Dot1Q/L2P隧道上的丢包
简介
本文档通过案例研究讨论了Cisco IOS®中由于网络设计不佳而导致的Dot1Q/L2P隧道丢包故障的故障排除。
先决条件
要求
Cisco 建议您了解以下主题:
-
关于Dot1Q隧道的基本知识
-
OSPF的基本知识
使用的组件
本文档不限于特定的软件或硬件版本。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
规则
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
网络图
在此网络设置中,路由器7600-Core的接口Gi1/44和Gi1/43将路由器分别设置为单臂路由器3400-Metro-1的Fa0/13和Fa0/12。在7600-Dot1Q交换机中,接口Gi9/44和Gi 9/45已启用Dot1q隧道模式。在3400 — 城域边缘上创建SVI vlan接口,Fa0/13和Fa0/12配置为中继端口。路由器使用OSPF相互通信。
配置
| 7609核心 |
|---|
! version 15.0 hostname 7609-CORE interface GigabitEthernet1/43 mtu 9216 no ip address no ip redirects no ip proxy-arp load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 ! interface GigabitEthernet1/43.3503 encapsulation dot1Q 3503 ip address 172.16.41.17 255.255.255.252 no ip redirects no ip proxy-arp ip mtu 1500 ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf hello-interval 3 ip ospf dead-interval 10 ! ! interface GigabitEthernet1/44 mtu 9216 no ip address no ip redirects no ip proxy-arp load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 ! interface GigabitEthernet1/44.3803 encapsulation dot1Q 3803 ip address 172.16.73.137 255.255.255.248 secondary ip address 172.16.41.21 255.255.255.252 no ip redirects no ip proxy-arp ip mtu 1500 ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf cost 5 ip ospf hello-interval 3 ip ospf dead-interval 10 !--- Output omitted. ! end |
| 7609 DOT1Q |
|---|
! version 12.2 ! interface GigabitEthernet9/44 switchport switchport access vlan 24 switchport mode dot1q-tunnel mtu 9216 load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp no cdp enable spanning-tree portfast disable spanning-tree bpdufilter enable ! ! interface GigabitEthernet9/45 switchport switchport access vlan 24 switchport mode dot1q-tunnel mtu 9216 load-interval 60 carrier-delay 2 flowcontrol send off storm-control broadcast level 1.00 l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp no cdp enable spanning-tree portfast disable spanning-tree bpdufilter enable ! !--- Output omitted. ! end |
| 3400-Metro-1 |
|---|
! version 12.2 ! interface FastEthernet0/3 port-type nni switchport trunk allowed vlan 1052,3503 switchport mode trunk load-interval 60 ! interface FastEthernet0/4 port-type nni switchport trunk allowed vlan 1052,3803 switchport mode trunk load-interval 60 ! ! interface FastEthernet0/12 port-type nni switchport trunk allowed vlan 2-4094 switchport mode trunk ! interface FastEthernet0/13 port-type nni switchport trunk allowed vlan 2-4094 switchport mode trunk ! end |
| 3400 — 城域边缘 |
|---|
! version 12.2 ! interface FastEthernet0/12 port-type nni switchport mode trunk load-interval 60 storm-control broadcast level 1.00 spanning-tree portfast disable spanning-tree bpdufilter disable ! interface FastEthernet0/13 port-type nni switchport mode trunk load-interval 60 storm-control broadcast level 1.00 spanning-tree portfast disable spanning-tree bpdufilter disable ! ! interface Vlan3503 ip address 172.16.41.18 255.255.255.252 no ip redirects no ip proxy-arp ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf hello-interval 3 ip ospf dead-interval 10 ! interface Vlan3803 ip address 172.16.73.139 255.255.255.248 secondary ip address 172.16.41.22 255.255.255.252 no ip redirects no ip proxy-arp ip ospf authentication-key 7 072C0E6B6B272D ip ospf network point-to-point ip ospf cost 5 ip ospf hello-interval 3 ip ospf dead-interval 10 ! !--- Output omitted. ! end |
观察
当数据包通过Dot1Q隧道时,会发生随机Ping丢弃。但是,接口上没有输入/输出丢弃,也没有物理层问题的症状。发出show interface <interface >命令以检查接口上的输入/输出丢弃:
7609-Dot1Q#show interface gi9/44
!--- Output omitted.
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
0 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored
0 output errors, 0 collisions, 1 interface resets
0 lost carrier, 0 no carrier, 0 PAUSE output
!--- Output omitted.
当从城域边缘发出约100个Ping的ICMP流量时,核心层仅接收95个回显,这表明ICMP数据包在路径中被丢弃。
Metro-Edge#ping 172.16.41.21 re 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 172.16.41.21, timeout is 2 seconds: .....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 95 percent (95/100), round-trip min/avg/max = ½/9 ms
注意:7609中的show ip traffic命令显示,仅接收95条回声,而城域边缘中只接收100条回声。
| show ip traffic |
|---|
城域边缘 ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
0 echo, 95 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 0 unreachable, 100 echo, 0 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements
!--- The above output shows that 100 echos are sent !--- but received 95 replies from 7609-Core.
在7609-Core中 ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
95 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 0 unreachable, 0 echo, 95 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements |
故障排除
检验MAC地址是否正确学习以排除数据包丢弃故障。
使用show mac address table 命令验证MAC地址条目。
要成功执行Ping操作
7609-DOT1q#sh mac-address-table address E05F.B972.1F00 all Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports ------+----------------+--------+-----+----------+-------------------------- Active Supervisor: * 24 e05f.b972.1f00 dynamic Yes 0 Gi9/44 !--- This output displays the MAC address learnt !--- and its associated port, in this case the associated !--- port for successful ping is Gi9/44.
对于失败Ping
7609-DOT1q#sh mac-address-table address E05F.B972.1F00 all Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports ------+----------------+--------+-----+----------+-------------------------- Active Supervisor: * 24 e05f.b972.1f00 dynamic Yes 5 Gi9/45 !--- This output displays the MAC address learnt !--- and its associated port, in this case, !--- the port number is Gi9/45.
要查看详细的MAC索引编程,请使用show mac-address-table命令。
7609-DOT1q#sh mac-address-table address E05F.B972.1F00 det MAC Table shown in details ======================================== PI_E RM RMA Type Alw-Lrn Trap Modified Notify Capture Flood Mac Address Age Pvlan SWbits Index XTag ----+---+---+----+-------+----+--------+------+-------+------+--------------+----+------+------+---- Active Supervisor: Yes No No DY No No Yes No No No e05f.b972.1f00 0xE0 24 0 0x22C 0
发出Remote login 开关和test mcast ltl-info index <Index number>命令,以便知道前一个HEX值表示的端口号。
7609-DOT1q-sp#test mcast ltl-info index 22B index 0x22B contain ports 9/44 7609-DOT1q-sp#test mcast ltl-info index 22C index 0x22C contain ports 9/45 !--- The output shows that hex number 22B !--- points to 9/44 port and hex 22C points to 9/45.
对于ping失败,源和目标索引是相同的端口,因此是丢弃。当在7600上使用mac-address-table notification mac-move命令启用Mac-move时,它会显示两个不同端口之间的MAC摆动,这是错误消息:
注意:由于6500/7600为交换机使用一个通用MAC地址,因此不同端口之间分配的MAC地址相同。show catalyst 6000 chassis-mac-address命令显示保留的交换机MAC地址。
* Jul 2 10:29:44.011: %MAC_MOVE-SP-4-NOTIF: Host e05f.b972.1f00 in vlan 24 is flapping between port Gi9/45 and port Gi9/44 !--- The previous error message indicates !--- that the same MAC address is assigned between !--- two different ports: Gi9/45 and port Gi9/44.
解决方案
上一个网络是在同一交换机上具有DOT1Q隧道终端的全网状网络设置。在这种网络设置中,需要MAC抖动。为了避免MAC抖动,可以实施其中一种解决方案。
-
将隧道终端移动到其他交换机,例如,封装和解封应发生在不同的交换机。
-
VLAN修剪可以用来调节任何中继端口中的VLAN。
相关信息
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
1.0 |
06-Nov-2012 |
初始版本 |
反馈