Saturday, 23 June 2018

Link Aggregation(LAG) and LACP Protocol:


LAG (Link Aggregation):

  • It is a virtual concept

Thus, the LAG makes two links appear as one in STP

  • The basic concept of LAG is that multiple physical links are combined into one logical bundle. This provides two major benefits, depending on the LAG configuration:
    • Increased capacity – traffic may be balanced across the member links to provide aggregated throughput
    • Redundancy – the LAG bundle can survive the loss of one or more member link
  • LAG makes two connections appear as one to STP, so the second connection won’t be blocked.
  • Load sharing among the LAG links: Traffic from each flow of packets goes through a single link. So, even if we get a flow of 20G, it will go via a single link only. So, the throughput is limited to the bandwidth of the single link only (here: 10G).

Note: The physical type (SFP,...) and speeds(10G,...) of all links in a port-channel should be the same.

#int et 17-18

#channel-group mode on //static configuration of link aggregation

Where channelgroupnumber = 1

#show span //we can see the port channel 1 in show spanning-tree

#show int port-Channel 1 (OR) #show port-channel

  • Now, if we make the port-channel of et17 and 18 in vlan 51. And now, if we make individual et17 and et 18 in van 30. Then, even then the port-channel only will take effect as it will act as a single interface. Thus, ALWAYS port-channel configuration overrides any interface specific configuration.
  • Even after link aggregation, show lldp nei will show the individual interfaces only, since lldp considers only the physical topology.
  • If we tcpdump on int et 17, we can only see the lldp protocols. If we do tcpdump on port-channel 1, we can see all other protocols like STP, etc

#tcpdump int po1

  • If we use link aggregation on one side (MT701) and stop link aggregation on other side (MT703), then:In EOS,
  • On MT701, the STP will not even consider the individual ports. It only considers the port-channel as an interface and it only has the port channel’s state.
  • On MT703, the interfaces are considered different. So, if any ARP request broadcast comes from the port-channel on MT701, then, MT703 receives it on both the interfaces and floods it again via the other link.
  • RTAG 7:
    • RTAG7 is a hashing algorithm that load balances the traffic.
    • Hash engine comes out with a number for each flow.
    • Using the number, the flow is sent through that port.
    • This ensures that the flows are distributed among all the links
    • #show port-channel load-balance trident fields //we can see which all fields of a packet participate in the hashing.
    • #port-channel load-balance trident fields ? //we can configure which all fields we can disable or enable to influence the hashing.
  • Why is the spanning tree cost of port channel comes down? (et 18, 19 have cost of 2000 each but if we use port-channel the cost of port-channel becomes 1999)
    • Because of bandwidth since cost depends on bandwidth
    • 10G links have cost of 2000 by default. Higher the bandwidth, lower is the cost.
    • But, if another 10G link is there, cost will be 2000, so STP may consider that link. So, we use cost of 1999 on the port-channel link.
    • If any speed mismatch is there among the links in a port channel, then, only the higher bandwidth link is active.

DYNAMIC LINK AGGREGATION:

  • LACP (Link Aggregation Control Protocol)
  • #int et 17-18

#channel-group mode active //dynamic lacp active

(OR)

#channel-group mode passive //dynamic lacp passive

  • If both the sides are configured as active, then, both sides can start LACP transmission. If one side is configured as passive, then, it can only receive lacp, not send. (both sides cannot be passive, since both sides will only be waiting for lacp)
  • Passive LACP: the port prefers not transmitting LACPDUs. The port will only transmit LACPDUs when its counterpart uses active LACP (preference not to speak unless spoken to).
  • Active LACP: the port prefers to transmit LACPDUs and thereby to speak the protocol, regardless of whether its counterpart uses passive LACP or not (preference to speak regardless).
  • In L2 header, the type will be a Slow Protocol and the subtype in slow protocols will be LACP. It is a slow protocol since if one side LACP is configured, then, it will keep sending LACP PDUs every 30 seconds.
  • The LACP rate fast feature is used to set the rate (once every second) at which the LACP control packets are sent to an LACP-supported interface. The normal rate at which LACP packets are sent is 30 seconds.

#lacp rate fast //1 seconds

(OR)

#lacp rate normal //30 seconds

  • The above timeout is used to configure the timeout for the partner. If we use rate fast, then, within 3 seconds if it doesn’t get a reply, it knows that the link is not active. It tears down the port-channel.

(OR)

In the rate fast timeout configuration, an LACPDU is sent every second. If no response comes from its partner after 3 LACPDUs are sent, a timeout event occurs and the port channel is removed.

    • Key: Tells the port-channel number (there are two separate fields for both the actor and partner)
    • Port: tells the port number .eg. et 17 (there are two separate fields for both the actor and partner)
    • Actor State:
      • LACP Activity: tells whether the actor is in active (1) or passive state (0)
      • LACP Timeout: tells whether the timeout is normal (1) or fast (0)
      • Aggregation: 1 tells whether the port is a part of port channel. 0 tells that it is operating as a single link.
      • Synchronization: the flag is set when we get back a LACPDU from the partner.

(1 Means it has been allocated to the correct link aggregation group, the group has been associated with a compatible aggregator, and the identity of the link aggregation group is consistent with the system ID and operational key information transmitted. If the value is 0, the link is not synchronized .ie. it is currently not in the right aggregation.)


      • Collecting: after sync, if we receiver data from partner, accept it.
      • Distributing: after sync, even send data.
      • Default: 1 indicates that the actor’s receive machine is using the default operational partner information, administratively configured for the partner. 0 indicates the operational partner information in use has been received in an LACP PDU.
      • Expired: 1 indicates the actor or partner is in an expired state. 0 indicates the actor or partner is not in an expired state .ie. no lacpdu received within timeout
  • Now, a case when we aggregate many links into a port channel but the links are connected to different switches. Then, when the actor sends out a LACPDU, whichever partner sends the first reply, that link will become active. The other links connected to different partners will get inactive state.
  • #show lacp internal detailed //shows the current switch’s details. Also we can see all the flags which are set and not set. We can also see the port-priorities, so that we choose which link should come up in case of mismatched-aggregate
  • #show lacp neighbor detailed  //shows the system id, port number and key of the neighbor
  • #show port-channel //in this itself we can see the reason for the port channel not active
  • #show lacp neighbor all-port //shows details about the neighbour for each of the physical port. We can then use the oper-key value to know if the port-channel link is connected to same port-channel on other side also.
    • If oper-key is different and admin-key is same, then, this port channel is connected to 2 different port-channels on the other side. But, they are in same switch
    • If oper-key and admin-key are both different, then, this port-channel is connected to 2 different switches.
  • #show lacp interface all-port //shows details for lacp not working...If the partner’s sys-id is same and oper-key is different, then, it means same port channel on our side is connected to two port-channels to same partner on other side. (mismatched-aggregate)
  • NOTE: Oper-key is the number assigned to port-channel. For eg, if I give my channel-group 100, then, port channel number is 100 and oper-key will be shown as 64 (since: 100 in decimal is 64 in hex)
  • #show lacp interface detailed all-ports and #show etherchannel detailed all-ports are two ultimate troubleshooting commands if we can’t find out issue

Saturday, 16 June 2018

STP (Spanning Tree Protocol)

INTRO TO SPANNING TREE:
  • To see current STP configuration: #show run section span
  • To configure STP, #spanning-tree mode rstp
    • There are many modes of spanning tree but legacy is unsupported. Only rapid STP is supported
    • To use STP per vlan, #spanning-tree mode r-pvst //don’t use this, use rstp itself
  • #show spanning-tree detail
  • If we tcpdump the interface (et 18) , we see some frames having same source mac address (this mac address is the physical interface’s mac address...not the Switch’s MAC. Thus the interface mac address is used for L2 communications) and a multicast destnation MAC address (that are assigned for Spanning Tree as per wireshark). These frames are called BPDU (Bridge Protocol Data Unit)
    • BPDU stands for bridge protocol data unit. BPDUs are data messages that are exchanged across the switches within an extended LAN that uses a spanning tree protocoltopology. BPDU packets contain information on ports, addresses, priorities and costs and ensure that the data ends up where it was intended to go. BPDU messages are exchanged across bridges to detect loops in a network topology. The loops are then removed by shutting down selected bridge interfaces and placing redundant switch ports in a backup, or blocked, state.
  • To see port mac address, use (config)#show interface et 19
  • The format of BDPU is:
    • Protocol Identifier: STP
    • Version: Rapid
    • BDPU flags: “tell whether it is a forwarding or blocked port”
    • Root Identifier: “It is the system MAC of the switch that is taken as the root for STP calculation”
    • Root Path Cost: “tells the cost to the root switch to the current switch that is sending the configuration message”
    • Bridge Identifier: “tells the mac address of the current switch”
    • Port Identifier: “tells the current port from which the configuration message was sent. Eg) et 18”
  • Each link has a cost. Higher the Bandwidth, lower is the cost.
  • Steps:
    • First each switch sees it own mac address and sends a BPDU by taking its own mac address as root Identifier and as bridge Identifier
    • Then, with all the BPDUs from all the switches, the switch that has a lower mac address is taken as root. This information is shared to all the switches and they change their root identifier if a lower mac address is there in BPDU of another switch. For example, in figure, the switch A is taken as root identifier as it has a lower mac.
    • Also, when B sends BPDUs with B as root identifier, the cost will be 0. Then, after it gets to know that A is the root bridge, it sends cost as 10. Also, it will send in other directions other than the direction of root bridge (this is compulsory for all the switches).
    • Note: The order in which the port to be blocked is decided:
      • 1. Higher cost path is blocked
      • 2. Higher Uplink- MAC address port is blocked
      • 3. Higher Uplink- Port Number port is blocked.
  • To check current spanning-tree root bridge. (conf)#show spanning-tree
  • To force a switch to become root, set the priority to zero: (conf)#spanning-tree priority 0. The max value is 65536. The default value is 32768 (half of max priority).
  • Reason of why the priority should be multiple of 16?
    • Initially, we had 1 Byte for Port number and 1 byte for Priority.
    • But, the 256 ports were not enough after some time. SO, we borrowed 4 bits from priority for port number.
    • So, we have only 4 bits left in priority and the 4th bit is 16. Hence, any change should be in multiple of 16.
PORT IDENTIFIER FORMAT:

    • Similarly, for the same reason, the max number of vlans can be 4096 due to similar format in the BRIDGE IDENTIFIER format where


Legacy STP or Common STP:

  • Older version, not used much now.
  • There are 3 timers- Hello (2 sec), Forward Delay (15 sec) , Max. Age (20 sec).
Thus, minimum of 32 seconds is taken to create a converged topology.
  • There are 3 states-
    • Blocking—The interface does not participate in frame forwarding.
    • Listening—The first transitional state after the blocking state when the spanning tree determines that the interface should participate in frame forwarding.
    • Learning—The interface prepares to participate in frame forwarding.
    • Forwarding—The interface forwards frames to other switches.
  • Once a topology is converged and then there is a change in topology of one switch, then, that particular switch sends a TCN (Topology Change BPDU). This TCN is sent continuously every 2 sec till it receives an acknowledgement from its root.
  • In CSTP, only the root bridge can generate a BPDU. Others will only relay it. Thus, it is called relayed.
  • We can see the no. of topology changes in last X seconds using (config)#show spanning-tree detail
  • To stop this unnecessary TCN and flushing process, we can configure spanning-tree port-fast on the ports where the hosts are connected. Since, the hosts do not participate in STP, there is no need to send TCN for connection and removal of hosts.
  • Even if we port fast the ports where switch is connected, then, even then since both the switches will send BPDU, it will get converged and automatically the command is overridden. But, during the convergence, we will have a loop for sometime.
  • If we enable BPDU guard and, if we get a BPDU on a FastPort, it immediately error disables that port. #show interface status error-disabled to see the reason why a port was disabled.
  • BPDU filter is used to control the BPDU in and out. For eg, if we don’t want to show the BPDU to other connected devices on a port.
  • The root guard feature provides a way to enforce the root bridge placement in the network.
    • The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together.
    • If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

RSTP:

    • EDGE- connected to a host
    • ALTERNATE- state is discarding. .ie. blocked (alternate path to root)
    • BACKUP- state is discarding..ie. blocked (backup path to designated)
    • ROOT- connected to root bridge
    • DESIGNATED- connected to non-root bridge
  • If any topology changes after convergence,
    • We don’t have a TCN BPDU in RSTP.
    • Here, we use the normal BPDU by setting the TC (Topology Change) bit and send to other switches.
    • Note that the BPDU is sent only by the switch that notices the topology change on all the forwarding ports (.ie. both root and designated) to other switches.
    • After this, the entire mac address table is NOT cleared. Only the designated port on that mac address table is cleared and relearnt.
  • To set the max time interval for a BPDU to be valid : #span max-age <time in sec. Eg:10> . Similarly, we have max-hops which is the max hops the bpdu can travel (max- hops is shown in wireshark as message age).
  • Indicators to notice a loop:
  • One is seeing the mac flap in #show mac-address table
  • Another is checking an interface #show interface et19 status . If we see very high no. of broadcasts than unicasts, then, looping is happening.
  • Note: One easy way to make a switch as the root is by changing priority. It can be done automatically using the command #span root primary (OR) #span priority <priority_number>



(Q) Configuring MT701 to MT705.

Mn431        #int et 43

#ip addresss 10.1.10.1/24

MT701        #span mode rstp

        #span priority 0 //setting it as root bridge

        

------------

MT702        #int et 1/1, 1/2, 1/3

        #span cost 8000   //If it checks the cost, then, et ¼ will have the lowest cost. Hence, it will become root port

-----

MT702# terminal monitor //use this on the switch where we are going to configure BPDU guard

        #show log

        

MT701        #int et 20

        #span bpdufilter enable

MN701        #ping  //to send broadcasts

MT702        #watch diff show int et ⅓ //we see that there is very high broadcast which shows that there is looping

        (OR) #watch diff show int et ⅓ counters //this command shows unicast, multicast and broadcasts separately

        #int et ⅓

        #span bpduguard enable //enabling the BPDU guard

MT701        #int et 20

        #no span bpdufilter enable //disabling BPDU filter on port 20 of MT701

MT702         #show int status //we will see that the interface et ⅓ will be shown as error-disabled due to BPDU guard which disables it due to the broadcasts

        #show int et ⅓ status error //we can see the reason for the error-disabled- shown as bpduguard

-------

MT704        #int et 19

        #shutdown

        #no shutdown

In another computer,

MT704   #watch diff show span \\we can see how fast an port is changing from alternate to root and to original again

MT704   #watch diff show span detail \\we can the number of topology changes and the time

In another computer,

MT704   #tcpdump int et 20

------

MT701        #watch diff show mac add //we will see that only the mac addresses on designated ports are cleared. The mac addresses on root port are unaffected.

MT702        #int et1/1

#shut //we will see that the mac table on MT701 is cleared for the interface et 19 (since et 19 is connected to 1/1)

#no shut

-------

MT702        #int et ½

        #span guard root

MT704        #span priority 0

//thus, now for MT702, it gets a superior BPDU to a root bridge MT704. But, already it thinks MT701 is the root bridge

MT702        #show span //it shows inconsistent state on et ½ since we have configured root guard. If we had not configured, then, this port would have become root port and MT704 would have become the root bridge.

-------

MT701        #int et23

        #span fastport auto

        

MN431        #ping 10.1.10.2

In another computer first type this and watch,

MT701  #logging console 7

             #logging monitor debugging

             #terminal monitor

//this command displays the debugging and changes on the monitor (no need to use show logging separately)

MT701        #int et 23

        #shut

        #no shut

        

//we will see that in debugging, it takes around 20 seconds to move the port to listening port and then to designated port.

MT701        #int et23

        #span fastport edge

 & repeat the above steps   // we will see that the moving only takes 1 second.

--------

ASSIGNMENT QUESTIONS:

  1. Diameter of spanning tree= 7 (by using the default configurations of IEEE802.1D). If we tune the timers, then, it is possible to increase the diameter.

  1. Problem with RSTP:

Counting to Infinity http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

  1. RSTP Sync Process:

Proposal and Agreement

http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

4) Difference b/w STP and RSTP:

https://cciethebeginning.wordpress.com/2008/11/20/differences-between-stp-and-rstp/

(Q) Configuring MT701 to MT705.

Mn431        #int et 43

#ip addresss 10.1.10.1/24

MT701        #span mode rstp

        #span priority 0 //setting it as root bridge

        

------------

MT702        #int et 1/1, 1/2, 1/3

        #span cost 8000   //If it checks the cost, then, et ¼ will have the lowest cost. Hence, it will become root port

-----

MT702# terminal monitor //use this on the switch where we are going to configure BPDU guard

        #show log

        

MT701        #int et 20

        #span bpdufilter enable

MN701        #ping  //to send broadcasts

MT702        #watch diff show int et ⅓ //we see that there is very high broadcast which shows that there is looping

        (OR) #watch diff show int et ⅓ counters //this command shows unicast, multicast and broadcasts separately

        #int et ⅓

        #span bpduguard enable //enabling the BPDU guard

MT701        #int et 20

        #no span bpdufilter enable //disabling BPDU filter on port 20 of MT701

MT702         #show int status //we will see that the interface et ⅓ will be shown as error-disabled due to BPDU guard which disables it due to the broadcasts

        #show int et ⅓ status error //we can see the reason for the error-disabled- shown as bpduguard

-------

MT704        #int et 19

        #shutdown

        #no shutdown

In another computer,

MT704   #watch diff show span \\we can see how fast an port is changing from alternate to root and to original again

MT704   #watch diff show span detail \\we can the number of topology changes and the time

In another computer,

MT704   #tcpdump int et 20

------

MT701        #watch diff show mac add //we will see that only the mac addresses on designated ports are cleared. The mac addresses on root port are unaffected.

MT702        #int et1/1

#shut //we will see that the mac table on MT701 is cleared for the interface et 19 (since et 19 is connected to 1/1)

#no shut

-------

MT702        #int et ½

        #span guard root

MT704        #span priority 0

//thus, now for MT702, it gets a superior BPDU to a root bridge MT704. But, already it thinks MT701 is the root bridge

MT702        #show span //it shows inconsistent state on et ½ since we have configured root guard. If we had not configured, then, this port would have become root port and MT704 would have become the root bridge.

-------

MT701        #int et23

        #span fastport auto

        

MN431        #ping 10.1.10.2

In another computer first type this and watch,

MT701  #logging console 7

             #logging monitor debugging

             #terminal monitor

//this command displays the debugging and changes on the monitor (no need to use show logging separately)

MT701        #int et 23

        #shut

        #no shut

        

//we will see that in debugging, it takes around 20 seconds to move the port to listening port and then to designated port.

MT701        #int et23

        #span fastport edge

 & repeat the above steps   // we will see that the moving only takes 1 second.

--------

ASSIGNMENT QUESTIONS:

  1. Diameter of spanning tree= 7 (by using the default configurations of IEEE802.1D). If we tune the timers, then, it is possible to increase the diameter.

  1. Problem with RSTP:

Counting to Infinity http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

  1. RSTP Sync Process:

Proposal and Agreement

http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

4) Difference b/w STP and RSTP:

https://cciethebeginning.wordpress.com/2008/11/20/differences-between-stp-and-rstp/

Saturday, 9 June 2018

Data Plane (or) Forwarding Plane

DATA PLANE:
  • As for the data plane, sometimes called the Forwarding Plane, this is basically anything that goes *through* the router, and not *to* the router.
  • The data plane is the workhorse of the switching elements in our networks.
  • It has the responsibility of parsing packet headers (or cells, SONET) in high speed search ASICs. It manages QOS, filtering, encapsulations, Queuing, Policing all of the reasons we had and still do in many cases purpose built silicon or custom ASIC designs.
  • The data/forwarding plane must do those operations in the “Fast Path” to keep up with performance needs in data centers and core networks.  (https://en.wikipedia.org/wiki/Fast_path) openvswitch control data path plane
  • A case here could be Arista’s 7124FX switch that have low latency as well FPGA for programming the data plane
  • The functions of data plane are:
  • Also known as Forwarding Plane
  • Forwards traffic to the next hop along the path to the selected destination network according to control plane logic
  • Data plane packets go through the router
  • The routers/switches use what the control plane built to dispose of incoming and outgoing frames and packets
  • Forwarding data planes typically come either centralized or distributed. This means the forwarding engine is either centrally located across the ethernet fabric/crossbar or pushed all the way to the edge. The more performance required the more that distributed forwarding is pushed to the edge.
  • For example - when a LAN switch receives a frame in an interface in VLAN 3, the switch makes a forwarding decision based on the VLAN 3 entries in the MAC address table, and forwards the packet. All this logic focuses on forwarding the user's data, so it is part of a switch's data plane processing.

Control Plane

CONTROL PLANE:

  • Control plane packets are destined to or locally originated by the router itself.
  • Management protocols, like Telnet, SSH, SNMP, etc. could be considered part of the control plane, but are more properly considered part of the Management Plane, which is a specific subset of the control plane.
  • The Routing Information (data)Base (RIB) and Label Information Base (LIB) are processed in software and used to populate FIB(forwarding information base) and the LFIB.
  • The Control plane feeds the forwarding/data plane with what it needs to create its forwarding tables and updates topology changes as they occur. The number of control packets is very very small even in a very large network. This is the reason the control plane can often be thought of as the “slow path” in legacy route once-switch-many-packet switching architectures.
  • In distributed architecture platforms, routing protocols, and most other protocols, always run on the core CPU. But, there are other control plane protocols such as ARP, BFD, and ICMP that in some distributed architecture platforms have now been offloaded to the line card CPU.
  • A list of functions performed in control plane are:
  • Makes decisions about where traffic is sent
  • Control plane packets are destined to or locally originated by the router itself
  • The control plane functions include the system configuration, management, and exchange of routing table information
  • The route controller exchanges the topology information with other routers and constructs a routing table based on a routing protocol, for example, RIP, OSPF or BGP
  • Control plane packets are processed by the router to update the routing table information.
  • It is the Signalling of the network
  • Since the control functions are not performed on each arriving individual packet, they do not have a strict speed constraint and are less time-critical
  • For example: STP and any IP routing protocol are examples.......

Control Plane and Data Plane- Highlights

  • We have 2 planes- Data and Control Plane
  • ASICs are there in data plane and CPU is there in Control Plane
  • Data Plane is a forwarding plane. It checks only the destination MAC address.
  • if it doesn’t match its own addresses, it just forwards based on its forwarding tables.
  • If it matches, it sends it up to CPU (Control Plane)
  • We also have a trap mechanism where it filters for specific MAC address. For eg, in STP, even though the MAC address is not addressed to us, a trap is created which forces to send the STP BPDUs to the Control Plane.
  • Another case where trap occurs can be seen when the MAC address is addressed to us but the IP address is different (eg, using static ARP), then, since we won’t have the address in our forwarding tables even though we are on same SVI VLAN, it traps to the Control Plane in order to sends back a “Destination Unreachable” message.
DATA PLANE and CONTROL PLANE:
  • Responsible to forward the transit traffic (either user or production traffic).
  • The actual forwarding happens in the data plane.
  • Control Plane is responsible for decision making (like whether to prefer BGP route or OSPF route and chooses BGP route) and then forwards it to data plane.
  • Even the rules for data plane has to be programmed through Control Plane. For eg, we program the data plane to forward the packets or to send to the CPU via control plane
  • We can see the data plane forwarding rules via #show ip route hosts //we will see that for these IP address, send to the CPU
  • #show platform trident l3 hardware routes
//this command can be used to see the hardware programming for L3 .ie. IP addresses. For L2, it is programmed in TCAM. Now, in the above command, if MAC address is 00:00:00:00:00:00 for any IP, then, it is forwarded to the CPU. If any IP to other MAC address is there, it had been learnt through ARP. (note: we can verify by seeing that all the entries of ARP will also be there in table, other than the ones on management interface, since management is not connected to ASIC)
  • #show process top //can be used to see the live running process on EOS.
        If we ping a switch using very large size and repeat, then, we can see that the CPU usage is very high.
  • #bash
        $netstat -s
        //This command can be used to see the CPU drops
  • Now, during troubleshooting, if we have to see even transit traffic, we cannot do so using tcpdump. For that, we use port mirroring.
#monitor session <anysessionname> source <interface> <direction>
Here, <anysessioname> = anand
interface = et 23
direction= both (looks at both ingress and egress ports)
#monitor session <anysessionname> destination et 21 //Now, if we connect a host to et21 and run wireshark, we can see all the traffic (both transit and CPU oriented ) on the interface et 23

  • The protocol or application itself doesn’t really determine whether the traffic is control, management, or data plane, but more importantly how the router processes it.
  • For example suppose we have a simple 3 router topology that is R1–R2–R3, and R1 and R3 are running OSPF with each other. From R1 and R3′s perspective, these packets are part of the control plane, because they are locally originated/destined, and need to be process switched in order to look into the packet details and actually build the OSPF database. However from R2′s perspective, these packets would be in its data plane, because the traffic is neither originated from or destined to it.