Архив рубрики: linux

cisco, juniper, linux, QoS, troubleshooting

Ping QoS

Май 30, 2019 t3mp Оставить комментарий

Клиент жалуется, что при ICMP запросе на коробку сбрасывается маркировка, причем с SNMP такой проблемы нет.
Пример SNMP:

Linux# snmpwalk -v2c -c public 172.16.1.1 .1.3.6.1.6.3.10.2.1.3
iso.3.6.1.6.3.10.2.1.3.0 = INTEGER: 201050578

1 2	Linux# snmpwalk -v2c -c public 172.16.1.1 .1.3.6.1.6.3.10.2.1.3 iso.3.6.1.6.3.10.2.1.3.0 = INTEGER: 201050578

Linux# tcpdump -vvnpi ens160 host 172.16.1.1
tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
08:32:08.736045 IP (tos 0x0, ttl 64, id 29544, offset 0, flags [DF], proto UDP (17), length 71)
    10.0.0.1.33892 > 172.16.1.1.161: [bad udp cksum 0x581d -> 0xbe99!]  { SNMPv2c C="public" { GetNextRequest(29) R=1004947708  .1.3.6.1.6.3.10.2.1.3 } }
08:32:08.737385 IP (tos 0x40, ttl 253, id 10551, offset 0, flags [none], proto UDP (17), length 76)
    172.16.1.1.161 > 10.0.0.1.33892: [udp sum ok]  { SNMPv2c C="public" { GetResponse(34) R=1004947708  .1.3.6.1.6.3.10.2.1.3.0=201050578 } }
08:32:08.737440 IP (tos 0x0, ttl 64, id 29545, offset 0, flags [DF], proto UDP (17), length 72)
    10.0.0.1.33892 > 172.16.1.1.161: [bad udp cksum 0x581e -> 0xb996!]  { SNMPv2c C="public" { GetNextRequest(30) R=1004947709  .1.3.6.1.6.3.10.2.1.3.0 } }
08:32:08.738499 IP (tos 0x40, ttl 253, id 10552, offset 0, flags [none], proto UDP (17), length 74)
    172.16.1.1.161 > 10.0.0.1.33892: [udp sum ok]  { SNMPv2c C="public" { GetResponse(32) R=1004947709  .1.3.6.1.6.3.10.2.1.4.0=1500 } }
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

Linux# tcpdump -vvnpi ens160 host 172.16.1.1

tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes

08:32:08.736045 IP (tos 0x0, ttl 64, id 29544, offset 0, flags [DF], proto UDP (17), length 71)

10.0.0.1.33892 > 172.16.1.1.161: [bad udp cksum 0x581d -> 0xbe99!] { SNMPv2c C="public" { GetNextRequest(29) R=1004947708 .1.3.6.1.6.3.10.2.1.3 } }

08:32:08.737385 IP (tos 0x40, ttl 253, id 10551, offset 0, flags [none], proto UDP (17), length 76)

172.16.1.1.161 > 10.0.0.1.33892: [udp sum ok] { SNMPv2c C="public" { GetResponse(34) R=1004947708 .1.3.6.1.6.3.10.2.1.3.0=201050578 } }

08:32:08.737440 IP (tos 0x0, ttl 64, id 29545, offset 0, flags [DF], proto UDP (17), length 72)

10.0.0.1.33892 > 172.16.1.1.161: [bad udp cksum 0x581e -> 0xb996!] { SNMPv2c C="public" { GetNextRequest(30) R=1004947709 .1.3.6.1.6.3.10.2.1.3.0 } }

08:32:08.738499 IP (tos 0x40, ttl 253, id 10552, offset 0, flags [none], proto UDP (17), length 74)

172.16.1.1.161 > 10.0.0.1.33892: [udp sum ok] { SNMPv2c C="public" { GetResponse(32) R=1004947709 .1.3.6.1.6.3.10.2.1.4.0=1500 } }

4 packets captured

4 packets received by filter

0 packets dropped by kernel

Коробка действительно ответила с корректным QoS, происходит это благодаря настройки: snmp-server ip dscp 16 .

C ICMP не все так радужно, QoS сбрасывается в BE:

Linux# ping 172.16.1.1 -Q 64 -c 1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=0.679 ms
--- 172.16.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.679/0.679/0.679/0.000 ms

Linux# ping 172.16.1.1 -Q 64 -c 1

PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.

64 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=0.679 ms

--- 172.16.1.1 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.679/0.679/0.679/0.000 ms

Linux# tcpdump -vvnpi ens160 host 172.16.1.1
tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
08:20:15.889341 IP (tos 0x40, ttl 64, id 15376, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.1 > 172.16.1.1: ICMP echo request, id 14248, seq 1, length 64
08:20:15.890011 IP (tos 0x0, ttl 253, id 15376, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.1.1 > 10.0.0.1: ICMP echo reply, id 14248, seq 1, length 64
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel

Linux# tcpdump -vvnpi ens160 host 172.16.1.1

tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes

08:20:15.889341 IP (tos 0x40, ttl 64, id 15376, offset 0, flags [DF], proto ICMP (1), length 84)

10.0.0.1 > 172.16.1.1: ICMP echo request, id 14248, seq 1, length 64

08:20:15.890011 IP (tos 0x0, ttl 253, id 15376, offset 0, flags [DF], proto ICMP (1), length 84)

172.16.1.1 > 10.0.0.1: ICMP echo reply, id 14248, seq 1, length 64

2 packets captured

2 packets received by filter

0 packets dropped by kernel

По умолчанию OS на ICMP отвечает с тем же QoS с каким к нему пришел IP пакет, пример для linux, тоже самое для коробок Cisco/Juniper/etc, Linux:

Отправил «серый» пакет, ответ также в BE:

Linux# ping -c 1 127.1
PING 127.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.097 ms
--- 127.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.097/0.097/0.097/0.000 ms

Linux# ping -c 1 127.1

PING 127.1 (127.0.0.1) 56(84) bytes of data.

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.097 ms

--- 127.1 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.097/0.097/0.097/0.000 ms

Linux# tcpdump -vvvnpi lo icmp
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
15:10:14.422718 IP (tos 0x0, ttl 64, id 39366, offset 0, flags [DF], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo request, id 10471, seq 1, length 64
15:10:14.422756 IP (tos 0x0, ttl 64, id 39367, offset 0, flags [none], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo reply, id 10471, seq 1, length 64
^C
2 packets captured
4 packets received by filter
0 packets dropped by kernel

Linux# tcpdump -vvvnpi lo icmp

tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes

15:10:14.422718 IP (tos 0x0, ttl 64, id 39366, offset 0, flags [DF], proto ICMP (1), length 84)

127.0.0.1 > 127.0.0.1: ICMP echo request, id 10471, seq 1, length 64

15:10:14.422756 IP (tos 0x0, ttl 64, id 39367, offset 0, flags [none], proto ICMP (1), length 84)

127.0.0.1 > 127.0.0.1: ICMP echo reply, id 10471, seq 1, length 64

2 packets captured

4 packets received by filter

0 packets dropped by kernel

Отправляем «цветной»:

Linux# ping -Q 64 -c 1 127.1
PING 127.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.091 ms
--- 127.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.091/0.091/0.091/0.000 ms

Linux# ping -Q 64 -c 1 127.1

PING 127.1 (127.0.0.1) 56(84) bytes of data.

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.091 ms

--- 127.1 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.091/0.091/0.091/0.000 ms

Linux# tcpdump -vvvnpi lo icmp
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
15:08:15.002575 IP (tos 0x40, ttl 64, id 23967, offset 0, flags [DF], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo request, id 10396, seq 1, length 64
15:08:15.002611 IP (tos 0x40, ttl 64, id 23968, offset 0, flags [none], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo reply, id 10396, seq 1, length 64
^C
2 packets captured
4 packets received by filter
0 packets dropped by kernel

Linux# tcpdump -vvvnpi lo icmp

tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes

15:08:15.002575 IP (tos 0x40, ttl 64, id 23967, offset 0, flags [DF], proto ICMP (1), length 84)

127.0.0.1 > 127.0.0.1: ICMP echo request, id 10396, seq 1, length 64

15:08:15.002611 IP (tos 0x40, ttl 64, id 23968, offset 0, flags [none], proto ICMP (1), length 84)

127.0.0.1 > 127.0.0.1: ICMP echo reply, id 10396, seq 1, length 64

2 packets captured

4 packets received by filter

0 packets dropped by kernel

Пример для Juniper:

user1@PE1> show configuration interfaces lo0
unit 0 {
    family inet {
        address 127.0.0.1/32;
    }
}

user1@PE1> show configuration interfaces lo0

unit 0 {

family inet {

address 127.0.0.1/32;

}

user1@PE1> ping 127.0.0.1 tos 0x40 count 1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.574 ms
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.574/0.574/0.574/0.000 ms

user1@PE1> ping 127.0.0.1 tos 0x40 count 1

PING 127.0.0.1 (127.0.0.1): 56 data bytes

64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.574 ms

--- 127.0.0.1 ping statistics ---

1 packets transmitted, 1 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.574/0.574/0.574/0.000 ms

root@R2> monitor traffic interface lo0.0 no-resolve detail
Address resolution is OFF.
Listening on lo0.0, capture size 1514 bytes
11:45:01.340220  In IP (tos 0x40, ttl  64, id 449, offset 0, flags [none], proto: ICMP (1), length: 84) 127.0.0.1 > 127.0.0.1: ICMP echo request, id 9989, seq 0, length 64
11:45:01.340350  In IP (tos 0x40, ttl  64, id 450, offset 0, flags [none], proto: ICMP (1), length: 84) 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 9989, seq 0, length 64
^C
2 packets received by filter
0 packets dropped by kernel

root@R2> monitor traffic interface lo0.0 no-resolve detail

Address resolution is OFF.

Listening on lo0.0, capture size 1514 bytes

11:45:01.340220 In IP (tos 0x40, ttl 64, id 449, offset 0, flags [none], proto: ICMP (1), length: 84) 127.0.0.1 > 127.0.0.1: ICMP echo request, id 9989, seq 0, length 64

11:45:01.340350 In IP (tos 0x40, ttl 64, id 450, offset 0, flags [none], proto: ICMP (1), length: 84) 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 9989, seq 0, length 64

2 packets received by filter

0 packets dropped by kernel

Адрес управления коробки находится в GRT, и трафик на нее приходит уже без MPLS меток, а с EXP трафиком проблем нет, значить кто-то на входе/выходе делает перемаркировку.На вышестоящей коробке в сторону нашей PE проблем нет, посмотрим на PE MPLS-ые интерфейсы и их настройки QoS на входе:

PE1# show mpls interfaces
Interface              IP            Tunnel   BGP Static Operational
GigabitEthernet1/25    Yes (ldp)     No       No  No     Yes
GigabitEthernet1/26    Yes (ldp)     No       No  No     Yes

PE1# show mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1/25 Yes (ldp) No No No Yes

GigabitEthernet1/26 Yes (ldp) No No No Yes

По умолчанию сбрасывается в BE:

PE1# show mls qos ip GigabitEthernet1/25
   [In] Default.   [Out] Default.
 QoS Summary [IPv4]:      (* - shared aggregates, Mod - switch module)

          Int Mod Dir  Class-map DSCP  Agg  Trust Fl   AgForward-By   AgPoliced-By
                                       Id         Id
-----------------------------------------------------------------------------------
        Gi1/25  1  In    Default    0    0*    No  0    74090086010              0

PE1# show mls qos ip GigabitEthernet1/25

[In] Default. [Out] Default.

QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)

Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By

Id Id

-----------------------------------------------------------------------------------

Gi1/25 1 In Default 0 0* No 0 74090086010 0

Тикает счетчик перемаркировки:

PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538810406
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538810416
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538810424
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538810425

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538810406

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538810416

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538810424

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538810425

Настраиваем trust:

PE1(config)# interface range GigabitEthernet1/25, GigabitEthernet1/26
PE1(config-if-range)# mls qos trust dscp
PE1#

PE1(config)# interface range GigabitEthernet1/25, GigabitEthernet1/26

PE1(config-if-range)# mls qos trust dscp

PE1#

Перемаркировка прекратилась:

PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538813613
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538813613
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538813613
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538813613
PE1# show mls statistics module 1 | i TOS
  Total ip packets with TOS changed     : 1538813613

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538813613

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538813613

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538813613

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538813613

PE1# show mls statistics module 1 | i TOS

Total ip packets with TOS changed : 1538813613

Проверяем:

Linux# ping 172.16.1.1 -Q 64 -c 1
PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.
64 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=0.724 ms
--- 172.16.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.724/0.724/0.724/0.000 ms

Linux# ping 172.16.1.1 -Q 64 -c 1

PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data.

64 bytes from 172.16.1.1: icmp_seq=1 ttl=253 time=0.724 ms

--- 172.16.1.1 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.724/0.724/0.724/0.000 ms

Linux# tcpdump -vvnpi ens160 host 172.16.1.1
tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
08:37:33.481016 IP (tos 0x40, ttl 64, id 25123, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.1 > 172.16.1.1: ICMP echo request, id 14260, seq 1, length 64
08:37:33.481731 IP (tos 0x40, ttl 253, id 25123, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.1.1 > 10.0.0.1: ICMP echo reply, id 14260, seq 1, length 64
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel

Linux# tcpdump -vvnpi ens160 host 172.16.1.1

tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes

08:37:33.481016 IP (tos 0x40, ttl 64, id 25123, offset 0, flags [DF], proto ICMP (1), length 84)

10.0.0.1 > 172.16.1.1: ICMP echo request, id 14260, seq 1, length 64

08:37:33.481731 IP (tos 0x40, ttl 253, id 25123, offset 0, flags [DF], proto ICMP (1), length 84)

172.16.1.1 > 10.0.0.1: ICMP echo reply, id 14260, seq 1, length 64

2 packets captured

2 packets received by filter

0 packets dropped by kernel

arp, cisco, juniper, linux

clear arp cache

Февраль 21, 2019 t3mp Оставить комментарий

Коллега очистил весь ARP cache на BRAS и «немного ой», временно поднялась загрузка CPU, посмотрим, как это работает, раньше мне это виделось так, очищаем кэш, запись удаляется, прилетает новый пакет генерируется ARP запрос, но это не всегда так:

В RFC нашел следующее:

RFC 826
Another alternative is to have a daemon perform the timeouts. After a suitable time, the daemon considers removing an entry. It first sends (with a small number of retransmissions if needed) an address resolution packet with opcode REQUEST directly to the Ethernet address in the table. If a REPLY is not seen in a short amount of time, the entry is deleted. The request is sent directly so as not to bother every station on the Ethernet. Just forgetting entries will likely cause useful information to be forgotten, which must be regained.

RFC 1122
IMPLEMENTATION:
Four mechanisms have been used, sometimes in
combination, to flush out-of-date cache entries.

(1) Timeout — Periodically time out cache entries,
even if they are in use. Note that this timeout
should be restarted when the cache entry is
«refreshed» (by observing the source fields,
regardless of target address, of an ARP broadcast
from the system in question). For proxy ARP
situations, the timeout needs to be on the order
of a minute.

(2) Unicast Poll — Actively poll the remote host by
periodically sending a point-to-point ARP Request
to it, and delete the entry if no ARP Reply is
received from N successive polls. Again, the
timeout should be on the order of a minute, and
typically N is 2.

Linux:

[root@server1 ~]# uname -a
Linux server1 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

1 2	[root@server1 ~]# uname -a Linux server1 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

На всякий случай удаляем текущий ARP cache:

[root@server1 ~]# man arp
   arp -d address will delete a ARP table entry. Root or netadmin privilege is required to do this. The entry is found by IP address. If a hostname is
   given, it will be resolved before looking up the entry in the ARP table.

[root@server1 ~]# man arp

arp -d address will delete a ARP table entry. Root or netadmin privilege is required to do this. The entry is found by IP address. If a hostname is

given, it will be resolved before looking up the entry in the ARP table.

[root@server1 ~]# arp -d 192.168.122.101
No ARP entry for 192.168.122.101

1 2	[root@server1 ~]# arp -d 192.168.122.101 No ARP entry for 192.168.122.101

Отправляем трафик чтобы получить ARP:

[root@server1 ~]# ping -c 1 192.168.122.101
PING 192.168.122.101 (192.168.122.101) 56(84) bytes of data.
64 bytes from 192.168.122.101: icmp_seq=1 ttl=64 time=0.407 ms

--- 192.168.122.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.407/0.407/0.407/0.000 ms

[root@server1 ~]# ping -c 1 192.168.122.101

PING 192.168.122.101 (192.168.122.101) 56(84) bytes of data.

64 bytes from 192.168.122.101: icmp_seq=1 ttl=64 time=0.407 ms

--- 192.168.122.101 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.407/0.407/0.407/0.000 ms

В дампе все ожидаемо:

[root@server1 ~]# tcpdump -vnpi ens192 "(arp or ip ) and host 192.168.122.101"
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
17:45:19.715061 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.122.101 tell 192.168.122.105, length 28
17:45:19.715236 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.122.101 is-at 00:0c:29:d7:b4:c3, length 46
17:45:19.715247 IP (tos 0x0, ttl 64, id 48626, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.122.105 > 192.168.122.101: ICMP echo request, id 19191, seq 1, length 64
17:45:19.715431 IP (tos 0x0, ttl 64, id 62652, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.122.101 > 192.168.122.105: ICMP echo reply, id 19191, seq 1, length 64
17:45:24.723945 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.122.105 tell 192.168.122.101, length 46
17:45:24.723962 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.122.105 is-at 00:0c:29:38:0a:11, length 28
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel

[root@server1 ~]# tcpdump -vnpi ens192 "(arp or ip ) and host 192.168.122.101"

tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes

17:45:19.715061 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.122.101 tell 192.168.122.105, length 28

17:45:19.715236 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.122.101 is-at 00:0c:29:d7:b4:c3, length 46

17:45:19.715247 IP (tos 0x0, ttl 64, id 48626, offset 0, flags [DF], proto ICMP (1), length 84)

192.168.122.105 > 192.168.122.101: ICMP echo request, id 19191, seq 1, length 64

17:45:19.715431 IP (tos 0x0, ttl 64, id 62652, offset 0, flags [none], proto ICMP (1), length 84)

192.168.122.101 > 192.168.122.105: ICMP echo reply, id 19191, seq 1, length 64

17:45:24.723945 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.122.105 tell 192.168.122.101, length 46

17:45:24.723962 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.122.105 is-at 00:0c:29:38:0a:11, length 28

6 packets captured

6 packets received by filter

0 packets dropped by kernel

Удаляем запись:

[root@server1 ~]# arp -d 192.168.122.101
[root@server1 ~]# arp -n 192.168.122.101
192.168.122.101 (192.168.122.101) -- no entry

[root@server1 ~]# arp -d 192.168.122.101

[root@server1 ~]# arp -n 192.168.122.101

192.168.122.101 (192.168.122.101) -- no entry

ARP трафика нет, поведение интуитивно понятное но не оптимальное (не зависит от режима работы net.ipv4.ip_forward ), очистка ARP cache собственно это и делает:

[root@server1 ~]# tcpdump -vnpi ens192 "(arp or ip ) and host 192.168.122.101"
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

[root@server1 ~]# tcpdump -vnpi ens192 "(arp or ip ) and host 192.168.122.101"

tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes

0 packets captured

0 packets received by filter

0 packets dropped by kernel

Cisco IOS:
Изначально ARP cache пустой:

R1# sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.1                -   aabb.cc00.1000  ARPA   Ethernet0/0

R2# sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.2                -   aabb.cc00.2000  ARPA   Ethernet0/0

R1# sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.1 - aabb.cc00.1000 ARPA Ethernet0/0

R2# sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.2 - aabb.cc00.2000 ARPA Ethernet0/0

R1# ping 10.0.0.2 repeat 2 timeout 5
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.0.0.2, timeout is 5 seconds:
.!
Success rate is 50 percent (1/2), round-trip min/avg/max = 1/1/1 ms

R1# sh arp 10.0.0.2
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.2                2   aabb.cc00.2000  ARPA   Ethernet0/0

R1# ping 10.0.0.2 repeat 2 timeout 5

Type escape sequence to abort.

Sending 2, 100-byte ICMP Echos to 10.0.0.2, timeout is 5 seconds:

Success rate is 50 percent (1/2), round-trip min/avg/max = 1/1/1 ms

R1# sh arp 10.0.0.2

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.2 2 aabb.cc00.2000 ARPA Ethernet0/0

R1# debug arp
ARP packet debugging is on

1 2	R1# debug arp ARP packet debugging is on

Очищаем:

R1# clear arp 10.0.0.2
R1#
*Feb 21 16:22:59.948: IP ARP: sent req src 10.0.0.1 aabb.cc00.1000,
                 dst 10.0.0.2 aabb.cc00.2000 Ethernet0/0
*Feb 21 16:22:59.949: IP ARP: sent rep src 10.0.0.1 aabb.cc00.1000,
                 dst 10.0.0.1 ffff.ffff.ffff Ethernet0/0
*Feb 21 16:22:59.949: IP ARP: rcvd rep src 10.0.0.2 aabb.cc00.2000, dst 10.0.0.1 Ethernet0/0

R1# clear arp 10.0.0.2

R1#

*Feb 21 16:22:59.948: IP ARP: sent req src 10.0.0.1 aabb.cc00.1000,

dst 10.0.0.2 aabb.cc00.2000 Ethernet0/0

*Feb 21 16:22:59.949: IP ARP: sent rep src 10.0.0.1 aabb.cc00.1000,

dst 10.0.0.1 ffff.ffff.ffff Ethernet0/0

*Feb 21 16:22:59.949: IP ARP: rcvd rep src 10.0.0.2 aabb.cc00.2000, dst 10.0.0.1 Ethernet0/0

Дамп трафика, «Frame 5» отправка unicast ARP req, следом «Frame 6» отправка broadcast Gratuitous ARP видимо для обновления кэша своего IP у удаленных машин, «Frame 7» unicast ARP rep от R2.

Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
    Sender IP address: 10.0.0.1 (10.0.0.1)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.0.0.2 (10.0.0.2)

Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00), Dst: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
Address Resolution Protocol (reply)
    Hardware type: Ethernet (1)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    Sender MAC address: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)
    Sender IP address: 10.0.0.2 (10.0.0.2)
    Target MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
    Target IP address: 10.0.0.1 (10.0.0.1)

Frame 3: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)
Internet Protocol Version 4, Src: 10.0.0.1 (10.0.0.1), Dst: 10.0.0.2 (10.0.0.2)
Internet Control Message Protocol

Frame 4: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00), Dst: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
Internet Protocol Version 4, Src: 10.0.0.2 (10.0.0.2), Dst: 10.0.0.1 (10.0.0.1)
Internet Control Message Protocol

Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
    Sender IP address: 10.0.0.1 (10.0.0.1)
    Target MAC address: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)
    Target IP address: 10.0.0.2 (10.0.0.2)

Frame 6: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (reply/gratuitous ARP)
    Hardware type: Ethernet (1)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    [Is gratuitous: True]
    Sender MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
    Sender IP address: 10.0.0.1 (10.0.0.1)
    Target MAC address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Target IP address: 10.0.0.1 (10.0.0.1)

Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00), Dst: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
Address Resolution Protocol (reply)
    Hardware type: Ethernet (1)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    Sender MAC address: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)
    Sender IP address: 10.0.0.2 (10.0.0.2)
    Target MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)
    Target IP address: 10.0.0.1 (10.0.0.1)

Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)

Address Resolution Protocol (request)

Hardware type: Ethernet (1)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (1)

Sender MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Sender IP address: 10.0.0.1 (10.0.0.1)

Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)

Target IP address: 10.0.0.2 (10.0.0.2)

Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00), Dst: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Address Resolution Protocol (reply)

Hardware type: Ethernet (1)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: reply (2)

Sender MAC address: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)

Sender IP address: 10.0.0.2 (10.0.0.2)

Target MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Target IP address: 10.0.0.1 (10.0.0.1)

Frame 3: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)

Internet Protocol Version 4, Src: 10.0.0.1 (10.0.0.1), Dst: 10.0.0.2 (10.0.0.2)

Internet Control Message Protocol

Frame 4: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00), Dst: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Internet Protocol Version 4, Src: 10.0.0.2 (10.0.0.2), Dst: 10.0.0.1 (10.0.0.1)

Internet Control Message Protocol

Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)

Address Resolution Protocol (request)

Hardware type: Ethernet (1)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (1)

Sender MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Sender IP address: 10.0.0.1 (10.0.0.1)

Target MAC address: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)

Target IP address: 10.0.0.2 (10.0.0.2)

Frame 6: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)

Address Resolution Protocol (reply/gratuitous ARP)

Hardware type: Ethernet (1)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: reply (2)

[Is gratuitous: True]

Sender MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Sender IP address: 10.0.0.1 (10.0.0.1)

Target MAC address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)

Target IP address: 10.0.0.1 (10.0.0.1)

Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Ethernet II, Src: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00), Dst: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Address Resolution Protocol (reply)

Hardware type: Ethernet (1)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: reply (2)

Sender MAC address: aa:bb:cc:00:20:00 (aa:bb:cc:00:20:00)

Sender IP address: 10.0.0.2 (10.0.0.2)

Target MAC address: aa:bb:cc:00:10:00 (aa:bb:cc:00:10:00)

Target IP address: 10.0.0.1 (10.0.0.1)

ARP cache обновился:

R1# sh arp 10.0.0.2
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.2                0   aabb.cc00.2000  ARPA   Ethernet0/0

R1# sh arp 10.0.0.2

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.0.0.2 0 aabb.cc00.2000 ARPA Ethernet0/0

Действительно, зачем удалять запись, получать дроп трафика, если можно попытаться обновить, не получили ответа, удаляем.

Если нужно удалить записи, можно положить/поднять интерфейс или выключить/включить ARP на нем.

Juniper, Junos: 14.2:

Отправляет Broadcast ARP req:

root@R1> clear arp hostname 10.0.0.2
root@R1>

1 2	root@R1> clear arp hostname 10.0.0.2 root@R1>

root@R1> monitor traffic interface xe-0/0/0.0 no-resolve matching arp detail layer2-headers
Address resolution is OFF.
Listening on xe-0/0/0.0, capture size 1514 bytes

22:04:17.205279 Out 10:0e:7e:92:4a:00 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 10.0.0.2 tell 10.0.0.1
22:04:17.208403  In 84:a9:c4:a5:b0:ad > 10:0e:7e:92:4a:00, ethertype ARP (0x0806), length 60: arp reply 10.0.0.2 is-at 84:a9:c4:a5:b0:ad
^C
68 packets received by filter
0 packets dropped by kernel

root@R1> monitor traffic interface xe-0/0/0.0 no-resolve matching arp detail layer2-headers

Address resolution is OFF.

Listening on xe-0/0/0.0, capture size 1514 bytes

22:04:17.205279 Out 10:0e:7e:92:4a:00 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 10.0.0.2 tell 10.0.0.1

22:04:17.208403 In 84:a9:c4:a5:b0:ad > 10:0e:7e:92:4a:00, ethertype ARP (0x0806), length 60: arp reply 10.0.0.2 is-at 84:a9:c4:a5:b0:ad

68 packets received by filter

0 packets dropped by kernel

IPv5

Архив рубрики: linux

Ping QoS

clear arp cache

Networking