13.1. Packet Tracer

Packet tracer allows to see through which vCGNAT subsystems both incoming and outgoing user packets have passed. It is a powerful utility that can help debug non-trivial or difficult-to-analyze issues. Packet tracer can be configured to analyze both user traffic and counter drops.

In common cases, debugging should be performed as follows:

  1. Create and enable a debug_pool with one IP.

  2. Create a subscriber group and configure it to use this pool.

  3. Create a nat rule to process all traffic coming from this subscriber.

  4. Create an access list with two precise rules for forward and reverse traffic.

ip dp-access-list NAME SEQ ACTION <any|udp|tcp|icmp|gre|esp> src-ip <any|A.B.C.D/M> dst-ip <any|A.B.C.D/M>
ipv6 dp-access-list NAME SEQ ACTION <any|udp|tcp|icmp|gre|esp> src-ip <any|X:X::X:X/M> dst-ip <any|X:X::X:X/M>

Before creating a packet tracer, configure access lists for IPv4 or IPv6 traffic.

debug packet-tracer <ip|ipv6> dp-access-list NAME max-packets (2-1048576) [payload-length (16-65535) [<vrf NAME|vrf-all>]]

Create a packet tracer with the configured access list.

max-packets — the maximum number of packets per nb_work core will be stored in the trace. You can write \(N^2 - 1\) to the ring queue. For example, if you specify a value of 10, the trace subsystem will take the degree of two from the top \(2^4 - 1 = 15\) — that’s how many packets will be written to the trace. If 12 nb_work cores are specified in the platform settings, then the total number of packets will be \(15 * 12 = 180\). These packets can be viewed using the show debugging packet-tracer ip traces command, where the timestamp characterizes the beginning of the packet.

payload-size — the amount of data in Bytes saved by packet tracer for each packet

vrf-all — packets will be collected over all vrf

Note

Only one packet tracer can be created at any given time.

debug packet-tracer <ip|ipv6> counter <hairpinning_loop_drops|hairpinning_drops| unsupported_l4_proto_drops|no_nat_rule_drops|no_mapping_drops|ttl_drops> max-packets (2-1048576) [payload-length (16-65535) [<vrf NAME|vrf-all>]]

If it is necessary to analyze a reason of drops in the specific counters (see the output of show nat counters overall command), then specify the counter name instead of the access list in the packet tracer. A detailed description of counters can be found here.

no debug packet-tracer <ip|ipv6> [<vrf NAME|vrf-all>]

Delete created packet tracer.

debug packet-tracer burst-size (1-65535)

Specify the number of packets that the handler will read at one time from the queue. The default is 512.

debug packet-tracer <ip|ipv6> pcap-dump file FILENAME

Collect traces in a pcap file. When a pcap dump is enabled, a separate thread parses the queue in real-time. A queue here means a buffer - the maximum number of simultaneous packets stored in vCGNAT memory before they hit the disc. In that case, option max-packets in the debug packet-tracer command does not limit the number of packets to be collected.

Warning

The dump will start writing to the file immediately after the command is executed and will not stop automatically. It must be stopped manually; otherwise, a disc overflow will occur! The access list should be as precise as possible to keep the dump from weighing a lot.

no debug packet-tracer <ip|ipv6> pcap-dump [file FILENAME]

Stop dump recording.

Show Commands

show debugging packet-tracer <ip|ipv6> traces [clear]

Display traces that were collected by packet tracer. There is such information in every traced packet: ethernet and IP headers, nodes through which packets pass, and where the packets are dropped. If the option clear is added, the traces are deleted after viewing. Here is an example of ICMP packet:

Timestamp: 3813334005032920
Payload (saved 98 bytes of 98):
 ether src: 0C:72:8B:12:00:00
 ether dst: 0C:5B:1E:11:00:02
 ether type: 800
 ipv4:
  src: 10.0.0.2
  dst: 212.12.12.12
  proto: 1
L3 ip process node:
 next node: NODE_NAT_OUTBOUND_IPv4
 vrf id: 1
 ttl: 63
 hash: 26023cd3
NAT ip outbound node:
 next node: NODE_FORWARD_IPv4
 fragment: 0
 passthrough: 0
 session: 0x16c30b500
  nat type: 1
  translated ip: 192.168.1.1
  translated port: 865
 alg result:
  state: 2
  offset: 0
  expiration tsc: ffffffffffffffff
L3 ip forward node:
 next node: NODE_FINISH_IPv4
 stage: Checks passed
 error: 0
 vrf id: 0
 hash: 26023cd3
 route:
  type: 1
  scope: 0
  mask: 32
  nb nexthops: 1
  ip: 212.12.12.12
  src: 0.0.0.0
  nexthop:
   id: 1048569
   dev: 0
   gateway:
    ip: 10.10.20.2
    neighbor:
     ether: 0C:D4:10:AB:00:01
     state: 2
     last time used: d8c3502c7a7d8
L3 ip finish node:
 next node: NODE_MAX
 error: 0
 vrf id: 0
 mtu: 1500
 hash: 26023cd3
show debugging packet-tracer <ip|ipv6> stats [<vrf NAME|vrf-all>]

Display statistic for a created packet tracer.

Packet Tracer:
  Type: IPv4
  Condition: ACL DUMP
  Max Packets: 128
  Payload-length: 100
  Burst Size: 512
  Traced counters:
    hairpinning_loop_drops: Off
    hairpinning_drops: Off
    unsupported_l4_proto_drops: Off
    no_nat_rule_drops: Off
    no_mapping_drops: Off
    ttl_drops: Off
  Counters:
    Total usage:    19
    No free space:  0
    ACL checks:     19
    Added to trace: 19
    Processed:      0
  Pcap dump: disabled