Comunidadede Suporte da Cisco - Webcast ao vivo: Cisco Catalyst6500 ... · Comunidadede Suporte da Cisco - Webcast ao vivo: Cisco Catalyst6500 Series Switches Rafael Lima Terça-feira

© 2013 Cisco and/or its affiliates. All rights reserved. 1

Comunidade de Suporte da Cisco -Webcast ao vivo:

Cisco Catalyst 6500 Series Switches

Rafael Lima

Terça-feira 5 de Fevereiro de 2013

© 2031 Cisco and/or its affiliates. All rights reserved. 22013 Cisco and/or Affiliates. All Rights Reserved2013 Cisco and/or Affiliates. All Rights Reserved

• O especialista de hoje é o Engenheiro de Suporte da Cisco Rafael Lima

• Poderá perguntar questões sobre Cisco Catalyst 6500 Series Switches

Rafael Lima

2

Foto do

Especialista


A apresentação incluirá algumas perguntas para o público.

Convidamos você a participar ativamente das perguntas que faremos durante a sessão


Se desejar baixar uma cópia da apresentação de hoje, vá ao endereço indicado no chat ou use este link

https://supportforums.cisco.com/docs/DOC-29811






a) Básica, Já tive alguns contatos, porém não entendo muito sobre a arquitetura em si.

b) Eu tenho conhecimento avançado, porém utilizo o time do TAC em muitos casos

c) Estou em processo de aprendizado

d) Não tenho idéia sobre o 6500

Qual é sua experiência com o Cisco Catalyst 6500?

© 2031 Cisco and/or its affiliates. All rights reserved. 62013 Cisco and/or Affiliates. All Rights Reserved

Rafael Lima

Data: 05/02/2013


• Chassis

• Supervisores, Line Cards e outros módulos

• Estrutura do Catalyst 6500 Backplane

• Introdução às Estruturas do Share Bus e do Switch Fabric

• Catalyst 6500

• Line Card Packet Flow

• High CPU

• Route Processor Redundancy e o RPR+

• Usando o SSO e o NSF



Slots VerticaisSlots Horizontais

6503

6506

6509

6509-NEBS

(EOS)

65136509-NEBS-A



Supervisor 32

Camada de Acesso


Switch Fabric

Supervisora 720

Com Switch fabric

Camada de core


10/100 TX and 100 Fiber 10/100/1000 TX GE SFP

GE GBIC 10GE Inline Power

OSM FlexWAN SIP

Ethernet Line Cards

WAN Line Cards


Firewall ModuleIPSec VPN Shared Port

AdapterIntrusion Detection SSL

CSM CSM-S

Segurança

Application Networking Services

ACE


CSG

IP Telephony

Serviços Wireless

WLSM MWAM

CMM T1/E1 Services Modules

CMM

NAM and NAM2 TAD

Network Monitoring



32-Gbps Shared Switching Bus

Multilayer

Forwarding TableLine Card

Sistema PFC

Switching

Multilayer Switch

Feature Card

Fabric

Arbitration

Network MGMT

NMP/MCP

Supervisor Engine

Bus

ASIC

Port

ASIC

Local

Buffer

Port or Bus

ASIC

Local

Buffer

10/100 Ethernet Gigabit Ethernet

Control BusResults Bus


Multilayer

Forwarding Table

PFC Switching

System

Multilayer Switch

Feature Card

Fabric

Arbitration

Network MGMT

NMP/MCP

Supervisor Engine 720

C

R

O

S

S

B

A

R

Fabric

ASIC

1 x 20 Gbps

1 x 20 Gbps

1 x 8 Gbps

1 x 8 Gbps

1 x 8 Gbps

Port ASIC

Port ASIC

Port ASIC

Port ASIC

Fabric

ASIC

Fabric

ASIC

Fabric

ASIC

Fabric

ASIC

Port ASIC

CEF256

dCEF256

CEF720


Slot1 Slot2 Slot3 Slot4

Slot7 Slot8 Slot9

Slot 5

Fabric ASIC Fabric ASIC Fabric ASIC Fabric ASIC

Fabric ASIC Fabric ASIC Fabric ASIC

Slo

t5

Fab

ric A

SIC

Slo

t6

Fab

ric A

SIC

Slot 6

= Fabric (SFM/Sup)

= Line Card

Type of card in slot:


Slo

t7

Fab

ric A

SIC

Slo

t8

Fab

ric A

SIC

Slot2 Slot3 Slot4 Slot5 Slot6Slot1

Fabric ASIC

Slot9 Slot10 Slot11 Slot12 Slot13

Fabric ASIC Fabric ASIC Fabric ASIC Fabric ASIC Fabric ASIC

Fabric ASIC Fabric ASIC Fabric ASIC Fabric ASIC Fabric ASIC

Slot 7

Slot 8

= Fabric (SFM/Sup)

= Line Card

Type of card in slot:



dCEF

• Encaminhamento distribuido baseado em

hardware.

• dCEF engine tem a cópia de toda a tabela de

encaminhamento no próprio módulo

• Todo o tráfego é encaminhado de forma

permanente em 48 Mpps (for DFC3 on

CEF720)

CEF

• Encaminhamento centralizado baseado em

Hardware

• PFC na supervisora faz toda a decisão do

encaminhamento de pacotes

• Encaminha pacotes de forma centralizada em

até 30Mpps

As características da arquitetura de encaminhamento CEF

incluem:


Supervisor

Engine 720

Classic Series

20

20

z

CEF720 Series

OptionalDFC3

88

8

30 to 400 Mpps

Forwarding

Performance

dCEF720 Series

IntegratedDFC3

IntegratedDFC3

dCEF256 Series

20

Integrated

Switch Fabric

Routing TableMSFC3

PFC3

20

20

Hardware Fwd

Tables

32-Gbps Switching Bus

CEF256 Series

OptionalDFC3


Supervisor Engine 32 with Eight GE Uplinks

WS-SUP32-GE-3BSupervisor Engine 32 with Two 10-

GE Uplinks

WS-SUP32-10GE-3B


RS-232

Console Port

Compact Flash

Slot

8 x SFP based GE Uplink Ports

1 x 10/100/1000 GE

Uplink Port

2 x USB Ports



PFC3B


Supervisora Engine 32

MSFC2a


Architecture Supported?

Classic YES

CEF256 YES

dCEF256 NO

CEF720 NO

dCEF720 NO

SFM/SFM2 NO

Services Modules

YES

Any DFC NO

OSM* YES

SIP YES

FlexWAN YES

*OSM: Original Storage Manufacturer



Removable Storage

Slots

Console PortUplink Ports


Supervisor Engine 720-3B Supervisor Engine 720-3BXL

Incorpora a nova PFC3B

para prover as mesmas

caracteristicas que a XL, mas

com menos capacidade de

rotas e informações de flow

Incorpora a nova PFC3BXL,

aumentando as

características em hardware

para rotas e informações de

flow


Name PFC3A PFC3B PFC3B-XL

Routes 256,000 256,000 1 million

Number of ACLs 512 4000 4000

NetFlow Entries 128,000 (64,000) 128,000 (115,000) 256,000 (230,000)

ACE Counters No Yes Yes

MPLS No Yes Yes

Default MemorySP 512 MB + RP 512

MBSP 512 MB + RP 512

MBSP 1 GB + RP 1

GB


Switch Fabric

• Switch fabric 720-Gbpsintegrado

• CEF256 e dCEF256conectados em um canal de 8Gbpspor canal da fabric

• CEF720 e dCEF720conectado em um canal de 20 Gbpspor canal da fabric


Características do IPv6 Hardware

128,000 FIB entries

IPv6 load sharing up to 16 paths

EtherChannel hash across 48 bits

IPv6 policing/NetFlow/classification

STD and EXT V6 ACLs

IPv6 QoS lookups

IPv6 multicast

IPv6-to-IPv4 Tunneling

IPv6 edge over MPLS (6PE)

Características do IPv6 Software

IPv6 addressing

ICMP for IPv6

DNS for IPv6

V6 MTU path discovery

SSH for IPv6

IPv6 Telnet

IPv6 traceroute

dCEF for IPv6

RIP for IPv6

IS-IS for IPv6

OSPF v3 for IPv6

BGP for IPv6

IPv6 function located

on PFC3


Características do MPLS HARDWARE

Up to 1000 MPLS VPNs

MPLS VPN (RFC 2457) on any

Ethernet port

MPLS multicast VPN

MPLS label switch router (LSR)

MPLS label edge router (LER)

MPLS Traffic Engineering (TE)

MPLS Ethernet over MPLS (EoMPLS)

on PFC3B

DSCP-to-EXP mappingMPLS function located

on PFC3

MPLS aplica-se a qualquer entrada

Ethernet dos seguintes line cards:

Classic Ethernet Line Cards

CEF256 Ethernet Line Cards

dCEF256 Ethernet Line Cards

CEF720 Ethernet Line Cards

dCEF720 Ethernet Line Cards



a) 6509

b) 6513

c) 6508

d) 6506

Qual dos equipamentos abaixo não existe?


Classic CEF256

Shared Bus

Connector

Crossbar

Connector

Shared Bus

Connector


32-Gbps Shared Bus

Switch Fabric Crossbar

Supervisor

Classic

Line Cards

CEF256

Line Cards

8

8 8

dCEF720

Line Cards

20 20

20 20

CEF720

Line Cards

dCEF256

Line Cards


Módulos classic suportam uma conexão somente

com o shared bus de 32 Gbps

Buffer Buffer Buffer

10/100 ASIC

Buffer

Ports 1–12 Ports 13–24 Ports 25–36 Ports 37–48

10/100 ASIC10/100 ASIC10/100 ASIC

32-Gbps Shared Bus

Gigabit Ethernet ASIC

48-Port 10- and 100-MBps Line Card


Crossbar

32-Gbps Shared Bus

8

Optional DFC

Daughter Card

Port ASIC

Fabric

ASIC

512-KB Buffer

Port ASIC

512-KB Buffer

Port ASIC

512-KB Buffer

Port ASIC

512-KB Buffer

32 Gbps Local Switching Bus


Módulos CEF256 suportam uma conexão com o

32 Gbps shared bus e uma conexão de 8-Gbps

com o switch fabric.

16-Port Gigabit Ethernet Line Card


8

Port ASIC

Fabric ASIC

512-KB Buffer

Port ASIC

512-KB Buffer

Port ASIC

512-KB Buffer

Port ASIC

512-KB Buffer

32-Gbps Local Bus

8

Fabric ASIC Integrated DFC and DFC3

32-Gbps Local Bus



Módulos dCEF256 suportam duas

conexões de 8-Gbps com o switch fabric,

somente.

Crossbar


20

Port ASIC Port ASIC Port ASIC Port ASIC

20

Crossbar


Fabric

ASIC

Fabric

ASIC

32-Gbps Shared Bus


Optional DFC3

Daughter Card


20

Port ASIC Port ASIC Port ASIC Port ASIC

20

Crossbar

Integrated

DFC


Fabric

ASIC

Fabric

ASIC


Módulos dCEF720 suportam duas

conexões de 20-Gbps com o switch fabric

somente.



Supervisor

Engine 720

PFC3

Layer 3 and

Layer 4

Engine

DBUSRBUS

Classic

Module APort

ASIC

Classic

Module BLayer 2

Engine

Port

ASIC

SBlue

D

Port

ASIC

Red

Port

ASIC1

2 3

4

Source

Destination

Blue VLAN

Red VLAN

Entire Packet

Packet Header

D

S

720-Gbps

Switch

Fabric

XX

X


Supervisor

Engine 720

PFC3

Layers 3 and

4 Engine

DBUSRBUS

CEF256

Module A

8Gbps

LCDBUS

LCRBUS

Port

ASIC

Port

ASIC

LCRBUS

LCDBUS

CEF256

Module B

Fabric

Interface

8Gbps

L2 Engine

Port

ASIC

Fabric

Interface

720-Gbps

Switch

Fabric

SBlue

D

Port

ASIC

2

3

5

6

Source

Destination

Blue VLAN

Red VLAN

Entire packet

Packet header

D

S

1

4

XXNota: Encaminhamento de pacote CEF256-to-

CEF720 é similar. A maior diferença é a arquitetura da CEF720 e a velocidade do fabric channel.


DFC3 Layers 3

and 4

Engine

CEF720

Module B

and DFC3

Port

ASICSupervisor Engine 720

PFC3

CEF720

Module A

and DFC3

Layers 3 and

4 EngineDFC3

Layer 2

Engine

Layer 2

Engine

Fabric Interface and

Replication

Engine

720-Gbps

Switch

Fabric

20Gbps

20

Gb

ps

S

D

Red

Blue

Fabric Interface and

Replication

Engine

Port

ASIC

1

2

3

4

5

Port

ASIC

Port

ASIC

Source

Destination

Blue VLAN

Red VLAN

Entire Packet

Packet Header

D

S


CEF720

√

√

√

dCEF256

√

CEF256

√

√

√

√

√

√

√

√

Classic

√

√

√

√

√

√

√

Interface Type

10/100BASE-TX

100BASE-FX

10/100/1000BASE-TX

1000BASE GBIC

1000BASE SFP

10GE XENPAK

10BASE-FL

Services Modules

FlexWAN

OSMs*

SIP

* OSM: Optical Services Module



O 6500 suporta duas supervisoras. Um comando CLI é provido para

permitir ao administrador inspecionar qual SFM está ativo.

6500# show fabric active

Active fabric card in slot 5

No backup fabric card in the system

O modo de operação em uso pelo SFM pode ser inspecionado com o

comando abaixo:

6500# show fabric switching-mode

Fabric module is not required for system to operate

Modules are allowed to operate in bus mode

Truncated mode is not allowed unless threshold is met

Threshold for truncated mode operation is 2 SFM-capable cards

Module Slot Switching Mode

1 Crossbar

2 Crossbar

3 Crossbar

5 DCEF


O estado do SFM pode ser inspecionado com o comando:

6500# show fabric status

slot channel speed module fabric

status status

1 0 8G OK OK

2 0 8G OK OK

3 0 8G OK OK

5 0 20G OK OK

6500# show fabric utilization

slot channel speed Ingress % Egress %

1 0 8G 28 0

2 0 8G 0 0

3 0 8G 0 25

5 0 20G 0 0

A utilização do SFM pode ser inspecionado com o comando abaixo:


Durante o troubleshooting, o SFM pode ser inspecionado por erro de

transmissão:

6500# show fabric errors

Module errors:

slot channel crc hbeat sync DDR sync

1 0 0 0 0 0

2 0 0 0 0 0

3 0 0 0 0 0

5 0 0 0 0 0

Fabric errors:

slot channel sync buffer timeout

1 0 0 0 0

2 0 0 0 0

3 0 0 0 0

5 0 0 0 0

6500#


• Este comando provêuma “tabela” de capacidade de hardware assimcomo sua utilização.

C6500# show platform hardware capacity ?

acl Show QoS/Security ACL capacity

cpu Show CPU resources capacity

eobc Show EOBC resources capacity

fabric Show Switch Fabric resources capacity

flash Show Flash/NVRAM resources capacity

forwarding Show forwarding engine capacity

interface Show Interface resources capacity

monitor Show SPAN resources capacity

multicast Show L3 Multicast resources capacity

netflow Show Netflow capacity

pfc Show PFC resources capacity

power Show Power resources capacity

qos Show QoS resources capacity

rate-limit Show CPU Rate Limiters capacity

system Show System resources capacity

vlan Show VLAN resources capacity


Verificação de capacidade de acl em hardware

6500#show platform hardware capacity acl

ACL/QoS TCAM Resources

Key: ACLent - ACL TCAM entries, ACLmsk - ACL TCAM masks, AND - ANDOR,

QoSent - QoS TCAM entries, QOSmsk - QoS TCAM masks, OR - ORAND,

Lbl-in - ingress label, Lbl-eg - egress label, LOUsrc - LOU source,

LOUdst - LOU destination, ADJ - ACL adjacency

Module ACLent ACLmsk QoSent QoSmsk Lbl-in Lbl-eg LOUsrc LOUdst AND OR ADJ

6 1% 2% 1% 1% 1% 1% 0% 0% 0% 0% 1%

Verificação de capacidade de energia no hardware

6500#show platform hardware capacity power

Power Resources

Power supply redundancy mode: administratively redundant

operationally non-redundant (single power supply)

System power: 2331W, 0W (0%) inline, 1087W (47%) total allocated

Powered devices: 0 total, 0 Class3, 0 Class2, 0 Class1, 0 Class0, 0 Cisco





Em qual porcentagem de CPU eu deveria começar o troubleshoot?

Depende da natureza e do nível de tráfego. Para encontrar um baseline, é essencial monitorar a CPU em condições normais de trabalho e começar um troubleshoot quando linha ultrapassar o limite específico. Ex.: Base da RP CPU 25%. Comece a debugar quando a utilização estiver consistentementeem 40% ou mais.

Por que devo me preocupar com high CPU?

É muito importante proteger a control-plane para a estabilidade da redepois os recursos (CPU, Memory and buffer) são compartilhados pelacontrol-plane e data-plane

Quais são os sintomas usuais de high CPU?

• Instabilidade da Control-plane Ex.: OSPF flap

• Perda de pacote

• Redução da performance de switching/forwarding

• Resposta lenta a Telnet / SSH

• SNMP poll perdido


• Encaminhamento na mesma interface (para gerar ICMP redirects)

• ACL log

• TTL<2

• IP options

• Fragmentação

• ACL deny ou sem route packet (para gerar ICMP unreachable)

• Forwarding exception (out of TCAM / Adjacency space)

• Feature exception (out of TCAM space / conflict)

• SW-supported feature (crypto, NBAR)

• Multicast RPF drops

• Platform-specific traffic handling

• Forwarding path issues – requires troubleshooting


Comandos utilizados pra gerar um baseline

Flash

DRAM

Flash

DRAM1 Gbps

Inband

SP

CPU

1 Gbps

Inband

RP

CPU Port ASIC

MSFC 3

SP: show process cpu

RP: show ibcRP: show process cpu

Sup720

RP: show ip traffic

RP: show interfaces

C

C

SP: show ibc

C = ControllerMonitor the CPU usage in DFCs also using “remote command

module <mod#> show process cpu”


Verificação da CPU na RP

6500#show proc cpu sorted | ex 0.00

CPU utilization for five seconds: 0%/0%; one minute: 1%; five minutes: 1%

PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process

355 1015124 4559016 222 0.15% 0.06% 0.06% 0 CEF: IPv4 proces

267 155292 1262153 123 0.07% 0.03% 0.02% 0 CDP Protocol

51 11436 3101996 3 0.07% 0.05% 0.07% 0 Per-Second Jobs

297 352 392762370 0 0.07% 0.11% 0.10% 0 Ethernet Msec Ti

122 1048 5787 181 0.07% 0.03% 0.02% 1 Virtual Exec

Verificação da CPU na SP

6500#remote command switch show proc cpu sorted | ex 0.00



114 85715040 373019333 229 5.03% 5.20% 5.19% 0 slcp process

258 51557588 1816906 28376 1.75% 1.73% 1.73% 0 Vlan Statistics

9 10515620 677243 15527 1.11% 0.28% 0.30% 0 Check heaps


Utilização de CPU é devido a:

Processo (ex.: eventos recorrentes, control-plane process)

Interrupção (ex.: alta quantidade de tráfego)

Investigar a utilização da CPU via “show proc cpu” e descobrir se o uso é devido ao processo ou interrupção.

DUT#show proc cpu

CPU utilization for five seconds: 99%/90%; one minute: 9%; five

minutes: 8%


2 720 88 8181 9.12% 1.11% 0.23% 18 Virtual

Exec

Total CPU usage (Process + Interrupt)CPU usage due to Interrupt


• Causado pelo ARP flooding.

• Rota estática configurada com interface em vez do endereço IP do next-hop. Isso irá gerar ARP request de todos os pacotes que não são acessíveis através de rotas mais específicas.

ip route 0.0.0.0 0.0.0.0 GigabitEthernet 2/5

DUT#show ip traffic | begin ARP

ARP statistics:

Rcvd: 6512 requests, 2092 replies, 0 reverse, 0 other

Sent: 258 requests, 707 replies (0 proxy), 0 reverse

Drop due to input queue full: 20

<snip>

DUT#show interfaces | include line protocol|rate

Vlan501 is up, line protocol is up

5 minute input rate 23013521 bits/sec, 2535 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

Processo: ARP Input

Incrementando em uma alta taxa

Olhar por valores “anormais”


Configure Optimized ACL Logging (OAL) in PFC3

onwards

• Causado por tráfego que precisa ser process-switched oudestinado a CPU

Razões comuns:

- Tráfego com IP-options habilitado

- Fragmentação (MTU incompatível)

- Broadcast storm

- Tráfego que precisa de processamento da CPU Ex.:, ACL Logging

- Tráfego para o qual ICMP Redirect ou Unreachable é requeridoEx.: TTL=1, ACL Deny etc.

Processo: IP Input


DUT#show ip traffic

IP statistics:

Rcvd: 81676 total, 20945 local destination

0 format errors, 0 checksum errors, 41031 bad hop count

0 unknown protocol, 19609 not a gateway

0 security failures, 0 bad options, 120 with options

Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble

0 fragmented, 0 couldn't fragment

Bcast: 417 received, 0 sent

Mcast: 11423 received, 52655 sent

Sent: 61340 generated, 0 forwarded

Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency

0 no route, 0 unicast RPF, 0 forced drop

0 options denied, 0 source IP address zero

ICMP statistics:

Rcvd: 0 format errors, 0 checksum errors, 17 redirects, 112 unreachable

812 echo, 812 echo reply, 0 mask requests, 0 mask replies, 0 quench

0 parameter, 0 timestamp, 0 info request, 0 other

0 irdp solicitations, 0 irdp advertisements

0 time exceeded, 0 timestamp replies, 0 info replies

ARP statistics:

Rcvd: 3518120 requests, 3636408 replies, 0 reverse, 0 other

• TTL<2

• IP options

• Fragmentation

• Broadcasts

• ARP not resolved

• Ping Request

• Punts to generate ICMP redirect

• ARPs

It also displays stats for :

BGP, EIGRP, TCP, UDP,

PIM, IGMP and OSPF

Do this command few

times to find the fastest

growing counter


DUT#show proc cpu


Na maioria das vezes, os pacotes punted à CPU tem fatores comuns:

• Pacotes recebidos na mesma VLAN / interface, interfaces no mesmo módulo ou mesma VRF, etc

• Pacotes que tem um destino específico ou os prefixos do destino foram aprendidos de um específico vizinho.

• Pacotes que tem a mesma origem L4 ou porta de destino

Como solucionar problemas do high CPU duranteinterrupções ?

Details on all supported Packet Capture Tools


Verificar se o CEF está habilitado globalmente ou em todas as interfacesDUT#show cef state

CEF Status:

RP instance

common CEF enabled

IPv4 CEF Status:

CEF enabled/running

dCEF enabled/running

CEF switching enabled/running

DUT#show ip interfaces | include line pro|CEF switching


IP CEF switching is enabled


IP CEF switching is enabled

Verify if CEF is enabled globally and per interface


Switching path statistics – por base em interfaceDUT#show interface gig7/4 stats

GigabitEthernet7/4

Switching path Pkts In Chars In Pkts Out Chars Out

Processor 4406750 353281375 32881 12422509

Route cache 74026 4589612 0 0

Distributed cache 0 0 0 0

Total 4480776 357870987 32881 12422509

DUT#show interface switching

GigabitEthernet2/2

Protocol Path Pkts In Chars In Pkts Out Chars Out

IP Process 11594 717908 16 1838

Cache misses 0

Fast 0 0 0 0

Auton/SSE 0 0 0 0

ARP Process 94 5640 5 560

Cache misses 0

Fast 0 0 0 0

Auton/SSE 0 0 0 0

. . . .

Process switched

SW CEF switched

Hw-switched

Process name

Process switched

Distributed switched packets


DUT#debug netdr capture ?

acl (11) Capture packets matching an acl

and-filter (3) Apply filters in an and function: all must match

continuous (1) Capture packets continuously: cyclic overwrite

destination-ip-address (10) Capture all packets matching ip dst address

dstindex (7) Capture all packets matching destination index

ethertype (8) Capture all packets matching ethertype

interface (4) Capture packets related to this interface

or-filter (3) Apply filters in an or function: only one must match

rx (2) Capture incoming packets only

source-ip-address (9) Capture all packets matching ip src address

srcindex (6) Capture all packets matching source index

tx (2) Capture outgoing packets only

vlan (5) Capture packets matching this vlan number

<cr>

Seja o maisespecífico possível; Na SP, remote login switch, entãoutilize as mesmaslinhas de comando

This debug should not be service-impacting


DUT#show netdr captured-packets

A total of 289 packets have been captured

The capture buffer wrapped 0 times

Total capture capacity: 4096 packets

------- dump of incoming inband packet -------

interface Vl1000, routine mistral_process_rx_packet_inlin

dbus info: src_vlan 0x3E8(1000), src_indx 0x45(69), len 0x40(64)

bpdu 0, index_dir 0, flood 1, dont_lrn 0, dest_indx 0x43E8(17384)

80000401 03E80400 00450000 40800000 E0000000 00000000 00000008 43E80000

mistral hdr: req_token 0x0(0), src_index 0x45(69), rx_offset 0x76(118)

requeue 0, obl_pkt 0, vlan 0x3E8(1000)

destmac FF.FF.FF.FF.FF.FF, srcmac 00.A0.CC.21.94.C4, protocol 0806

layer 3 data: 00010800 06040001 00A0CC21 94C40500 01660000 00000000

05000102 00000000 00000000 00000000 00000000 000001FE

00000006 00000000 000003E8

...

DUT#undebug netdr

DUT#debug netdr clear-captur

Exemplo de pacoteentrante na interface VLAN 1000

Tenha certeza de que o debug foidesligado

Limpe a memória utilizada para o debug netdr

ARP packet

e



• Crashes irão necessitar da ajuda do TAC

• Abra um chamado no TAC e colete as seguintes informações:

Crashinfo file

Core file (if configured so)

Show tech-support

E informações dos eventos que ocorreram antes do crash.


00:05:29: %DUMPER-3-PROCINFO: pid = 16427: (sbin/tcp.proc), terminated due to signal SIGTRAP, trace trap

(not reset when caught) (Signal from user)

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: zero at v0 v1

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R0 00000000 00000000 00000004 00000000

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: a0 a1 a2 a3

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R4 7BC22298 00000000 00000000 00000000

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: t0 t1 t2 t3


00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: t4 t5 t6 t7


00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: s0 s1 s2 s3

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R16 00FDDFA0 00000000 00000000 00000000

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: s4 s5 s6 s7


00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: t8 t9 k0 k1

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R24 00000000 722B3F4C 00000000 00000000

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: gp sp s8 ra

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R28 7828FF90 00FDDF60 00000000 72297450

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: sr lo hi bad

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R32 1001FC73 00000000 00000000 78288970

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: cause pc epc

00:05:29: %DUMPER-3-REGISTERS_INFO: 16427: R36 00800020 722B3F5C 00000000

00:05:29: %DUMPER-3-TRACE_BACK_INFO: 16427: (libc.so+0x2EF5C) (libc.so+0x12450) (s72033_rp-

adventerprisek9_wan-58-dso-p.so+0x17C00) (libc.so+0x127AC)

00:05:30: %DUMPER-3-CRASHINFO_FILE_NAME: 16427: Crashinfo for process sbin/tcp.proc at

bootflash:/crashinfo_tcp.proc-20050910-012841

00:05:30: %DUMPER-3-CORE_FILE_NAME: 16427: Core for process sbin/tcp.proc at disk0:/tcp.proc.012842.dmp.Z

00:05:31: %DUMPER-5-DUMP_SUCCESS: 16427: Core dump success

00:05:31: %SYSMGR-3-ABNORMTERM: tcp.proc:1 (jid 91) abnormally terminated, restarted scheduled

Crashing process nameCrashing process ID

Crashinfo

filename

and location

Core

filename

and location


• Para o slide anterior o processo tcp.proc teve um crash, então colete osarquivos abaixo:

Crashinfo

filename

and location

Both

filenames

encode the

process that

crashed

Cat6K#dir bootflash:

Directory of bootflash:/

4 -rw- 139528 Sep 9 2008 19:28:42 -06:00 crashinfo_tcp.proc-20050910-012841

65536000 bytes total (64979832 bytes free)

Cat6K#dir disk0:

Directory of disk0:/

1 -rw- 111923344 Sep 1 2008 10:26:54 -06:00 s72033-adventerprisek9_wan_dbg-

vz.PP_R31_INTEG_050829

2 -rw- 112078968 Sep 9 2008 14:50:54 -06:00 s72033-adventerprisek9_wan_dbg-

vz.pikespeak_r31_0908_1

3 -rw- 107608208 Sep 9 2008 18:50:04 -06:00 s72033-adventerprisek9_wan-vz.122-

99.SX1010

4 -rw- 131517 Sep 9 2008 19:28:42 -06:00 tcp.proc.012842.dmp.Z

512040960 bytes total (180281344 bytes free)



Resiliency (Layer 2 or Layer 3): SSO, NSF

Protection Schemes: HSRP/GLBP/VRRP, EtherChannel, 802.1s/w, PVST+

OperationsOIR of Line Cards

OIR of Sup

OIR of PSU, Modules

TDR

NAIS

RedundancySupervisor

Switch Fabric

Service Modules

Clock

Fans

Power Supplies

Fault DetectionGOLD

Soft HANetwork

Element

Redundancy

Network

Resilience

Operational

Processes



O Catalyst 6500 suporta failover entre duas supervisoras instaladas no

switch. Dois modos tolerantes a falhas podem ser configurados; Route

Processor Redundancy (RPR) e Route Processor Redundancy

Plus (RPR+).

Sup720-A

Sup720-B

RPR

RPR+

RPR+ provê

failover

geralmente entre

30-60 segundos

RPR provê

failover

geralmente dentro

de 2 a 4 minutos

PSU PSU

Catalyst 6500

RPR+ requer duas

supervisoras de

mesmo modelo, e as

duas devem rodar o

mesmo IOS image.


Configuração de RPR and RPR+ é conseguido entrando no modo de

configuração de redundância e escolhendo o método

6500# conf t

Enter configuration commands, one per line. End with CNTL/Z.

6500(config)# redundancy

6500(config-red)# mode ?

rpr Route Processor Redundancy

rpr-plus Route Processor Redundancy Plus

RPR RPR+

6500(config-red)# mode rpr 6500(config-red)# mode rpr-plus


O status de configuração redundante do switch pode ser visto usando o

seguinte comando:

6500# show redundancy states

my state = 13 -ACTIVE

peer state = 1 -DISABLED

Mode = Simplex

Unit = Primary

Unit ID = 5

Redundancy Mode (Operational) = Route Processor Redundancy Plus

Redundancy Mode (Configured) = Route Processor Redundancy Plus

Split Mode = Disabled

Manual Swact = Disabled Reason: Simplex mode

Communications = Down Reason: Simplex mode

client count = 11

client_notification_TMR = 30000 milliseconds

keep_alive TMR = 9000 milliseconds

keep_alive count = 0

keep_alive threshold = 18

RF debug mask = 0x0

Redundant State Configured



Basic Performance check

Supervisoras Active and standby rodamem modo sincronizado.

MSFC redundante está em modo hot-standby

Switch processors sincroniza STP, port and VTP states.

PFCs sincroniza Layer 2 and Layer 3 FIB, Netflow and ACL tables.

DFCs não são populadas com Layer 2 and Layer 3 FIB, Netflow and ACL tables.

Failover rápido (0 a 3 segundos) entre supervisoras mas ainda precisa reconstruir rotas em roteadores externos.

Standby Supervisor

Sup MSFC PFC

Line Card

Sup MSFC PFC

Active Supervisor

Line Card

Line Card

DFC

DFC

DFC


Active Standby

STP, Port, VTP States

Layer 2 and Layer 3 FIB, Netflow, ACL Tables


RPNova RP

remonta a

tabela e

reestabelece

a vizinhança

Tráfego Layer

3

é

encaminhado

pela última

FIB

conhecida

pelo hardware

DFCs não são

afetadas pelo failover

da supervisora

ActiveStandby

STP, Port, VTP States



RP RP

SP

PFCx

SP

PFCx

SP

RP

PFCx PFCx

SP

DFCx DFCx

Antes do Failover Depois do Failover


• NSF-aware vizinhos não reconvergem.

• NSF-aware vizinhos ajudam oNSF-capable router a reiniciar.

• NSF-aware vizinhos continuamencaminhando tráfego para o roteadorvizinho.

NSF-

capable

router

NSF-aware

neighbor

Failover time:

0 to 3 seconds

• NSF-capable roteador remontaLayer 3 database do vizinho

• Os dados são transmitidos em hardware baseado empreswitchover CEF information enquanto o roteamentoreconverge

• Predictable traffic path

• No route flap

NSF-aware

neighbor

PSU

1

Linecard 1

Catalyst 6500

Linecard 3

Linecard 3

Linecard 4

Primary Supervisor 720

Redundant Supervisor 720

Linecard 7

Linecard 8

Linecard 9

PSU

2


•Para configurar o SSO para usar o NSF:

•6500(config)# redundancy

•6500(config-red)# mode sso

•Para verificar a configuração:

•6500# show redundancy states


•Para configurar o BGP NSF:

•6500(config)# router bgp as-number

•6500(config-router)# bgp graceful-restart


•6500# show ip bgp neighbors x.x.x.x


•Para configurar o OSPF NSF:

•6500(config)# router ospf processID

•6500(config-router)# nsf


•6500# show ip ospf


•Para configurar o ISIS NSF:

•6500(config)# router isis tag

•6500(config-router)# nsf [cisco | ietf]


•6500# show running-config

•6500# show isis nsf


•Para configurar o EIGRP NSF:

•6500(config)# router eigrp as-number

•6500(config-router)# nsf


•6500# show running-config

•6500# show ip routing


2-4 minutos Todos osreleases

30-60 segundos Todos osreleases

0-3 segundos

Layer 2

12.2(17b)SXA

12.2(17d)SXB

0-3 segundos

layers 2-4

12.2(18)SXD



•Altas taxas de tráfego broadcast impacta a CPU e a estabilidade da rede

Storm control limita a taxa de tráfego broadcast recebido pelo switch de distribuição

Tráfego de Broadcast no switch local continua desenfreadamente

Dispositivos de sub-rede local podem ser afetados, mas a rede permanece viva.

CONST_DIAG-SP-6-HM_MESSAGE: High traffic/CPU util

seen on Module 5 [SP=40%,RP=99%,Traffic=0%]


•Storm control também é conhecido comobroadcast suppression:

Limita o volume broadcast, multicast e/ouunicast

Protege a rede de ataquesintencionais e nãointencionais e STP loops.

Limita a combinação da taxa de broadcast e multicast para pico normal

Threshold

Dropped Packets

0 1 2 3Time

Seconds

Quantity


0

10

20

30

40

50

60

70

80

90

0.1 0.05 1 1.5 2 2.5 3

Percentage of Broadcast Traffice

Perc

en

tag

e o

f C

PU

Uti

lizait

on

•Configure storm control em downlinks de distribuição. Limitebroadcast e multicast a 1.0% de um link GigE para assegurar que a CPU da distribuição permaneça em uma zona segura.

! Enable storm control

storm-control broadcast

level 1.0

storm-control multicast

level 1.0Conservative Max Sup720 CPU Load

Broadcast Traffic CPU Impact


Storm control suppression é configurado em modo de interface como

segue:

6500(config-if)# storm-control ?

broadcast Broadcast address storm control

multicast Multicast address storm control

unicast Unicast address storm control

6500(config-if)# storm-control broadcast ?

level Set storm suppression level on this interface

6500(config-if)# storm-control broadcast level ?

<0 - 100> Enter Integer part of storm suppression level

6500(config-if)# storm-control multicast level ?


6500(config-if)# storm-control unicast level ?



6500# show interface g1/9 counters broadcast

Port TotalSuppDiscards

Gi1/9 1033

6500# show interface g1/9 counters multicast


Gi1/9 12

6500# show interface g1/9 counters unicast


Gi1/9 204

6500#

Estatisticas para storm control suppression podem ser vistas assim:



GOLD implementa uma série de verificação de saúde tanto na inicialização do

sistema e, enquanto o sistema está funcionando. GOLD complementa features

existentes de HA como NSF/SSO rodando em background, e alertando HA

features quando algo é encontrado.

Bootup Diagnostics

Check operational status of

components

Run Time Diagnostics

On-demand diagnostics

statically triggered by an

administrator

Scheduled diagnostics to run at

a specific time

Non-disruptive health

diagnostics running in the

background

SYSLOG Message

%DIAG-SP-3-MAJOR: Module

2: Online Diagnostics detected

a Major Error. Please use

diagnostic Module 2' to see test

results.

Diagnostic Results

Diagnostic Action

Invoke action to resolve issue

i.e. reset component, invoke HA

action, CallHome, etc


Boot Up Diagnostics

Health Monitoring Diagnostics

Proactive diagnostics

serve as high

availability triggers

and take faulty

hardware out of

service.

• Quick go and no-go tests

• Disruptive and nondisruptive tests

• Periodic background tests

• Nondisruptive tests

On-demand Diagnostics

and Schedule Diagnostics

Reactive

diagnostics for

troubleshooting

• Can run all the tests

• Include disruptive tests used

in manufacturing

Quadro de detecção de falhas para alta disponibilidade :

Ferramentas de Troubleshooting:


•Diagnóstico de inicialização:

•EARL learning tests (Sup & DFC)

•L2 tests (channel, BPDU, capture)

•L3 tests (IPv4, IPv6, MPLS)

•Span and multicast tests

•CAM lookup tests (FIB, NetFlow, QoS CAM)

•Port loopback test (all cards)

•Fabric snake tests

Diagnóstico de monitoramento saudável:

•SP-RP inband ping test (Sup’s SP/RP, EARL(L2&L3), RW engine)

•Fabric channel health test (fabric enabled line cards)

•MacNotification test (DFC line cards)

•Non-disruptive loopback test

•Scratch registers test (PLD & ASICs)

Diagnóstico sob demanda:

• Exhaustive memory test

• Exhaustive TCAM search test

• Stress Testing

• All bootup and health monitoring tests can be run on-demand

Diagnóstico programado:

• All bootup and health monitoring tests can be scheduled

• Scheduled switch-over


• Cisco Support Community

https://supportforums.cisco.com/

https://supportforums.cisco.com/community/portuguese

https://supportforums.cisco.com/




a) Show cpu

b) Show cpu utlization

c) Show process cpu

d) Show process memory

Como verificamos a utilização da CPU


Aqueles que preencherem o questionário de

avaliação entrarão em um sorteio para ganhar

Um vale presente

Para fazer a avaliação, favor clicar no endereço

fornecido no chat ou no pop-up quando o evento

terminar.

104© 2013 Cisco and/or its affiliates. All rights reserved.

Se tiver perguntas adicionais, poderá perguntar ao especialista.Ele estará respondendo do dia 5 ao dia 15 de fevereiro.

https://supportforums.cisco.com/message/3846976#3846976

Você poderá assistir ao video ou ler as perguntas e respostasdurante 5 dias úteis após o evento em


https://supportforums.cisco.com/message/3846976





Até o dia 8 de fevereiro

Com o Especialista Cisco :Emerson

Tire dúvidas sobre o Videoscape, uma solução única para prover conteúdo multi plataforma (da tv ao celular).

Acesse

https://supportforums.cisco.com/thread/2193866

Tema: Videoscape: uma solução única para prover

conteúdo multi plataforma (da tv ao celular).




Com o especialista da Cisco Jose Luiz Marques

Dia 16 de Abril - Horário: 11 a.m. Brasil

1 p.m. Portugal

Durante este evento ao vido você irá aprender osconceitos básicos da ferramenta Multicast VPN ecomo solucionar problemas comuns de trobleshoot.

Registre-se a partir do dia 18 de fevereiro naComunidade Suporte da Cisco em Português:


Tema: VPN Fundamentals, Configuration, and

Troubleshooting


Dia 12 de Fevereiro,

11:30 a.m. IST Bangalore (India UTC +5:30 hours)6 a.m. Portugal5 p.m. Sydney

Junte-se ao especialista da Cisco Chetan Parik

Durante este evento ao vido você irá aprender o básico da ferramenta central UCS da Cisco e suasaplicações.

Registre-se para este Webcast em:

http://tools.cisco.com/gems/cust/customerSite.do?METHOD=E&LANGUAGE_ID=E&SEMINAR_CODE=S17670&PRIORITY_CODE=cisco

Tema: Introduction to Cisco Unified Computing System

(Cisco UCS) Central


Agora

Tema: Installing, Configuring, and TroubleshootingCisco Unified MeetingPlaceJunte-se ao especialista da Cisco : Dejan Petrovic

Aprenda mais e faça perguntas sobre diferentes tipos de desenvolvimento deMeetingPlace, upgrade, migração e processos de troubleshooting.

Tema: Managing your Converged Network UsingCisco Prime InfrastructureJunte-se ao especialista da Cisco : Tejas ShahAprenda mais e faça perguntas sobre a convergência de sua rede wided e

wireless usando a Cisco Prime Infrastructure Application.

Tema: Firewall Security and Troubleshooting VPNfor Adaptive Security Appliances (ASA)Junte-se ao especialista da Cisco : Bhavik JoshiLearn and ask questio Aprenda mais e faça perguntas sobre segurança de

firewall para Cisco Adaptive Security Appliance (ASA) e VPN troubleshootingna Cisco Adaptive.

Estas discussões se encerram dia 8 de Fevereiro.

https://supportforums.cisco.com/community/netpro/expert-corner#view=ask-the-experts

https://supportforums.cisco.com/community/netpro/expert-corner









Em breveTema: Architecting your Collaboration solution with Social and Video

Junte-se ao especialista da Cisco : Gebran Chahrouri

Aprenda mais e faça perguntas sobre Cisco Collaboration Architectures com os aplicativos da Cisco Social and Video.

Tema: Using The Cisco Technical Support Mobile App to Resolve Your Technical Issues

Junte-se ao especialista da Cisco : Kent Wong

Aprenda mais e faça perguntas sobre os aplicativos do Suporte TécnicoMobile.

Events Start Monday February 11.

Join the discussion for these Ask The Expert Events at:

https://supportforums.cisco.com/community/netpro/expert-corner#view=ask-the-experts










Portugal: http://www.facebook.com/ciscoportugal

Brasil: http://www.facebook.com/CiscoDoBrasil

Portugal: https://twitter.com/CiscoPortugal

Brasil: http://twitter.com/CiscoDoBrasil

Portugal: http://www.youtube.com /user/ciscoportugal

Brasil: http://www.youtube.com/user/ciscoDoBrasilTV

Portugal: http://ciscoportugalblog.wordpress.com/

https://supportforms.cisco.com/

https://supportforms.cisco.com/


Se você fala Espanhol, Inglês, Japonês, Russo ou Polonês,

convidamos você a tirar suas dúvidas e colaborar nas comunidades

desses idiomas.

• Espanhol https://supportforums.cisco.com/community/spanish

• Inglês https://supportforums.cisco.com/index.jspa

• Japonês https://supportforums.cisco.com/community/csc-japan

• Polonês https://supportforums.cisco.com/community/etc/netpro-polska

• Russo https://supportforums.cisco.com/community/russian

https://supportforums.cisco.com/community/spanish

https://supportforums.cisco.com/index.jspa

https://supportforums.cisco.com/community/csc-japan



https://supportforums.cisco.com/community/etc/netpro-polska



https://supportforums.cisco.com/community/russian

Muito Obrigadopor assistir.

Por favor complete o formulário de avaliação e concorra a prêmios.

Thank you.

Documents

Comunidadede Suporte da Cisco - Webcast ao vivo: Cisco Catalyst6500 ... · Comunidadede Suporte da Cisco - Webcast ao vivo: Cisco Catalyst6500 Series Switches Rafael Lima Terça-feira