Pruebas de cortes de fibra y UDLD

Fecha: 10 de mayo del 2017 (prácticas de CCNP Switching con Agustín Santarelli (futuro CCNP))

 

Escenario

 

Este escenario, mas allá de utilizar los comandos de UDLD (UniDirectional Link Detection) , se analiza la utilidad real de la función,

ya que en los libros se menciona que no tiene aplicación en puertos de cobre,  y que se utiliza puntualmente para detectar cortes

en un solo pelo de fibra (recordemos que son dos pelos: Tx y Rx).

 

Pero nuestra teoría de la conspiración nos dice que cuando se corta un solo hilo, la interface completa cae, pero en casos de

interfaces de cobre con un media converter de fibra (no inteligente) conectado a ella, si esta condición se da, la interface de

 cobre sigue UP-UP, por lo tanto allí si interviene UDLD.

 

De todas maneras, suponiendo que tenemos un solo pelo con conectividad: SwitchA (Tx) -> SwitchB (Rx), la interface de fibra en el

MC cae, por lo tanto SwitchB no recibirá mensajes STP que causen inconsistencias en la toplogía, tal como se menciona en la teoría.

 

 

 

1.- Verificación inicial

 

  

 

2.- Probando UDLD

 

 

2.1.- Verificación inicial:

 

SwitchA#show udld neighbors

Port     Device Name   Device ID     Port ID    Neighbor State

----     -----------   ---------     -------    --------------

Gi1/0/1  FOC1234V3CN     1            Gi0/1      Bidirectional

SwitchA#

 

SwitchB#sh udld neighbors

Port     Device Name   Device ID     Port ID    Neighbor State

----     -----------   ---------     -------    --------------

Gi0/1    FOC2018S0LT     1            Gi1/0/1      Bidirectional

SwitchB#

 

SwitchA#ping 192.168.1.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.11, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/7 ms

 

SwitchA#show int gi1/0/1

GigabitEthernet1/0/1 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is 005f.86a7.2a01 (bia 005f.86a7.2a01)

  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX (cobre)

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:06, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     333 packets input, 29533 bytes, 0 no buffer

     Received 322 broadcasts (310 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 310 multicast, 0 pause input

     0 input packets with dribble condition detected

     188 packets output, 24117 bytes, 0 underruns

     0 output errors, 0 collisions, 1 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 pause output

     0 output buffer failures, 0 output buffers swapped out

SwitchA#

 

2.2.- Simulamos la caída del segmento de fibra (un solo pelo):

 

Podemos observar que las interfaces de cobre siguen UP y el led de link de fibra en ambar en uno y off en el otro.

 

 

SwitchA#show int gi1/0/1

GigabitEthernet1/0/1 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is 005f.86a7.2a01 (bia 005f.86a7.2a01)

  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:01:07, output 00:00:01, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     336 packets input, 29725 bytes, 0 no buffer

     Received 325 broadcasts (313 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 313 multicast, 0 pause input

     0 input packets with dribble condition detected

     226 packets output, 27064 bytes, 0 underruns

     0 output errors, 0 collisions, 1 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 pause output

     0 output buffer failures, 0 output buffers swapped out

SwitchA#

 

2.3.- Verificamos conectividad con la interface UP:

 

SwitchA#ping 192.168.1.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.11, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

 

SwitchA#

May 10 10:00:56.039: %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi1/0/1, aggressive mode failure detected

May 10 10:00:56.039: %PM-4-ERR_DISABLE: udld error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state

May 10 10:00:57.042: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

May 10 10:00:58.042: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down

SwitchA#

 

2.4.- Verificamos la interface:

 

SwitchA#show int gi1/0/1

GigabitEthernet1/0/1 is down, line protocol is down (err-disabled)

  Hardware is Gigabit Ethernet, address is 005f.86a7.2a01 (bia 005f.86a7.2a01)

  MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:01:16, output 00:00:27, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     502 packets input, 45631 bytes, 0 no buffer

     Received 487 broadcasts (472 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 472 multicast, 0 pause input

     0 input packets with dribble condition detected

     835 packets output, 84291 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 pause output

     0 output buffer failures, 0 output buffers swapped out

SwitchA#

 

SwitchA#show udld gi1/0/1

 

Interface Gi1/0/1

---

Port enable administrative configuration setting: Enabled / in aggressive mode

Port enable operational state: Enabled / in aggressive mode

Current bidirectional state: Unknown

Current operational state: Disabled port

Message interval: 7000

Time out interval: 5000

No neighbor cache information stored

SwitchA#

 

SwitchB#show int gi 0/1

GigabitEthernet0/1 is down, line protocol is down (err-disabled)

  Hardware is Gigabit Ethernet, address is 0022.be83.f281 (bia 0022.be83.f281)

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:02:45, output 00:01:55, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     182 packets input, 24206 bytes, 0 no buffer

     Received 166 broadcasts (153 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 153 multicast, 0 pause input

     0 input packets with dribble condition detected

     1163 packets output, 100881 bytes, 0 underruns

 

2.5.- Reestablecemos la fibra

 

 

2.6.- Reestablecemos la conectividad

 

SwitchA#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

SwitchA(config)#interface gigabitEthernet 0/1

SwitchA(config-if)#shut

SwitchA(config-if)#no shut

SwitchA(config-if)#end

SwitchA#

 

SwitchB#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

SwitchB(config)#interface gigabitEthernet 0/1

SwitchB(config-if)#shut

SwitchB(config-if)#no shut

SwitchB(config-if)#end

SwitchB#

 

3.- Plan de mejoras:

 

3.1.- Establecemos la auto recuperación de la interface:

 

SwitchA(config)#errdisable recovery cause udld

SwitchA(config)#errdisable recovery interval 30 (dejamos tiempo prudente para evitar flapping)

 

SwitchB(config)#errdisable recovery cause udld

SwitchB(config)#errdisable recovery interval 30

 

4.- Verificamos la auto recuperación:

 

 

SwitchA#

May 10 10:14:26.036: %UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi1/0/1, aggressive mode failure detected

May 10 10:14:26.036: %PM-4-ERR_DISABLE: udld error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state

May 10 10:14:27.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

May 10 10:14:28.039: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down

SwitchA#

 

 

SwitchA#

May 10 10:14:56.029: %PM-4-ERR_RECOVER: Attempting to recover from udld err-disable state on Gi1/0/1

May 10 10:15:00.744: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up

May 10 10:15:01.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

SwitchA#

 

5.- Capturas de tráfico UDLD:

 

Al capturar el tráfico vía port mirroring, solo se captura el tráfico CDP y Wireshark lo reconoce junto a otros protocolos

pero no puntualmente las tramas UDLD, tampoco destinamos tiempo a interceptar con dispositivos tipo tap (o un HUB).

 

 

Fuente: http://packetlife.net/blog/2011/mar/7/udld/

 

 

6.- Configuración afectada:

 

SwitchA#sh runn (sólo lo mas relevante)

Building configuration...

 

Current configuration : 1855 bytes

!

version 15.2

!

hostname SwitchA

!

udld aggressive

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

errdisable recovery cause udld

errdisable recovery cause gbic-invalid

errdisable recovery interval 30

!

interface GigabitEthernet1/0/1

 udld port aggressive

!

interface GigabitEthernet1/0/25

udld port aggressive

!

interface Vlan1

 ip address 192.168.1.10 255.255.255.0

!

monitor session 1 source interface Gi1/0/1

monitor session 1 destination interface Gi1/0/2

end

 

SwitchA#

 

 

(2017) How many packets does St Claus lose ?

Rosario, Argentina