Pruebas de cortes de fibra y UDLD
Fecha: 10 de mayo del 2017 (prácticas de CCNP Switching con Agustín Santarelli (futuro CCNP))
Escenario
Este escenario, mas allá de utilizar los comandos de UDLD (UniDirectional Link Detection) , se analiza la utilidad real de la función,
ya que en los libros se menciona que no tiene aplicación en puertos de cobre, y que se utiliza puntualmente para detectar cortes
en un solo pelo de fibra (recordemos que son dos pelos: Tx y Rx).
Pero nuestra teoría de la conspiración nos dice que cuando se corta un solo hilo, la interface completa cae, pero en casos de
interfaces de cobre con un media converter de fibra (no inteligente) conectado a ella, si esta condición se da, la interface de
cobre sigue UP-UP, por lo tanto allí si interviene UDLD.
De todas maneras, suponiendo que tenemos un solo pelo con conectividad: SwitchA (Tx) -> SwitchB (Rx), la interface de fibra en el
MC cae, por lo tanto SwitchB no recibirá mensajes STP que causen inconsistencias en la toplogía, tal como se menciona en la teoría.
1.- Verificación inicial
2.- Probando UDLD
2.1.- Verificación
inicial:
SwitchA#show udld
neighbors
Port
Device Name Device ID Port
ID Neighbor State
----
----------- ---------
------- --------------
Gi1/0/1
FOC1234V3CN
1
Gi0/1 Bidirectional
SwitchA#
SwitchB#sh udld
neighbors
Port
Device Name Device ID Port
ID Neighbor State
----
----------- ---------
------- --------------
Gi0/1
FOC2018S0LT
1
Gi1/0/1 Bidirectional
SwitchB#
SwitchA#ping
192.168.1.11
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.1.11, timeout is 2 seconds:
!!!!!
Success rate is 100
percent (5/5), round-trip min/avg/max = 3/4/7 ms
SwitchA#show int
gi1/0/1
GigabitEthernet1/0/1 is up,
line protocol is up (connected)
Hardware is
Gigabit Ethernet, address is 005f.86a7.2a01 (bia 005f.86a7.2a01)
MTU 1500 bytes,
BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation
ARPA, loopback not set
Keepalive set (10
sec)
Full-duplex,
1000Mb/s, media type is 10/100/1000BaseTX (cobre)
input
flow-control is off, output flow-control is unsupported
ARP type: ARPA,
ARP Timeout 04:00:00
Last input
00:00:00, output 00:00:06, output hang never
Last clearing of
"show interface" counters never
Input queue:
0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing
strategy: fifo
Output queue:
0/40 (size/max)
5 minute input
rate 0 bits/sec, 0 packets/sec
5 minute output
rate 0 bits/sec, 0 packets/sec
333 packets input, 29533 bytes, 0 no buffer
Received 322 broadcasts (310 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 310 multicast, 0 pause input
0 input packets with dribble condition detected
188 packets output, 24117 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
SwitchA#
2.2.- Simulamos la caída del segmento de fibra (un solo pelo):
Podemos observar que las interfaces de cobre siguen UP y el led de link de fibra en ambar en uno y off en el otro.
SwitchA#show int
gi1/0/1
GigabitEthernet1/0/1 is up,
line protocol is up (connected)
Hardware is
Gigabit Ethernet, address is 005f.86a7.2a01 (bia 005f.86a7.2a01)
MTU 1500 bytes,
BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation
ARPA, loopback not set
Keepalive set (10
sec)
Full-duplex,
1000Mb/s, media type is 10/100/1000BaseTX
input
flow-control is off, output flow-control is unsupported
ARP type: ARPA,
ARP Timeout 04:00:00
Last input
00:01:07, output 00:00:01, output hang never
Last clearing of
"show interface" counters never
Input queue:
0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing
strategy: fifo
Output queue:
0/40 (size/max)
5 minute input
rate 0 bits/sec, 0 packets/sec
5 minute output
rate 0 bits/sec, 0 packets/sec
336 packets input, 29725 bytes, 0 no buffer
Received 325 broadcasts (313 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 313 multicast, 0 pause input
0 input packets with dribble condition detected
226 packets output, 27064 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
SwitchA#
2.3.- Verificamos conectividad con la interface UP:
SwitchA#ping
192.168.1.11
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.1.11, timeout is 2 seconds:
.....
Success rate is 0
percent (0/5)
SwitchA#
May 10 10:00:56.039:
%UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi1/0/1, aggressive mode
failure detected
May 10 10:00:56.039:
%PM-4-ERR_DISABLE: udld error detected on Gi1/0/1, putting Gi1/0/1 in err-disable
state
May 10 10:00:57.042:
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed
state to down
May 10 10:00:58.042:
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
SwitchA#
2.4.- Verificamos la
interface:
SwitchA#show int
gi1/0/1
GigabitEthernet1/0/1 is down,
line protocol is down (err-disabled)
Hardware is
Gigabit Ethernet, address is 005f.86a7.2a01 (bia 005f.86a7.2a01)
MTU 1500 bytes,
BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation
ARPA, loopback not set
Keepalive set (10
sec)
Auto-duplex,
Auto-speed, media type is 10/100/1000BaseTX
input
flow-control is off, output flow-control is unsupported
ARP type: ARPA,
ARP Timeout 04:00:00
Last input
00:01:16, output 00:00:27, output hang never
Last clearing of
"show interface" counters never
Input queue:
0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing
strategy: fifo
Output queue:
0/40 (size/max)
5 minute input
rate 0 bits/sec, 0 packets/sec
5 minute output
rate 0 bits/sec, 0 packets/sec
502 packets input, 45631 bytes, 0 no buffer
Received 487 broadcasts (472 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 472 multicast, 0 pause input
0 input packets with dribble condition detected
835 packets output, 84291 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
SwitchA#
SwitchA#show udld
gi1/0/1
Interface Gi1/0/1
---
Port enable
administrative configuration setting: Enabled / in aggressive mode
Port enable operational
state: Enabled / in aggressive mode
Current bidirectional
state: Unknown
Current operational
state: Disabled port
Message interval: 7000
Time out interval: 5000
No neighbor cache
information stored
SwitchA#
SwitchB#show int gi
0/1
GigabitEthernet0/1 is down,
line protocol is down (err-disabled)
Hardware is
Gigabit Ethernet, address is 0022.be83.f281 (bia 0022.be83.f281)
MTU 1500 bytes,
BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation
ARPA, loopback not set
Keepalive set (10
sec)
Auto-duplex,
Auto-speed, media type is 10/100/1000BaseTX
input
flow-control is off, output flow-control is unsupported
ARP type: ARPA,
ARP Timeout 04:00:00
Last input
00:02:45, output 00:01:55, output hang never
Last clearing of
"show interface" counters never
Input queue:
0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing
strategy: fifo
Output queue:
0/40 (size/max)
5 minute input
rate 0 bits/sec, 0 packets/sec
5 minute output
rate 0 bits/sec, 0 packets/sec
182 packets input, 24206 bytes, 0 no buffer
Received 166 broadcasts (153 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 153 multicast, 0 pause input
0 input packets with dribble condition detected
1163 packets output, 100881 bytes, 0 underruns
2.5.- Reestablecemos la fibra
2.6.- Reestablecemos la conectividad
SwitchA#conf t
Enter configuration
commands, one per line. End with CNTL/Z.
SwitchA(config)#interface
gigabitEthernet 0/1
SwitchA(config-if)#shut
SwitchA(config-if)#no
shut
SwitchA(config-if)#end
SwitchA#
SwitchB#conf t
Enter configuration
commands, one per line. End with CNTL/Z.
SwitchB(config)#interface
gigabitEthernet 0/1
SwitchB(config-if)#shut
SwitchB(config-if)#no
shut
SwitchB(config-if)#end
SwitchB#
3.- Plan de mejoras:
3.1.- Establecemos la auto recuperación de la interface:
SwitchA(config)#errdisable
recovery cause udld
SwitchA(config)#errdisable recovery interval 30 (dejamos tiempo prudente para evitar flapping)
SwitchB(config)#errdisable
recovery cause udld
SwitchB(config)#errdisable
recovery interval 30
4.- Verificamos la auto recuperación:
SwitchA#
May 10 10:14:26.036:
%UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi1/0/1, aggressive mode
failure detected
May 10 10:14:26.036:
%PM-4-ERR_DISABLE: udld error detected on Gi1/0/1, putting Gi1/0/1 in
err-disable state
May 10 10:14:27.039:
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed
state to down
May 10 10:14:28.039:
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
SwitchA#
SwitchA#
May 10 10:14:56.029:
%PM-4-ERR_RECOVER: Attempting to recover from udld err-disable state on
Gi1/0/1
May 10 10:15:00.744:
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
May 10 10:15:01.747:
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed
state to up
SwitchA#
5.- Capturas de tráfico UDLD:
Al capturar el tráfico vía port mirroring, solo se captura el tráfico CDP y Wireshark lo reconoce junto a otros protocolos
pero no puntualmente las tramas UDLD, tampoco destinamos tiempo a interceptar con dispositivos tipo tap (o un HUB).
Fuente: http://packetlife.net/blog/2011/mar/7/udld/
6.- Configuración afectada:
SwitchA#sh runn (sólo lo mas relevante)
Building
configuration...
Current configuration :
1855 bytes
!
version 15.2
!
hostname SwitchA
!
udld aggressive
!
!
!
spanning-tree mode pvst
spanning-tree extend
system-id
errdisable recovery
cause udld
errdisable recovery
cause gbic-invalid
errdisable recovery
interval 30
!
interface
GigabitEthernet1/0/1
udld port
aggressive
!
interface
GigabitEthernet1/0/25
udld port aggressive
!
interface Vlan1
ip address
192.168.1.10 255.255.255.0
!
monitor session 1 source
interface Gi1/0/1
monitor session 1
destination interface Gi1/0/2
end
SwitchA#
(2017) How many packets does St Claus
lose ?
Rosario, Argentina