [3] = 0QOS_TYPE [1] = 0TYPE [4] = 0 [ETHERNET]STATUS_BPDU

26、 [1] = 0IPO [1] = 0NO_ESTBLS [1] = 0RBH [3] = b000CR [1] = 0TRUSTED [1] = 1

27、NOTIFY_IL [1] = 0NOTIFY_NL [1] = 0DISABLE_NL [1] = 0DISABLE_IL [1] = 0DONT_FWD [1] = 0INDEX_DIRECT

28、 [1] = 0DONT_LEARN [1] = 0COND_LEARN [1] = 0BUNDLE_BYPASS [1] = 0QOS_TIC [1] = 0INBAND

29、 [1] = 0IGNORE_QOSO [1] = 0IGNORE_QOSI [1] = 0IGNORE_ACLO [1] = 0IGNORE_ACLI [1] = 0PORT_QOS [1] = 0CACH

30、E_CNTRL [2] = 0 [NORMAL]VLAN [12] = 1020SRC_FLOOD [1] = 0SRC_INDEX [19] = 0x201LEN [16] = 64

31、FORMAT [2] = 0 [IP]MPLS_EXP [3] = 0x0,REC [1] = 0NO_STATS [1] = 0VPN_INDEX [10] = 0x100PA

32、CKET_TYPE [3] = 0 [ETHERNET]L3_PROTOCOL [4] = 0 [IPV4]L3_PT [8] = 255MPLS_TTL [8] = 0SRC_XTAG [4] =

33、 0x0DEST_XTAG [4] = 0x0FF [1] = 0MN [1] = 0RF [1] = 0SC [1] = 0CARD_TYP

34、E [4] = 0x0DMAC = 0012.43b2.a1c0SMAC = 0001.0000.0300IPVER [1] = 0 [IPV4]IP_DF [1]

35、= 0IP_MF [1] = 0IP_HDR_LEN [4] = 5IP_TOS [8] = 0x0IP_LEN [16] = 46IP_HDR_VALID [1] = 1IP_CHKS

36、UM_VALID [1] = 1IP_L4HDR_VALID [1] = 0IP_OFFSET [13] = 0IP_TTL [8] = 64IP_CHKSUM [16] = 0xC3CCIP_SA

37、 = 20.1.1.2IP_DA = 160.1.1.1IP_DATA [120]0000: 00 01 02 03 04 05 06 07 08 09 0A 0B 0D 10 11 "..............."CRC [16] = 0xDB2A

38、,Capture Packet Contents (rbus data),RBUS data:SEQ_NUM [5] = 0x15CCC [3] = b100 [L3_RW]CAP1 [1] = 0CAP2 [1

39、] = 0QOS [3] = 0EGRESS [1] = 0DT [1] = 1 [GENERIC]TL [1] = 0 [B32]FLOOD [

40、1] = 1DEST_INDEX [19] = 0x3FDVLAN [12] = 1021RBH [3] = b101RDT [1] = 0GENERIC [1]

41、= 0EXTRA_CICLE [1] = 0FABRIC_PRIO [1] = 0L2 [1] = 0FCS1 [8] = 0x1DELTA_LEN [8] = 4REWRITE_I

42、NFO i0 - replace bytes from ofs 0 to ofs 13 with seq '00 0B 45 B6 36 40 00 12 43 B2 A1 C0 88 47'. insert seq '00 01 21 3F' before ofs 14.FCS2 [8] = 0xC2,Same Packet C

43、aptured on Ixia,Some Trigger Setting Samples,For packet from/to any mac addressFor IP packetssh platform cap elam trigger dbus ipv4 if dmac=0001.0002.0003sh platform cap elam trigger dbus ipv4 if smac=0001.0002.0003F

44、or non-IP (others) dest. MACsh platform cap elam trigger dbus other if data=0x00010002 0x00030000 [0xffffffff 0xffff0000]For non-IP (others) source. MACsh platform cap elam trigger dbus if data=0 0x00000004 0x00050006

45、 [0 0x0000ffff 0xffffffff],Some Trigger Setting Samples (Cont.),For packet from/to RP LTL Index of the RP is 0x380, so in order to capture To RPsh platform cap elam trigger rbus if dest_index=0x380From RPsh platform

46、 cap elam trigger dbus ipv4 if src_index=0x380For MPLS Packet Capturingsh platform capture elam trigger dbus others if data = 0 0 0 0x8847f1ba 0xb0000000 [0 0 0 0xffffffff 0xf0000000] This trigger captures any unicast

47、 MPLS packet with outer label F1BAB,References:,CLI manualhttp://sjc-fs1-web/wg-c/cnaik-group/Published/Generic%20Trouble-shooting%20Tips/ELAM_CLI.htmlTOI slideshttp://sjc-fs1-web/wg-c/cnaik-group/Published/Generic%20