CDP(Cisco Discovery Protocol)

CCIE R&S candidate の作業ログ。

CDP(Cisco Discovery Protocol)

トポロジは昨日と一緒。

R2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R3               Fas 0/0            153         R S I     3725      Fas 0/1
R1               Fas 0/1            153         R S I     3725      Fas 0/0
R2#sh ver | inc IOS
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)
R2#sh cdp neigh detail
-------------------------
Device ID: R3
Entry address(es):
  IP address: 192.168.23.3
Platform: Cisco 3725,  Capabilities: Router Switch IGMP
Interface: FastEthernet0/0,  Port ID (outgoing port): FastEthernet0/1
Holdtime : 179 sec

Version :
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 17-Aug-10 12:08 by prod_rel_team

advertisement version: 2
VTP Management Domain: ''
Duplex: half

デバイスのバージョン

R2(config)#no cdp run

R2#sh run | inc cdp
no cdp log mismatch duplex
no cdp run
R1(config)#no cdp run

特定のインターフェース(スタブネットワークで PC、サーバー等が接続される側)にはこういう無効化設定をすることが多いっぽい。
無駄にトラフィックを消費するので喋らせる意味もない。
さらにはインターネット側に面するインターフェースにCDPを無効にする。
IOS のバージョンからプラットフォームまでバレるのでセキュリティ上の理由からである。

R1(config)#cdp run
R1(config)#int f1/0
R1(config-if)#no cdp enable

別に CDP のフレームを観測するデバイスは Cisco のデバイスである必要はなく、 CDP フレームを解釈できるものであれば(Wireshark等)まるわかりである。

Wireshark で覗き見(合法)。

cdp

でフィルタをかけている。

イーサネットフレームの送信元と宛先を確認してみる。

宛先アドレスは I/G ビットが立っているのでマルチキャストMACアドレスとなっている。
送信元はユニキャストMACアドレス。

読める、読めるぞ!

R1#sh cdp
Global CDP information:
    Sending CDP packets every 30 seconds
    Sending a holdtime value of 90 seconds
    Sending CDPv2 advertisements is  enabled
R1#sh cdp interface f0/0
FastEthernet0/0 is up, line protocol is up
  Encapsulation ARPA
  Sending CDP packets every 30 seconds
  Holdtime is 90 seconds
R1#sh cdp interface f1/0

R1#
R2#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R3               Fas 0/0            178         R S I     3725      Fas 0/1
R1               Fas 0/1            72          R S I     3725      Fas 0/0

cdp table のクリア

R2#clear cdp table
R2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R2#

特定のエントリの詳細のみ表示。

R2#show cdp entry ?
  *     all CDP neighbor entries
  WORD  Name of CDP neighbor entry

R2#show cdp entry R1
-------------------------
Device ID: R1
Entry address(es):
  IP address: 192.168.12.1
Platform: Cisco 3725,  Capabilities: Router Switch IGMP
Interface: FastEthernet0/1,  Port ID (outgoing port): FastEthernet0/0
Holdtime : 74 sec

Version :
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 17-Aug-10 12:08 by prod_rel_team

advertisement version: 2
VTP Management Domain: ''
Duplex: half

CDP のトラフィック統計情報を見る。
CDP version 2 のパケットのみ送受信している。

R2#sh cdp traffic
CDP counters :
    Total packets output: 812, Input: 681
    Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
    No memory: 0, Invalid packet: 0, Fragmented: 0
    CDP version 1 advertisements output: 0, Input: 0
    CDP version 2 advertisements output: 812, Input: 681

CDP 統計情報をリセットする

R2#clear cdp counters
R2#sh cdp traffic
CDP counters :
    Total packets output: 0, Input: 0
    Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
    No memory: 0, Invalid packet: 0, Fragmented: 0
    CDP version 1 advertisements output: 0, Input: 0
    CDP version 2 advertisements output: 0, Input: 0

ちなみに CDP に相当する LLDP が IEEE802.1AB で標準化されたマルチベンダの Layer 2 プロトコル。
Link Layer Discovery Protocol

遠くにあるデバイスの接続インターフェースもわかるし便利だね。

References

  1. Ciscoデバイスの操作 – CDP(Cisco Discovery neighbors)

Cisco Press CCIE R&S v5 Ex.1-1 Lab: Manual configuration of the speed and duplex

Cisco Press CCIE R&S v5 Ex.1-1 の提示されたサンプルを実際に試してみたら意外と大変だったという話。
やっぱり実機検証はいろいろと勉強になるなというもの。

この例はオートネゴシエーションを使わずに手動のデュプレックス、速度を設定する例で、片方を全二重で、もう一方を半二重にしてどうなるかというもの。
CDP ではデュプレックスの不一致として警告が表示される。

途中で実機を変更してやったのでスイッチ間のインタフェース番号が f0/3 から f0/13 になってます。
予め該当するインタフェースは no shut しておく。

ASW1#sh int f0/3
FastEthernet0/3 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0022.bd89.2183 (bia 0022.bd89.2183)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:08, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     174 packets input, 20631 bytes, 0 no buffer
     Received 86 broadcasts (86 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 86 multicast, 0 pause input
     0 input packets with dribble condition detected

speed -> duplex の順に設定する。
duplex を先に設定しようとすると reject される。
とのこと。

ASW1(config-if)#duplex half
ASW1(config-if)#
*Mar  1 00:22:33.250: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state t
o down
ASW1(config-if)#
*Mar  1 00:22:35.255: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state t
o up

コマンド入ったやんけ。。。

ASW1(config-if)#do sh int f0/3
FastEthernet0/3 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0022.bd89.2183 (bia 0022.bd89.2183)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     281 packets input, 33916 bytes, 0 no buffer
     Received 144 broadcasts (144 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 144 multicast, 0 pause input
     0 input packets with dribble condition detected

ちなみに IOS 15 系の Catalyst 2960 系

IOS 12 系の話か??

クロスケーブルとストレートケーブルがごっちゃになってて面倒。
まあ、Catalyst スイッチはだいたい Auto MDI/MDI-X やってくれるんだけどね。

ちなみにルータ同士はちゃんとクロスで接続しないとリンクアップしない。
物理レベルでは up してるけど L2 レベルではリンクアップしていないのがわかる。

Catalyst 2940 を引っ張り出してくる。

R2#sh int f0/1
FastEthernet0/1 is up, line protocol is down
  Hardware is Gt96k FE, address is 0024.c431.126f (bia 0024.c431.126f)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:01:25, output 00:01:26, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     5 packets input, 1690 bytes
     Received 5 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     20 packets output, 2330 bytes, 0 underruns

IOS 12 でも duplex コマンド先に入ったんだけど、、、

本当は以下のエラーが表示される。

Duplex will not be set until speed is set to non-auto value

原典にあたる。

  1. イーサネット 10/100/1000 Mbps 半二重/全二重自動ネゴシエーションの設定とトラブルシューティング – Cisco
  2. Tutorial: Cisco Catalyst 3560 Switch Interfaces Configuration – Cisco & Cisco Network Hardware News and Technology

今使ってるスイッチ

  1. Catalyst 2940 IOS 12
  2. Catalyst 2960 IOS 15
  3. Catalyst 3750 IOS 15

このセクションで説明するコマンドは、次のタイプのスイッチ製品に適用されます。 Cisco IOS システム ソフトウェア(スーパーバイザ エンジン III)が稼働する Catalyst 2900XL、3500XL、2950、3550、2948G-L3、4908G-L3、Catalyst 4500/4000 スイッチ製品、および Cisco IOS システム ソフトウェアが稼働する Catalyst 6500/6000 スイッチ製品

型番違う。
つまり再現できないじゃん。
そういうこととして覚えとくしか無いんか。。。
プラットフォーム依存。

output, collision の表記もない。
なんなんや・・・

54 output errors, 5 collisions, 0 interface resets
0 babbles, 54 late collision, 59 deferred

このへん激しいトラフィックが無いとコリジョン起こさないからだめなのかな・・・

ASW2#sh int f0/3
FastEthernet0/3 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0026.ca6b.e983 (bia 0026.ca6b.e983)
  MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 3000 bits/sec, 2 packets/sec
     34467 packets input, 2590785 bytes, 0 no buffer
     Received 28785 broadcasts (28784 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 28784 multicast, 0 pause input
     0 input packets with dribble condition detected

IOS 12 系でもそんな出力はない。

Switch#sh int f0/1
FastEthernet0/1 is down, line protocol is down (notconnect)
  Hardware is Fast Ethernet, address is 0012.7f15.d881 (bia 0012.7f15.d881)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, Auto-speed, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 01:45:28, output 01:45:29, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     26737 packets input, 2148098 bytes, 0 no buffer
     Received 22650 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 22650 multicast, 0 pause input
     0 input packets with dribble condition detected
     67480 packets output, 4791532 bytes, 0 underruns

なんなんや・・・

Solved: Catalyst 3850 high Total output drops a… – Cisco Support Community

あんま重要でもないのかなこのトピックは。

もっかい原典あさる。
今度は検索は cisco.com 直指定。英語のドキュメントのみ探す。

site:cisco.com Duplex will not be set until speed is set to non-auto value
  1. Configuring and Troubleshooting Ethernet 10/100/1000Mb Half/Full Duplex Auto-Negotiation

!— Error: On this platform, you must set the speed before the duplex.
!— Not all switch platforms have this command ordering requirement.

プラットフォーム依存だよとのこと。そういうことかよ・・・

日本語は have this command で尻切れトンボで終わってるので絶対原文読んだほうがいい。

Cisco Press の原著読む場合でも CCO (っていうのかな?)を合わせて調べるのは必須ということやな・・。

  1. Cisco.com (CCO) に登録しよう:ネットワークエンジニアになろう!
  2. CCIE R&S CCO (cisco.com) 公式ドキュメント
  3. Select Your Product or Technology – Product/Technology Support – Cisco Systems

残りの検証内容は

双方向の大量のトラフィックを流して確認

Solved: CRC Errors on Cat 2950 – Cisco Support Community

1週間後ぐらいの追試。
ヤフオクで Catalyst 2950 2台落札してやりました。

本当は以下の項目も表示してほしい

54 output errors, 5 collisions, 0 interface resets
0 babbles, 54 late collision, 59 deferred

Switch#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA13, RELEASE SOFTWARE
 (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by cisco Systems, Inc.
Compiled Fri 27-Feb-09 22:20 by amvarma
Image text-base: 0x80010000, data-base: 0x80570000

ROM: Bootstrap program is C2950 boot loader

Switch uptime is 10 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA13.bin"

cisco WS-C2950SX-24 (RC32300) processor (revision M0) with 20957K bytes of memory.
Processor board ID FOC1037Z1E9
Last reset from system-reset
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:19:2F:FC:AC:C0
Motherboard assembly number: 73-8135-08
Power supply part number: 34-0965-01
Motherboard serial number: FOC10341U7G
Power supply serial number: DTH10274Z6H
Model revision number: M0
Motherboard revision number: A0
Model number: WS-C2950SX-24
System serial number: FOC1037Z1E9
Configuration register is 0xF

Catalyst 2950 で確認

duplex を先に投入すると本当は以下のエラーが表示される。

Duplex will not be set until speed is set to non-auto value

こんなものは表示されない。
IOS のバージョンが上がって直った(?)のだろうか。
手持ちの実機で正直この挙動に出会った例がない。
キリがないのでこれ以上の深追いはしないことにする。

sh int の出力の確認

Switch#sh int f0/1
FastEthernet0/1 is down, line protocol is down (notconnect)
  Hardware is Fast Ethernet, address is 0019.2ffc.acc1 (bia 0019.2ffc.acc1)
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, Auto-speed, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:09:53, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Catalyst 2950 でデュプレックス不一致による挙動の確認

FDX

ASW201#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0019.2ffc.accd (bia 0019.2ffc.accd)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 251/255, txload 57/255, rxload 12/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 4949000 bits/sec, 809 packets/sec
  5 minute output rate 22638000 bits/sec, 2060 packets/sec
     411676 packets input, 332699284 bytes, 0 no buffer
     Received 7072 broadcasts (6309 multicast)
     0 runts, 21 giants, 0 throttles
     9003 input errors, 8982 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 6309 multicast, 0 pause input
     0 input packets with dribble condition detected
     2811088 packets output, 4106529108 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

HDX

ASW202#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0017.5a3a.7c0d (bia 0017.5a3a.7c0d)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 251/255, txload 9/255, rxload 61/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:16, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 24171000 bits/sec, 2124 packets/sec
  5 minute output rate 3752000 bits/sec, 614 packets/sec
     2684300 packets input, 3962300144 bytes, 0 no buffer
     Received 344 broadcasts (342 multicast)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored
     0 watchdog, 342 multicast, 0 pause input
     0 input packets with dribble condition detected
     309583 packets output, 255885396 bytes, 0 underruns
     5381 output errors, 8423 collisions, 2 interface resets
     0 babbles, 5445 late collision, 18454 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

FDX のロジックの側は

     5381 output errors, 8423 collisions, 2 interface resets
     0 babbles, 5445 late collision, 18454 deferred

このへんのカウンタが(ほぼ?)上昇しないことがわかった。

相互に全力でパケット流し続ける。

iperf3 -s
iperf3 -c 172.18.1.6 -t 3600
iperf3 -s
iperf3 -c 172.18.2.2 -t 3600

ASW201 は FDX のロジックで、 ASW202 は HDX のロジックで動作する。
ASW201 はいつでもフレームを送信し続ける。
同時に ASW202 側でもフレームを送信したらコリジョンが起きたものと判断する。
そして 18454 パケットが deferred される(送信を待機する)。

12時間ぐらい放置したあと。

HDX

ASW201#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0019.2ffc.accd (bia 0019.2ffc.accd)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     879767 packets input, 586720930 bytes, 0 no buffer
     Received 56873 broadcasts (55382 multicast)
     0 runts, 36 giants, 0 throttles
     17239 input errors, 17203 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 55382 multicast, 0 pause input
     0 input packets with dribble condition detected
     3455579 packets output, 666514759 bytes, 0 underruns
     0 output errors, 11897 collisions, 2 interface resets
     0 babbles, 0 late collision, 17801 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
ASW202#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0017.5a3a.7c0d (bia 0017.5a3a.7c0d)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:15, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3396105 packets input, 590841071 bytes, 0 no buffer
     Received 2767 broadcasts (2765 multicast)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored
     0 watchdog, 2765 multicast, 0 pause input
     0 input packets with dribble condition detected
     879812 packets output, 586931392 bytes, 0 underruns
     17482 output errors, 46185 collisions, 2 interface resets
     0 babbles, 17354 late collision, 84193 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

tmux, screen のスクロールバックがつらくなってくる。
つらぽよ。

terminal length 0

FDX にする。

ASW201#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0019.2ffc.accd (bia 0019.2ffc.accd)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     880443 packets input, 586772899 bytes, 0 no buffer
     Received 57481 broadcasts (55982 multicast)
     0 runts, 36 giants, 0 throttles
     17239 input errors, 17203 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 55982 multicast, 0 pause input
     0 input packets with dribble condition detected
     3455687 packets output, 666526536 bytes, 0 underruns
     0 output errors, 11897 collisions, 2 interface resets
     0 babbles, 0 late collision, 17801 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
ASW202#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0017.5a3a.7c0d (bia 0017.5a3a.7c0d)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3396207 packets input, 590852464 bytes, 0 no buffer
     Received 2805 broadcasts (2803 multicast)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored
     0 watchdog, 2803 multicast, 0 pause input
     0 input packets with dribble condition detected
     880442 packets output, 586980014 bytes, 0 underruns
     17482 output errors, 46185 collisions, 2 interface resets
     0 babbles, 17354 late collision, 84193 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

数時間放置して寝た

ASW201#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0019.2ffc.accd (bia 0019.2ffc.accd)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:02, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     910656 packets input, 589062019 bytes, 0 no buffer
     Received 84721 broadcasts (82823 multicast)
     0 runts, 36 giants, 0 throttles
     17239 input errors, 17203 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 82821 multicast, 0 pause input
     0 input packets with dribble condition detected
     3459979 packets output, 666973580 bytes, 0 underruns
     0 output errors, 11897 collisions, 2 interface resets
     0 babbles, 0 late collision, 17801 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
ASW202#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0017.5a3a.7c0d (bia 0017.5a3a.7c0d)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:04, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3400501 packets input, 591299636 bytes, 0 no buffer
     Received 4124 broadcasts (4122 multicast)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored
     0 watchdog, 4122 multicast, 0 pause input
     0 input packets with dribble condition detected
     910666 packets output, 589269858 bytes, 0 underruns
     17482 output errors, 46185 collisions, 2 interface resets
     0 babbles, 17354 late collision, 84193 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

カウンタ値でかすぎてよくわからないのでリセットする。

ASW201#clear counters f0/13
Clear "show interface" counters on this interface [confirm]
ASW201#
22:05:07: %CLEAR-5-COUNTERS: Clear counter on interface FastEthernet0/13 by console
ASW202#clear counters f0/13
Clear "show interface" counters on this interface [confirm]
ASW202#
22:05:08: %CLEAR-5-COUNTERS: Clear counter on interface FastEthernet0/13 by console

イーサネットのフレームサイズは最低64バイト

ASW201#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0019.2ffc.accd (bia 0019.2ffc.accd)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:06, output hang never
  Last clearing of "show interface" counters 00:00:05
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     4 packets input, 264 bytes, 0 no buffer
     Received 6 broadcasts (6 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 4 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
ASW202#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0017.5a3a.7c0d (bia 0017.5a3a.7c0d)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:01, output hang never
  Last clearing of "show interface" counters 00:00:05
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     4 packets output, 264 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

片方FDX, HDXにする
ルータ同士で同時に ping 飛ばす

R1#ping 172.18.1.2
R2#ping 172.18.1.1
ASW201#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0019.2ffc.accd (bia 0019.2ffc.accd)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:00:02, output hang never
  Last clearing of "show interface" counters 00:02:26
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
     350 packets input, 33846 bytes, 0 no buffer
     Received 157 broadcasts (155 multicast)
     0 runts, 0 giants, 0 throttles
     2 input errors, 2 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 153 multicast, 0 pause input
     0 input packets with dribble condition detected
     204 packets output, 23350 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
ASW202#sh int f0/13
FastEthernet0/13 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0017.5a3a.7c0d (bia 0017.5a3a.7c0d)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:18, output 00:00:01, output hang never
  Last clearing of "show interface" counters 00:02:26
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     203 packets input, 23232 bytes, 0 no buffer
     Received 7 broadcasts (7 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 7 multicast, 0 pause input
     0 input packets with dribble condition detected
     350 packets output, 33846 bytes, 0 underruns
     2 output errors, 1 collisions, 0 interface resets
     0 babbles, 2 late collision, 8 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

正直良くわからん。

     2 output errors, 1 collisions, 0 interface resets
     0 babbles, 2 late collision, 8 deferred

このへんはバイトとかそういうもんじゃなくてパケット単位のことだろう。
イーサネットの最低フレーム長64バイト、最初の64バイトで検出された衝突が 1 collisions
64バイト送出後に検出された衝突が 2 late collisions
そして deferred されたフレーム数が 8 deferred

正直英語がよくわからんのですよ。。。。
単語レベルで調べればなんとなくわかるが文節レベルでちょっと複雑な文章になると細かい意味を捉えるのが辛くなる。
このへんでチョット英語できる人とできない人の明暗が分かれる。

Also, the retransmission of the frames that Switch4 thought were destroyed because of a collision, but might not have been, causes duplicate frames to be received, occasionally causing application connections to fail and routers to lose neighbor relationships.

Google 翻訳にかけたらだいたいわかった。

衝突によってスイッチ4はフレームが破壊されたと認識したことによるフレーム再送は重複したフレームが受信されることになり、時たまアプリケーションの接続失敗やルータのネイバー関係を喪失することがあるらしい。

まとめ

CCIE を取得するにあたって Cisco の洗礼を受けました。
CCIE R&S Official Cert Guide Library を隅々まで理解するためには CCO 大事そうだし(今は cisco.com というらしいが、未だに CCO とよく呼ばれているとのこと)、他のドキュメントも参照して積極的に実機検証する必要があるということがわかった。
それに加えて Cisco Press の Official Cert Guide Library は Written の Blueprint をカバーするだけであって、ラボ試験対策には INE のワークブック等を併用してやる必要があるとのこと。

これ検証するのに 2, 3 週間ぐらい消費してしまった。
CCIE の Do I know this already Quiz ですげー細かい所聞いてきてこんなとこまで聞かれるのかと戦慄した。

References

CCIE R&S Official Cert Guide Library v5.0 Vol.1

Cisco Fundamentals: ping, traceroute, debug

CCIE R&S candidate の作業ログ。

Tips

sh int f0/13 するときに画面分割してコンソール接続してるとあと少しで見えそうなのにもう一回スペース入れる必要があったりして微妙に面倒なときがある。
そんなときは terminal length 0 便利。 terminal length 30 とかでもいいかもしれないけど。

ping

拡張ping

R1#
R1#ping
Protocol [ip]:
Target IP address: 172.18.1.2
Repeat count [5]: 100
Datagram size [100]: 1500
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 172.18.1.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms
R1#ping
Protocol [ip]:
Target IP address: 172.18.1.2
Repeat count [5]: 100
Datagram size [100]: 1500
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: f0/0
% Invalid source. Must use same-VRF IP address or full interface name without spaces (e.g. Serial0/1)
Source address or interface: FastEthrnet0/0
% Invalid source. Must use same-VRF IP address or full interface name without spaces (e.g. Serial0/1)
Source address or interface: FastEthernet0/0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 172.18.1.2, timeout is 2 seconds:
Packet sent with a source address of 172.18.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms

R1#ping 172.18.1.2 ?
  data      specify data pattern
  df-bit    enable do not fragment bit in IP header
  repeat    specify repeat count
  size      specify datagram size
  source    specify source address or name
  timeout   specify timeout interval
  validate  validate reply data
  <cr>

この記事より前に CCIE R&S Official Cert Guide Vol.1 で苦戦してたのでいろいろ前後している。
うるさいスイッチの音に耐えられなくなってきたので以下は GNS3 で構築したラボ上でのPoC。

VPC1

ip 192.168.1.254 255.255.255.0 192.168.1.1
save

VPC2

ip 192.168.4.254 255.255.255.0 192.168.4.4
save

R1

conf t
int f1/0
ip addr 192.168.1.1 255.255.255.0
no shut
int f0/0
ip addr 192.168.12.1 255.255.255.0
no shut
router ospf 1
network 192.168.0.0 0.0.255.255 area 0
end
wr

R2

conf t
int f0/1
ip addr 192.168.12.2 255.255.255.0
no shut
int f0/0
ip addr 192.168.23.2 255.255.255.0
no shut
router ospf 1
network 192.168.0.0 0.0.255.255 area 0
end
wr

R3

conf t
int f0/1
ip addr 192.168.23.3 255.255.255.0
no shut
int f0/0
ip addr 192.168.34.3 255.255.255.0
no shut
router ospf 1
network 192.168.0.0 0.0.255.255 area 0
end
wr

R4

conf t
int f0/1
ip addr 192.168.34.4 255.255.255.0
no shut
int f1/0
ip addr 192.168.4.4 255.255.255.0
no shut
router ospf 1
network 192.168.0.0 0.0.255.255 area 0
end
wr

GNS3 2.1.1 入れてみたけど不安定だ。
ネイバー関係ロストしたり。
macOS High Sierra になってから GNS3 も Cisco VIRL も、仮想化ハイパーバイザである VMware Fusion も 10 になりいろんなものがバージョンアップされていろいろ不安定になっている。
ちょっとアップグレード早すぎたんじゃないかと思った。

R1#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/0
O    192.168.4.0/24 [110/31] via 192.168.12.2, 00:19:17, FastEthernet0/0
O    192.168.23.0/24 [110/20] via 192.168.12.2, 00:19:17, FastEthernet0/0
O    192.168.34.0/24 [110/30] via 192.168.12.2, 00:19:17, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet1/0
R1#ping
Protocol [ip]:
Target IP address: 192.168.4.4
Repeat count [5]: 100
Datagram size [100]: 1500
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: FastEthernet1/0
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 16/44/88 ms

R1#ping 192.168.4.4 ?
  data      specify data pattern
  df-bit    enable do not fragment bit in IP header
  repeat    specify repeat count
  size      specify datagram size
  source    specify source address or name
  timeout   specify timeout interval
  validate  validate reply data
  <cr>

above example equivalent following:

インターフェース名は省略せずに入力する必要がある。

R1#ping 192.168.4.4 repeat 100 size 1500 source FastEthernet 1/0

Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 16/41/80 ms

traceroute

traceroute コマンド。

R1#trace 192.168.4.4

Type escape sequence to abort.
Tracing the route to 192.168.4.4

  1 192.168.12.2 16 msec 20 msec 20 msec
  2 192.168.23.3 40 msec 36 msec 40 msec
  3 192.168.34.4 40 msec 64 msec 84 msec

R1#trace 192.168.4.4 ?
  numeric  display numeric address
  port     specify port number
  probe    specify number of probes per hop
  source   specify source address or name
  timeout  specify time out
  ttl      specify minimum and maximum ttl
  <cr>

拡張trace

ping 同様

R1#trace
Protocol [ip]:
Target IP address: 192.168.4.4
Source address: FastEthernet1/0
% Invalid source address
R1#trace
Protocol [ip]:
Target IP address: 192.168.4.4
Source address: 192.168.1.1
Numeric display [n]: y
Timeout in seconds [3]:
Probe count [3]: 4
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.4.4

  1 192.168.12.2 24 msec 16 msec 24 msec 20 msec
  2 192.168.23.3 20 msec 20 msec 20 msec 20 msec
  3 192.168.34.4 44 msec 60 msec 20 msec 44 msec

R1#trace 192.168.4.254

Type escape sequence to abort.
Tracing the route to 192.168.4.254

  1 192.168.12.2 8 msec 4 msec 8 msec
  2 192.168.23.3 20 msec 24 msec 28 msec
  3 192.168.34.4 36 msec 36 msec 20 msec
  4 192.168.4.254 60 msec 52 msec 36 msec

R1#traceroute 192.168.4.254 probe 4

Type escape sequence to abort.
Tracing the route to 192.168.4.254

  1 192.168.12.2 12 msec 20 msec 16 msec 12 msec
  2 192.168.23.3 32 msec 20 msec 20 msec 16 msec
  3 192.168.34.4 28 msec 36 msec 36 msec 52 msec
  4 192.168.4.254 76 msec 52 msec 68 msec 48 msec

DNS lookup の無効化

トレース先のIPの逆引きをするから遅い。
ちなみに GNS3 ではデフォルトでは投入済みである。

R1#sh run | inc domain
no ip domain lookup

グローバルコンフィギュレーションモードで DNS ルックアップをするようにしてみた。

R1(config)#ip domain-lookup

体感数十倍遅くなった。

R1#traceroute 192.168.4.254

Type escape sequence to abort.
Tracing the route to 192.168.4.254

  1 192.168.12.2 28 msec 24 msec 20 msec
  2 192.168.23.3 32 msec 48 msec 20 msec
  3 192.168.34.4 20 msec 56 msec 20 msec
  4 192.168.4.254 72 msec 40 msec 72 msec

R1#sh run | inc domain
R1#

さて元に戻す

R1(config)#no ip domain lookup
R1(config)#^Z
R1#
*Mar  1 00:41:40.035: %SYS-5-CONFIG_I: Configured from console by console

この場合はハイフン有り無しどっちでもいいっぽい。

R1#sh run | inc domain
no ip domain lookup

存在しないノードを指定する

R1#traceroute 192.168.4.111

Type escape sequence to abort.
Tracing the route to 192.168.4.111

  1 192.168.12.2 12 msec 20 msec 20 msec
  2 192.168.23.3 28 msec 20 msec 16 msec
  3 192.168.34.4 48 msec 20 msec 40 msec
  4  *  *  *
  5  *  *  *
  6  *  *  *
  7  *  *  *
  8  *  *  *
  9  *  *  *
 10  *  *  *

Ctrl+Shift+6 は Windows の場合有効だが Mac (当方 iTerm2 使用)では使えない。

よかった、よかった、と思ったら、Key mappingを作らなくても Ctrl+^ でHEX 1Eが送れることが発覚しました。 ガ〜ン。
もちろんTerminalからも送れます。

Ctrl+^ (HEX 1Es)
R1#traceroute 192.168.4.111

Type escape sequence to abort.
Tracing the route to 192.168.4.111

  1 192.168.12.2 12 msec 20 msec 8 msec
  2 192.168.23.3 24 msec 20 msec 28 msec
  3 192.168.34.4 28 msec 24 msec 40 msec
  4  *
R1#

ホンマや。

debug

負荷が高い。
必要なトラフィックに絞って実行する。

R1#debug ip icmp
ICMP packet debugging is on
R1#ping 192.168.4.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/40 ms
R1#
*Mar  1 01:08:24.303: ICMP: echo reply rcvd, src 192.168.4.4, dst 192.168.12.1
*Mar  1 01:08:24.323: ICMP: echo reply rcvd, src 192.168.4.4, dst 192.168.12.1
*Mar  1 01:08:24.367: ICMP: echo reply rcvd, src 192.168.4.4, dst 192.168.12.1
*Mar  1 01:08:24.391: ICMP: echo reply rcvd, src 192.168.4.4, dst 192.168.12.1
*Mar  1 01:08:24.431: ICMP: echo reply rcvd, src 192.168.4.4, dst 192.168.12.1

オフるには。

R1#no debug all
All possible debugging has been turned off

あるいは

R1#undebug all
All possible debugging has been turned off

debug all を稼働環境で使うと機器が停止するらしい。

rm -rf /

をやってはいけないと言われるのと同様にやってみたくなるのが人間の性である。

そして下記コマンドも負荷が高いとのこと。

show tech-support

入力したら YAMAHA の show techinfo の比じゃない量の出力がされた(5分ぐらいたった今でも出力し続けている)。
考えうるあらゆるものを出力している。

show techinfo はサポート窓口に問合せるときに使う機器の技術情報を出力するコマンドで
ログ、コンフィグ、機器の状態が一切の出力される。

さあ、本日のフィナーレとして debug all コマンドを投入してみようじゃないか。

R1#debug all

This may severely impact network performance. Continue? (yes/[no]): yes

おっ、確認してくるなんで親切じゃないですか。

ッターン。

とめどなくデバッグログが出力される。

undebug all

全然入力できない、というか受け付けない。

改行コード込みで Ctrl+V 連打してるがまったく効果がない。

GNS3 上でプロセスごとリセットかけて復旧。
debug all の危険性がよくわかった。

References

  1. Ciscoデバイスの操作 – Cisco IOSネットワーク診断ツール ping, trace, debug

LPIC2 略語メモ

DSO(Dynamic Shared Object)
ISC(Internet Software Consortium)
PDC(Primary Domain Controller)
BDC(Backup Domain Controller)
LDIF(LDAP Data Interchange Format)
vsftpd(Very Secure FTP Daemon)
DC(Domain Component)
cn(Common Name)
DIT(Directory Information Tree)
ou(Organizational Unit Name)

LPIC2: Linux カーネル

[root@px-lpic1-centos6 ~]# find /lib/modules/`uname -r`/kernel -name "*.ko" | head
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/lockd/lockd.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/squashfs/squashfs.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/udf/udf.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/autofs4/autofs4.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/jffs2/jffs2.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/exportfs/exportfs.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/nfs_common/nfs_acl.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/gfs2/gfs2.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/ext4/ext4.ko
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/jbd/jbd.ko
[root@px-lpic1-centos6 ~]# modinfo ext4
filename:       /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/ext4/ext4.ko
license:        GPL
description:    Fourth Extended Filesystem
author:         Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
srcversion:     74AEE2BDA63AC8482A78F4D
depends:        mbcache,jbd2
vermagic:       2.6.32-696.3.1.el6.x86_64 SMP mod_unload modversions
[root@px-lpic1-centos6 ~]# lsmod | head
Module                  Size  Used by
autofs4                27000  3
8021q                  20475  0
garp                    7152  1 8021q
stp                     2218  1 garp
llc                     5418  2 garp,stp
ipt_REJECT              2383  2
nf_conntrack_ipv4       9186  2
nf_defrag_ipv4          1483  1 nf_conntrack_ipv4
iptable_filter          2793  1
[root@px-lpic1-centos6 ~]# find /lib/modules/`uname -r`/kernel -name "autofs4.ko"
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/autofs4/autofs4.ko
[root@px-lpic1-centos6 ~]# find /lib/modules/`uname -r`/kernel -name "autofs4.ko" | xargs ls -lh
-rwxr--r--. 1 root root 58K  5月 31 05:07 2017 /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/autofs4/autofs4.ko
[root@px-lpic1-centos6 ~]# cat /proc/modules | head
autofs4 27000 3 - Live 0xffffffffa0578000
8021q 20475 0 - Live 0xffffffffa056e000
garp 7152 1 8021q, Live 0xffffffffa0568000
stp 2218 1 garp, Live 0xffffffffa0564000
llc 5418 2 garp,stp, Live 0xffffffffa055e000
ipt_REJECT 2383 2 - Live 0xffffffffa0533000
nf_conntrack_ipv4 9186 2 - Live 0xffffffffa052c000
nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa0528000
iptable_filter 2793 1 - Live 0xffffffffa0524000
ip_tables 17895 1 iptable_filter, Live 0xffffffffa051b000
[root@px-lpic1-centos6 ~]# modinfo -a ext4
Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
[root@px-lpic1-centos6 ~]# modinfo -d ext4
Fourth Extended Filesystem
[root@px-lpic1-centos6 ~]# modinfo -l ext4
GPL
[root@px-lpic1-centos6 ~]# modinfo -n ext4
/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/ext4/ext4.ko
[root@px-lpic1-centos6 ~]# modinfo ext4
filename:       /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/ext4/ext4.ko
license:        GPL
description:    Fourth Extended Filesystem
author:         Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
srcversion:     74AEE2BDA63AC8482A78F4D
depends:        mbcache,jbd2
vermagic:       2.6.32-696.3.1.el6.x86_64 SMP mod_unload modversions
[root@px-lpic1-centos6 ~]# lsmod | grep xfs
[root@px-lpic1-centos6 ~]# modinfo xfs
filename:       /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/xfs/xfs.ko
license:        GPL
description:    SGI XFS with ACLs, security attributes, large block/inode numbers, no debug enabled
author:         Silicon Graphics, Inc.
srcversion:     06CA178475DC4F7F5169D42
depends:        exportfs
vermagic:       2.6.32-696.3.1.el6.x86_64 SMP mod_unload modversions
[root@px-lpic1-centos6 ~]# lsmod | grep exportfs
[root@px-lpic1-centos6 ~]# modinfo exportfs
filename:       /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/exportfs/exportfs.ko
license:        GPL
srcversion:     1CA651A66F2E2EBCEAD08AC
depends:
vermagic:       2.6.32-696.3.1.el6.x86_64 SMP mod_unload modversions
[root@px-lpic1-centos6 ~]# insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/exportfs/exportfs.ko
[root@px-lpic1-centos6 ~]# lsmod | grep exportfs
exportfs                4236  0
[root@px-lpic1-centos6 ~]# rmmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/exportfs/exportfs.ko
# xfs カーネルモジュールは exportfs カーネルモジュールに依存しているので先に exportfs カーネルモジュールをロードする必要がある
[root@px-lpic1-centos6 ~]# insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/xfs/xfs.ko
insmod: error inserting '/lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/xfs/xfs.ko': -1 Unknown symbol in module
[root@px-lpic1-centos6 ~]# insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/exportfs/exportfs.ko
[root@px-lpic1-centos6 ~]# insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/xfs/xfs.ko
[root@px-lpic1-centos6 ~]# lsmod | egrep "(exportfs|xfs)"
xfs                  1135639  0
exportfs                4236  1 xfs
[root@px-lpic1-centos6 ~]# rmmod exportfs
ERROR: Module exportfs is in use by xfs
[root@px-lpic1-centos6 ~]# rmmod -s exportfs
[root@px-lpic1-centos6 ~]# tail -n1 /var/log/messages
Jul  7 08:52:00 px-lpic1-centos6 rmmod: ERROR: Module exportfs is in use by xfs

modprobe

[root@px-lpic1-centos6 ~]# rmmod xfs
[root@px-lpic1-centos6 ~]# rmmod exportfs
[root@px-lpic1-centos6 ~]# modprobe xfs
[root@px-lpic1-centos6 ~]# modprobe -r xfs
[root@px-lpic1-centos6 ~]# lsmod | egrep "(exportfs|xfs)"
[root@px-lpic1-centos6 ~]# modprobe xfs
[root@px-lpic1-centos6 ~]# lsmod | egrep "(exportfs|xfs)"
xfs                  1135639  0
exportfs                4236  1 xfs
[root@px-lpic1-centos6 ~]# modprobe -r xfs
[root@px-lpic1-centos6 ~]# lsmod | egrep "(exportfs|xfs)"
[root@px-lpic1-centos6 ~]# modprobe -lt fs | head
kernel/fs/nfs_common/nfs_acl.ko
kernel/fs/nls/nls_cp737.ko
kernel/fs/nls/nls_cp775.ko
kernel/fs/nls/nls_cp850.ko
kernel/fs/nls/nls_cp852.ko
kernel/fs/nls/nls_cp855.ko
kernel/fs/nls/nls_cp857.ko
kernel/fs/nls/nls_cp860.ko
kernel/fs/nls/nls_cp861.ko
kernel/fs/nls/nls_cp862.ko
[root@px-lpic1-centos6 ~]# modprobe --show-depends ext3
insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/mbcache.ko
insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/jbd/jbd.ko
insmod /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/ext3/ext3.ko
[root@px-lpic1-centos6 ~]# modinfo ext3
filename:       /lib/modules/2.6.32-696.3.1.el6.x86_64/kernel/fs/ext3/ext3.ko
license:        GPL
description:    Second Extended Filesystem with journaling extensions
author:         Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
srcversion:     CF8EACB0D78355F028912B4
depends:        mbcache,jbd
vermagic:       2.6.32-696.3.1.el6.x86_64 SMP mod_unload modversions