Discussion:
[uknof] IOS XR tcpdump
Marty Strong
2015-06-30 10:23:36 UTC
Permalink
Hey UKNOFers,

Anybody know the Cisco IOS XR equivalent to "monitor traffic interface lo0" on a Juniper?

Searching around online I don’t see anything, and the Cisco documentation is as lacking as some features in IOS /troll

Regards,
Marty Strong
--------------------------------------
CloudFlare - AS13335
Network Engineer
***@cloudflare.com
+44 20 3514 6970 UK (Office)
+44 7584 906 055 UK (Mobile)
+1 888 993 5273 US (Office)
smartflare (Skype)

http://www.peeringdb.com/view.php?asn=13335
James Bensley
2015-07-09 20:17:57 UTC
Permalink
Post by Marty Strong
Hey UKNOFers,
Anybody know the Cisco IOS XR equivalent to "monitor traffic interface lo0" on a Juniper?
Searching around online I don’t see anything, and the Cisco documentation is as lacking as some features in IOS /troll
There isn't any such featre (as of yet) if you are talking about an
ASR9000 series device? If so then yeah, nothing yet. I am rather
shocked by this but I've been in contact with TAC over various issues
with IOS-XR and the ASR9K's and they have confirmed to me there is no
"proper" packet-capture feature yet.

Even with Typhoon line cards and RSP440s. I would assume this feature
is perfectly possible and simply hasn't dropped yet, Cisco haven't
confirmed or denided that for me yet though.

The best you can do is apply ACLs to the line card to check if a
packet that matches the ACL is either ingressing or egressing the PHY
or NP or FIA you assign the ACL to. This basically:
https://supportforums.cisco.com/document/122386/asr9000xr-how-capture-dropped-or-lost-packets

Note before: that is a service affecting operation.

You can run SPANs in IOS-XR if you have somewhere to SPAN a port to.

Also you can use the interface "monitor" command, "monitor interface
xxx" which isn't great but sometimes anything is better than nothing.

Cheers,
James,
Marty Strong
2015-07-10 01:51:36 UTC
Permalink
Yay Cisco, lagging behind Juniper yet again!

Thanks for the response.

Regards,
Marty Strong
--------------------------------------
CloudFlare - AS13335
Network Engineer
***@cloudflare.com
+44 20 3514 6970 UK (Office)
+44 7584 906 055 UK (Mobile)
+1 888 993 5273 US (Office)
smartflare (Skype)

http://www.peeringdb.com/view.php?asn=13335
Post by James Bensley
Post by Marty Strong
Hey UKNOFers,
Anybody know the Cisco IOS XR equivalent to "monitor traffic interface lo0" on a Juniper?
Searching around online I don’t see anything, and the Cisco documentation is as lacking as some features in IOS /troll
There isn't any such featre (as of yet) if you are talking about an
ASR9000 series device? If so then yeah, nothing yet. I am rather
shocked by this but I've been in contact with TAC over various issues
with IOS-XR and the ASR9K's and they have confirmed to me there is no
"proper" packet-capture feature yet.
Even with Typhoon line cards and RSP440s. I would assume this feature
is perfectly possible and simply hasn't dropped yet, Cisco haven't
confirmed or denided that for me yet though.
The best you can do is apply ACLs to the line card to check if a
packet that matches the ACL is either ingressing or egressing the PHY
https://supportforums.cisco.com/document/122386/asr9000xr-how-capture-dropped-or-lost-packets
Note before: that is a service affecting operation.
You can run SPANs in IOS-XR if you have somewhere to SPAN a port to.
Also you can use the interface "monitor" command, "monitor interface
xxx" which isn't great but sometimes anything is better than nothing.
Cheers,
James,
James Bensley
2016-08-17 12:05:52 UTC
Permalink
Post by Marty Strong
Yay Cisco, lagging behind Juniper yet again!
Thanks for the response.
Regards,
Marty Strong
--------------------------------------
CloudFlare - AS13335
Network Engineer
+44 20 3514 6970 UK (Office)
+44 7584 906 055 UK (Mobile)
+1 888 993 5273 US (Office)
smartflare (Skype)
http://www.peeringdb.com/view.php?asn=13335
Post by James Bensley
Post by Marty Strong
Hey UKNOFers,
Anybody know the Cisco IOS XR equivalent to "monitor traffic interface lo0" on a Juniper?
Searching around online I don’t see anything, and the Cisco documentation is as lacking as some features in IOS /troll
There isn't any such featre (as of yet) if you are talking about an
ASR9000 series device? If so then yeah, nothing yet. I am rather
shocked by this but I've been in contact with TAC over various issues
with IOS-XR and the ASR9K's and they have confirmed to me there is no
"proper" packet-capture feature yet.
Even with Typhoon line cards and RSP440s. I would assume this feature
is perfectly possible and simply hasn't dropped yet, Cisco haven't
confirmed or denided that for me yet though.
The best you can do is apply ACLs to the line card to check if a
packet that matches the ACL is either ingressing or egressing the PHY
https://supportforums.cisco.com/document/122386/asr9000xr-how-capture-dropped-or-lost-packets
Note before: that is a service affecting operation.
You can run SPANs in IOS-XR if you have somewhere to SPAN a port to.
Also you can use the interface "monitor" command, "monitor interface
xxx" which isn't great but sometimes anything is better than nothing.
Cheers,
James,
Is it ever too late to revive a thread?

Marty (and anyone else interested) there is packet capturing features
inside the NP added in IOS-XR 5.3.3. It works for pretty much all
inbound packet drops but only some outbound packet drops.

This are some example notes I made;
https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture

Cheers,
James.
Job Snijders
2016-08-17 12:22:17 UTC
Permalink
Post by James Bensley
Is it ever too late to revive a thread?
Marty (and anyone else interested) there is packet capturing features
inside the NP added in IOS-XR 5.3.3. It works for pretty much all
inbound packet drops but only some outbound packet drops.
This are some example notes I made;
https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture
Thank you for sharing this!

Kind regards,

Job
James Bensley
2016-08-17 12:29:59 UTC
Permalink
Post by Job Snijders
Post by James Bensley
Is it ever too late to revive a thread?
Marty (and anyone else interested) there is packet capturing features
inside the NP added in IOS-XR 5.3.3. It works for pretty much all
inbound packet drops but only some outbound packet drops.
This are some example notes I made;
https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture
Thank you for sharing this!
Kind regards,
Job
One thing I forgot to mention is that as I'm sure you probably know
already, come IOS-XR 6.1 on ASR9000's we should be able to use the
Linux containers to run actual tcpdump on the boxes.

Cheers,
James.
Tom Hill
2016-08-17 12:34:21 UTC
Permalink
Post by James Bensley
One thing I forgot to mention is that as I'm sure you probably
know already, come IOS-XR 6.1 on ASR9000's we should be able to use
the Linux containers to run actual tcpdump on the boxes.
But not if you're running Typhoon. :)

- --
Tom Hill
Network Manager

Bytemark Hosting
http://www.bytemark.co.uk/
tel. +44 1904 890 890

Loading...