When troubleshooting switches connected using MultiLink Trunks (MLT), Distributed MultiLink Trunks (DMLT) and Split MultiLink Trunks (SMLT) it can be difficult to determine which path a specific set of IP packets are taking between two switches.
The Nortel Ethernet Routing Switch 8600 has a feature called ping snoop that can be used to determine the specific path that specific IP traffic takes over an MLT, DMLT or SMLT path. Ping snoop works by enabling a filter that copies the ICMP messages to the CPU. The CPU then monitors the ICMP stream and outputs messages on the console indicating what ports are being traversed by the IP traffic.
There are different commands depending on the type of IO modules that are involved.
With non-R modules;
config diag ping-snoop create src-ip 30.30.30.0/24 dst-ip 30.30.30.0/24 config diag ping-snoop add-ports 1/47,2/1 config diag ping-snoop enable true config log screen on
With R modules;
config filter acl 4096 port add 1/2 config filter acl 4096 enable config filter acl 4096 ace 1 create name echo_reply config filter acl 4096 ace 1 ip src-ip eq 10.119.255.20/32 config filter acl 4096 ace 1 ip dst-ip eq 10.101.241.25/32 config filter acl 4096 ace 1 protocol icmp-msg-type eq echoreply config filter acl 4096 ace 1 enable config filter acl 4096 ace 2 create name echo_request config filter acl 4096 ace 2 ip src-ip eq 10.101.241.25/32 config filter acl 4096 ace 2 ip dst-ip eq 10.119.255.20/32 config filter acl 4096 ace 2 protocol icmp-msg-type eq echo-request config filter acl 4096 ace 2 enable config log screen on
In the above examples you need to substitute the appropriate IP addresses and switch ports.
I’ve used the ping snoop feature on numerous occasions to isolate the specific uplink that a TCP/UDP conversation was utilizing when traversing two switches that have multiple uplinks between each other [configured as MLT/DMLT/SMLT uplink].
Here’s a sample output from a Nortel ERS 8600 v4.1.1 switch;
sw-ccr-8600:5# CPP Task=tMainTask CPU5 [12/11/07 07:36:25] CPU INFO ICMP Reply received on port 8/14 with Src=10.124.240.32 Dst=10.124.240.20 sw-ccr-8600:5# CPP Task=tMainTask CPU5 [12/11/07 07:36:26] CPU INFO ICMP Reply received on port 8/14 with Src=10.124.240.32 Dst=10.124.240.20 sw-ccr-8600:5# CPP Task=tMainTask CPU5 [12/11/07 07:36:27] CPU INFO ICMP Reply received on port 8/14 with Src=10.124.240.32 Dst=10.124.240.20 sw-ccr-8600:5# CPP Task=tMainTask CPU5 [12/11/07 07:36:28] CPU INFO ICMP Reply received on port 8/14 with Src=10.124.240.32 Dst=10.124.240.20
I might be wrong about this but I believe the ping snoop feature only works on ingress packets (packets that are ingressing into the IO module/port you have configured for ping snoop).
Cheers!
Interesting article indeed.
kind of offtopic but maybe someone has some insight in the following related matter:
I’m developing a webapp which uses SNMP to collect data from a Passport 8006 device:
Some of the functionality does some ARP table ripping via the following formula : http://groups.google.be/groups?hl=nl&lr=&threadm=1034948890.130613%40salvator.ibr.cs.tu-bs.de&rnum=2&prev=/groups%3Fq%3DipNetToMediaIfIndex%2520port%26hl%3Dnl%26lr%3D%26sa%3DN%26tab%3Dwg
As a freebee,… here’s a snippit of PHP code based on the above:
….snip…
$perl = new Perl();
$perl->eval(‘use SNMP::Info’);
$perl->eval(‘$networkdevice = new SNMP::Info(AutoSpecify => 1,Debug => 1,DestHost => \”.$host.’\’,Community => \”.$readcommunity.’\’,Version => 2 )or die “Cant connect to DestHost.\n”;’);
$perl->eval(‘$netaddr = $networkdevice->at_netaddr();’);
$perl->eval(‘$paddr = $networkdevice->at_paddr();’);
$perl->eval(‘$at_index = $networkdevice->at_index();’);
$netaddr=$perl->eval(‘$netaddr’);
$paddr=$perl->eval(‘$paddr’);
$at_index=$perl->eval(‘$at_index’);
foreach (array_keys($netaddr) as $key => $value) {
#for Passport routers, this gets a little tricky when using VLANs
#Without VLANs the solution is simple: interface-id = cardvalue * 64 + portvalue -1
#In case of VLANs, the following information was found on
#http://groups.google.be/groups?hl=nl&lr=&threadm=1034948890.130613%40salvator.ibr.cs.tu-bs.de&rnum=2&prev=/groups%3Fq%3DipNetToMediaIfIndex%2520port%26hl%3Dnl%26lr%3D%26sa%3DN%26tab%3Dwg
#First we read the Interface IID and store this in several places for calculation
if (!array_key_exists($value, $at_index) || !array_key_exists($value, $paddr)) continue;
$othervalue=$at_index[$value];
$interfacevalue = $othervalue;
#If the result of a binary bitwise AND is different from zero, we have a VLAN
if ($othervalue & 62914560) {
#Using the found formula
$unit = ($othervalue & 62914560)/4194304;
$port = (($othervalue & 4128768)/65536) + 1;
#We calculate the interface index back..
$interfacevalue = $unit * 64 + $port – 1;
}
#If we didn’t trigger the VLAN test, check if the interfacevalue is smaller than 2000
#interface-values bigger than 2000 are VLANs that we are not interested in…
elseif ($othervalue < 2000) { $unit = intval($othervalue / 64) + 1; $port = $othervalue % 64 + 1; }…. snip….This works fine for normal situations, but when MLT’s are used things get difficult.SO, the question is,… does anyone have an insight/hint how to extend the algorithm so that it also shows ARP table entry’s for the MLT’s.
Kind of the ping snoop problem where one would like to pinpoint where a specific MAC address is found on a specific port (which is part of a MLT link)
TIA
It seems you dug up a really old post I made to Usenet (comp.protocols.snmp) back in 2002. I have some code that I can share with you to help you out.
I don’t think it has much bearing on Ping Snoop though so let me create a new post documenting the code.
Thanks,