[c-nsp] config rollback (was RE: tcpdump on ios?)

Aamer Akhter (aakhter) aakhter at cisco.com
Sun Jan 13 13:27:48 EST 2008


There is a variant of generalized config rollback in IOS as well (no explicit commit concept—eg no atomic commits yet):

 

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a0080356ea5.html

 

Regards,

 

--
Aamer Akhter / aa at cisco.com
Ent & Commercial Systems, cisco Systems

From: Kim Onnel [mailto:karim.adel at gmail.com] 
Sent: Sunday, January 13, 2008 6:17 AM
To: Masood Ahmad Shah
Cc: Aamer Akhter (aakhter); Saku Ytti; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] tcpdump on ios?

 

Have you taken a look at IOS XR ? it has stuff similar to the commit and rollback and more.

Regards,
Kim

On Jan 13, 2008 10:23 AM, Masood Ahmad Shah < masood at nexlinx.net.pk <mailto:masood at nexlinx.net.pk> > wrote:

Well, All in all Cisco needs to improve packet sniffing tools on their 
platforms. What would you do if you come from juniper and used to use

jahil at jahil> monitor traffic detail interface em0 no-resolve print-ascii

Address resolution is OFF.
Listening on em0, capture size 1514 bytes 

12:58:43.311620  In IP (tos 0x0, ttl 128, id 25379, offset 0, flags [none],
proto: UDP (17), length: 78) 192.168.10.101.137 > 192.168.10.255.137: UDP,
length 50
0x0000   ffff ffff ffff 0050 da36 e12f 0800 4500        .......P.6./..E. 
0x0010   004e 6323 0000 8011 40c7 c0a8 0a65 c0a8        .Nc#.... at ....e..
0x0020   0aff 0089 0089 003a ec0a fc36 0110 0001        .......:...6....
0x0030   0000 0000 0000 2044 4244 4a44 4343 4f44        .......DBDJDCCOD 
0x0040   4244 4744 4943 4f44 4244 4143 4f44 4244        BDGDICODBDACODBD
0x0050   4144 4443 4143 4100 0020 0001                  ADDCACA.....


I strongly suggest an integrated tool to debug IP payloads (like tcpdump). 
They also need to work on dependencies and only platform specific features,
why the heck I need to disable something to get another thing or I need to
buy a new router just for a feature :)

Also I suggest a feature such as "commit" and "rollback n" can really make 
backing out of changes a no brainer.

Regards,
Masood Ahmad Shah




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net

[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aamer Akhter
(aakhter)
Sent: Sunday, January 13, 2008 1:31 AM
To: Saku Ytti; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] tcpdump on ios?

Hi Folks,

It really depends on what the intent is. If the intent is to track flows 
transiting the router, then these debug commands are (IMHO) not the best
way. Eg, a problem with debug cef is going to be not all packets are CEF
switched (eg PBR, MPLS). These are really meant to troubleshoot the specific 
switching/forwarding system(s)

I think the original poster was looking for only tracking of flows, not
interested in payload gathering etc (so the tcpdump in the subject line
might be conveying more than actually required). For that purpose, NetFlow 
should suffice.

For specifically creating pcap files on the router, IP router traffic export
(RTE) has been mentioned. RTE can create pcap files on a remote tftp or
locally (disk,usb etc). The limitation there is that it is only available on 
certain platforms and there it only captures TCP traffic. I'm trying to help
prioritize the case for supporting non-TCP traffic so if there is solid
interest please drop me an email.

SPAN and lawful intercept (LI) are also options providing you're on the 
right platform and an image that has LI.

Regards,

--
Aamer Akhter / aa at cisco.com
Ent & Commercial Systems, cisco Systems

> -----Original Message----- 
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net ] On Behalf Of Saku Ytti
> Sent: Saturday, January 12, 2008 1:30 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] tcpdump on ios?
>
> On (2008-01-12 10:42 -0500), Luan Nguyen wrote: 
>
> > But on a simple router, to track down a problem for a few seconds...
> > no logging console
> > logging buffer xxxx debugging
> > no ip route-cache on interfaces
> > access-list to match or set interface condition 
> > debug ip packet detail <access-list> (dump).
> >
> > would do fine?
>
> Since new CEF code in 12.2S, in software platforms using CEF
> for switching you can debug CEF switched packets virtually 
> for free (as well as mirror, which was already mentioned
> in the thread earlier). Debugging is not surprisingly 'debug ip cef
> packet
> ..'.
>
> Thanks,
> --
>   ++ytti 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________ 
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp 
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list   cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net> 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 



More information about the cisco-nsp mailing list