TP RSX207 : étude du protocole LACP - z32.ipst-info.netz32.ipst-info.net/tprsx/rsx207/TP01 - LAN...
8
TP RSX207 : étude du protocole LACP Il s'agit, sur un Cisco 3560, de capturer le trafic LACP émis et reçu sur les ports d'agrégation. On utilisation la fonction de "port mirroring" alias "roving analysis" alias SPAN (Switched Port Analyzer) sur CISCO pour rediriger le trafic des agrégations vers le port Fa 0/10 auquel est connecté un PC qui fait tourner Wireshark (filtre display : "slow") Définition d'une session de monitoring (2 possibles) et des ports à monitorer (sources), ici l'agrégation Po1 : c3560-01# conf t c3560-01(config)# monitor session 1 source interface port-channel 1 [both] Rq : on peut mettre plusieurs sources ; par exemple ajouter : c3560-01(config)# monitor session 1 source interface port-channel 2 Définition du port SPAN (monitor). Important : il faut mettre l'option "encapsulation replicate" si on veut voir les trafics spéciaux BPDU (Bridge Protocol Data Units) genre LACP/STP/CDP/VTP et l'option "ingress..." si on veut autoriser le trafic entrant via le port destination pour continuer à s'en servir pour accéder au switch : c3560-01(config)#monitor session 1 destination interface fastEthernet 0/10 (suite de la commande) encapsulation replicate ingress untagged vlan 1 Rq : on peut mettre plusieurs ports destination : remplacer par exemple "0/10" par "0/10-11" Pour voir ce qui est configuré (ici 2 etherchannels Po1 et Po2 sont monitorés par les ports 10 et 11) : #show monitor session 1 Session 1 --------- Type : Local Session Source Ports : Both : Po1-2 Destination Ports : Fa0/10-11 Encapsulation : Replicate Ingress : Enabled, default VLAN = 1 Ingress encap : Untagged Rq : si on fait un #show int sum les ports de monitoring n'apparaissent plus comme "up" ; mais si on fait un #show int Fa 0/10 on obtient l'information suivante (le port n'est pas dans un état normal !) : FastEthernet0/10 is up, line protocol is down (monitoring) Pour comprendre la gestion LACP on peut utiliser les commandes : #show lacp ? <1-48> Channel group number counters Traffic information internal Internal information neighbor Neighbor information sys-id LACP System ID c3560-01#show lacp sys-id 32768, 001a.e326.f800 c3560-01#show lacp counters LACPDUs Marker Marker Response LACPDUs Port Sent Recv Sent Recv Sent Recv Pkts Err --------------------------------------------------------------------- Channel group: 1 Fa0/13 3107 2861 0 0 0 0 0 Fa0/14 3112 2862 0 0 0 0 0 LACPDUs Marker Marker Response LACPDUs Port Sent Recv Sent Recv Sent Recv Pkts Err --------------------------------------------------------------------- Channel group: 2 Fa0/23 5408 5406 0 0 0 0 0 Fa0/24 5394 5395 0 0 0 0 0
Transcript of TP RSX207 : étude du protocole LACP - z32.ipst-info.netz32.ipst-info.net/tprsx/rsx207/TP01 - LAN...
TP RSX207 : étude du protocole LACP
Il s'agit, sur un Cisco 3560, de capturer le trafic LACP émis et reçu sur les ports d'agrégation. On utilisation la fonction de "port mirroring" alias "roving analysis" alias SPAN (Switched Port Analyzer) sur CISCO pour rediriger le trafic des agrégations vers le port Fa 0/10 auquel est connecté un PC qui fait tourner Wireshark (filtre display : "slow") Définition d'une session de monitoring (2 possibles) et des ports à monitorer (sources), ici l'agrégation Po1 :
c3560-01# conf t
c3560-01(config)# monitor session 1 source interface port-channel 1 [both]
Rq : on peut mettre plusieurs sources ; par exemple ajouter : c3560-01(config)# monitor session 1 source interface port-channel 2
Définition du port SPAN (monitor). Important : il faut mettre l'option "encapsulation replicate" si on veut voir les trafics spéciaux BPDU (Bridge Protocol Data Units) genre LACP/STP/CDP/VTP et l'option "ingress..." si on veut autoriser le trafic entrant via le port destination pour continuer à s'en servir pour accéder au switch : c3560-01(config)#monitor session 1 destination interface fastEthernet 0/10
(suite de la commande) encapsulation replicate ingress untagged vlan 1
Rq : on peut mettre plusieurs ports destination : remplacer par exemple "0/10" par "0/10-11" Pour voir ce qui est configuré (ici 2 etherchannels Po1 et Po2 sont monitorés par les ports 10 et 11) : #show monitor session 1
Session 1
---------
Type : Local Session
Source Ports :
Both : Po1-2
Destination Ports : Fa0/10-11
Encapsulation : Replicate
Ingress : Enabled, default VLAN = 1
Ingress encap : Untagged
Rq : si on fait un #show int sum les ports de monitoring n'apparaissent plus comme "up" ; mais si on fait un #show int Fa 0/10 on obtient l'information suivante (le port n'est pas dans un état normal !) : FastEthernet0/10 is up, line protocol is down (monitoring)
Pour comprendre la gestion LACP on peut utiliser les commandes : #show lacp ?
<1-48> Channel group number
counters Traffic information
internal Internal information
neighbor Neighbor information
sys-id LACP System ID
c3560-01#show lacp sys-id
32768, 001a.e326.f800
c3560-01#show lacp counters
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
Channel group: 1
Fa0/13 3107 2861 0 0 0 0 0
Fa0/14 3112 2862 0 0 0 0 0
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
Channel group: 2
Fa0/23 5408 5406 0 0 0 0 0
Fa0/24 5394 5395 0 0 0 0 0
c3560-01#show lacp internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/13 SA bndl 32768 0x1 0x1 0xF 0x3D
Fa0/14 SA bndl 32768 0x1 0x1 0x10 0x3D
Channel group 2
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/23 SA bndl 32768 0x2 0x2 0x19 0x3D
Fa0/24 SA bndl 32768 0x2 0x2 0x1A 0x3D
c3560-01#show lacp neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1 neighbors
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Fa0/13 SA 32768 0012.a9d6.fcc6 28s 0x0 0x3 0x3E 0x3D
Fa0/14 SA 32768 0012.a9d6.fcc6 27s 0x0 0x3 0x6 0x3D
Channel group 2 neighbors
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Fa0/23 SA 32768 000a.f4ff.2f80 14s 0x0 0x1 0x17 0x3D
Fa0/24 SA 32768 000a.f4ff.2f80 15s 0x0 0x1 0x18 0x3D
On peut aussi utiliser la fonction DEBUG du Cisco pour envoyer sur la console les messages system liés aux processus d'agrégation (LACP et PaGP) : c3560-01#debug etherchannel all
PAgP/LACP Shim All debugging is on
c3560-01#show debug
PAgP/LACP Shim/FEC:
PAgP/LACP Shim All debugging is on
Rq : si le terminal est distant (ssh, telnet), faire #terminal monitor pour voir les debugs qui s'affichent par défaut seulement sur la console série. Par exemple on a un Cisco3560 relié par une agrégation Po2 (ports 23-24) à un Cisco 2950 (ports 23-24) et par une autre agrégation Po1 (ports 13-14) à un chassis virtuel 3Com 3870 (port 6 Unit 1 et port 6 Unit2). Au départ, les agrégations sont stables, on reçoit des BPDU LCAP de maintien toutes les 30s. Vers 100s, on shutdown le port 23 sur le 2950, et on le rétablit (no shutdown) vers 200s. On montre ici le trafic DEBUG, ainsi que l'état successif des Etherchannel
c3560-01#show etherchannel summary
Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/13(P) Fa0/14(P) 2 Po2(SU) LACP Fa0/23(P) Fa0/24(P)
c3560-01# Au repos, on obtient régulièrement les messages suivants :
1d16h: FEC: lacp_switch_display_oneline: found 1 aggregators 1d16h: FEC: lacp_switch_display_oneline: found 2 ports 1d16h: FEC: lacp_switch_display_oneline: found 1 aggregators 1d16h: FEC: lacp_switch_display_oneline: found 2 ports
c3560-01# On fait le shutdown du port 23 sur le Cisco 2950. On observe : 1d17h: FEC: pagp_switch_hotstandby: for agport Po2 1d17h: FEC: pagp_switch_hotstandby: PAgP not enabled on agport Po2 1d17h: FEC: pagp_switch_port_down: Fa0/23 Inform yes 1d17h: FEC: pagp_switch_invoke_port_down: Fa0/23 1d17h: FEC: lacp_fec_unbundle_internal: Fa0/23 1d17h: FEC: Un-Bndl msg NOT send to PM for port Fa0/23 from Po2 1d17h: FEC: pagp_switch_reset_load_index: reading load-index for port Po2 1d17h: FEC: lacp_switch_delete_port_from_agport_internal: removing Fa0/23 from Po2 1d17h: FEC: delete port (Fa0/23) from agport (Po2) 1d17h: FEC: pagp_switch_delete_port_from_agport_list: afb->nports-- = 1 [Fa0/23] 1d17h: FEC: lacp_switch_remove_port_from_associated_list_internal: Fa0/23 deleted from the associated list for Po2 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: pagp_switch_reset_load_index: reading load-index for port Po2 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_get_first_associated_port_from_agg_id: found port Fa0/24 associated to Po2 1d17h: FEC: lacp_switch_is_port_in_associate_list: port Fa0/24 is present in the associate list 1d17h: FEC: lacp_switch_get_next_associated_port_from_agg_id: no associated port next to Fa0/24 in aggregator Po2 1d17h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to down 1d17h: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to down c3560-01#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/13(P) Fa0/14(P)
2 Po2(SU) LACP Fa0/23(D) Fa0/24(P) On voit le port 23 Down
c3560-01# 1d17h: FEC: lacp_switch_display_oneline: found 1 aggregators 1d17h: FEC: lacp_switch_display_oneline: found 2 ports 1d17h: FEC: lacp_switch_display_oneline: found 1 aggregators 1d17h: FEC: lacp_switch_display_oneline: found 2 ports
c3560-01# On fait le "no shutdown" du port 23 sur le Cisco 2950. On observe : 1d17h: FEC: pagp_switch_port_up: Fa0/23 1d17h: FEC: pagp_switch_invoke_port_up: Fa0/23 1d17h: FEC: pagp_switch_agc_compatable: comparing GC values of Fa0/23 Fa0/24 flag = 1 1 1d17h: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Fa0/23 1d17h: FEC: pagp_switch_port_attrib_diff: Fa0/23 Fa0/24 same 1d17h: FEC: pagp_switch_agc_compatable: GC values are compatable 1d17h: FEC: lacp_switch_calculate_oper_key: oper_key for port Fa0/23 is 0x2 1d17h: FEC: lacp_switch_get_first_agg_id_from_admin_oper_keys: found aggregator Po2 for admin_key [0x2] and oper_key [0x2] 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_get_first_associated_port_from_agg_id: found port Fa0/24 associated to Po2 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_add_port_to_associated_list_internal: Fa0/23 added to list for Po2 1d17h: FEC: lacp_switch_check_hw_sw_constraints_internal: port Fa0/23 can be bundled in the aggregator Po2, new afb->nports [1] 1d17h: %LINK-3-UPDOWN: Interface FastEthernet0/23, changed state to up 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_check_hw_sw_constraints_internal: port Fa0/23 can be bundled in the aggregator Po2, new afb->nports [1] 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_get_first_associated_port_from_agg_id: found port Fa0/24 associated to Po2 1d17h: FEC: lacp_switch_is_port_in_associate_list: port Fa0/24 is present in the associate list 1d17h: FEC: lacp_switch_get_next_associated_port_from_agg_id: found port Fa0/23 next to Fa0/24 and associated to Po2 1d17h: FEC: lacp_switch_is_port_in_associate_list: port Fa0/23 is present in the associate list 1d17h: FEC: lacp_switch_get_next_associated_port_from_agg_id: no associated port next to Fa0/23 in aggregator Po2 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_check_hw_sw_constraints_internal: port Fa0/23 can be bundled in the aggregator Po2, new afb->nports [1] 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_check_hw_sw_constraints_internal: port Fa0/23 can be bundled in the aggregator Po2, new afb->nports [1] 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: add port (Fa0/23) to agport (Po2) 1d17h: FEC: pagp_switch_add_port_to_agport_list: afb->nports++ = 2 [Fa0/23] 1d17h: FEC: lacp_switch_add_port_to_agport_internal: Fa0/23 added to aggregator Po2 list 1d17h: FEC: lacp_fec_bundle_internal: Determine if msg to PM to bundle port Fa0/23 with Po2 is needed 1d17h: FEC: pagp_switch_want_to_bundle: Bndl msg to PM for port Fa0/23 to Agport Po2 1d17h: FEC: pagp_switch_hotstandby: for agport Po2 1d17h: FEC: pagp_switch_hotstandby: PAgP not enabled on agport Po2 1d17h: FEC: pagp_switch_reset_load_index: reading load-index for port Po2 1d17h: FEC: lacp_switch_is_aggregator_valid: aggregator Po2 is still valid 1d17h: FEC: lacp_switch_get_first_associated_port_from_agg_id: found port Fa0/24 associated to Po2 1d17h: FEC: lacp_switch_is_port_in_associate_list: port Fa0/24 is present in the associate list 1d17h: FEC: lacp_switch_get_next_associated_port_from_agg_id: found port Fa0/23 next to Fa0/24 and associated to Po2 1d17h: FEC: lacp_switch_is_port_in_associate_list: port Fa0/23 is present in the associate list 1d17h: FEC: lacp_switch_get_next_associated_port_from_agg_id: no associated port next to Fa0/23 in aggregator Po2 1d17h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up c3560-01#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/13(P) Fa0/14(P)
2 Po2(SU) LACP Fa0/23(P) Fa0/24(P) On voit le port 23 Up
c3560-01# 1d17h: FEC: lacp_switch_display_oneline: found 1 aggregators 1d17h: FEC: lacp_switch_display_oneline: found 2 ports 1d17h: FEC: lacp_switch_display_oneline: found 1 aggregators 1d17h: FEC: lacp_switch_display_oneline: found 2 ports
Par ailleurs, on capture sur le poste de monitoring le trafic avec Wireshark, en positionnant un filtre d'affichage "slow" (Slow Protocol), car LACP fait partie de cette famille. On capture donc des LACPDUs. Voir Capture jointe. On est censé comprendre ce qui se passe. Le protocole LACP est décrit dans le paragraphe 5.4 du document IEEE relatif à l'agrégation : http://standards.ieee.org/getieee802/download/802.1AX-2008.pdf En voici des extraits utiles pour comprendre le trafic capturé :
5.4.1 LACP design elements
The following considerations were taken
into account during the development of the
protocol described in this subclause :
a) The protocol depends upon the
transmission of information and state, rather
than the transmission of commands.
LACPDUs sent by the first party (the Actor)
convey to the second party (the Actor’s
protocol Partner) what the Actor knows,
both about its own state and that of the
Partner.
b) The information conveyed in the protocol
is sufficient to allow the Partner to
determine what action to take next.
c) Active or passive participation in LACP
is controlled by LACP_Activity, an
administrative control associated with each
port, that can take the value Active LACP or
Passive LACP. Passive LACP indicates the
port’s preference for not transmitting
LACPDUs unless its Partner’s control value
is Active LACP (i.e., a preference not to
speak unless spoken to). Active LACP
indicates the port’s
preference to participate in the protocol
regardless of the Partner’s control value
(i.e., a preference to speak regardless).
d) Periodic transmission of LACPDUs
occurs if the LACP_Activity control of
either the Actor or the Partner is Active
LACP. These periodic transmissions will
occur at either a slow or fast transmission
rate depending upon the expressed
LACP_Timeout preference (Long Timeout
or Short Timeout) of the Partner System.
e) In addition to periodic LACPDU
transmissions, the protocol transmits
LACPDUs when there is a Need To
Transmit (NTT) something to the Partner;
i.e., when the Actor’s state changes or when
it is apparent from the Partner’s LACPDUs
that the Partner does not know the Actor’s
current state.
f) The protocol assumes that the rate of
LACPDU loss is very low.
