[c-nsp] how do keepalive frames work

Tóth András diosbejgli at gmail.com
Sun Jul 31 19:56:11 EDT 2011 

Hi Martin,

I cannot comment on the 2900 switches, as it's very old and not
supported anyway by Cisco. On the 2950 switches, when keepalives are
enabled and looping condition is detected, the interface will be
err-disabled, this is an expected behavior. For more information,
please visit the below documentations.

Refer to the "Loopback error" section on the following link:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

Refer to the "%ETHCNTR-3-LOOP_BACK_DETECTED : Keepalive packet
loop-back detected on [chars]" section here:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#prob1b

I guess you can read more about Type 2 cabling on the following link.
http://www.cisco.com/en/US/products/hw/gatecont/ps2250/products_tech_note09186a008009452e.shtml#ii

Best regards,
Andras


2011/7/31 Martin T <m4rtntns at gmail.com>:
> András,
> under IOS one can configure "keepalive" settings of Fa/Gi/Te
> interfaces of Cisco 4500 and Fa ports of Cisco 2900 series as well,
> but as much as I tested with 2900 series, while keepalive frames are
> actually sent, in case of loop(I made a RJ45 hardware loop), the port
> is not shut down.
>
> On the other hand, in case of Cisco 2950, the keepalive frame indeed
> forced port to "err-disabled" state when I plugged my RJ45
> hardware-loop into the port:
>
> 00:06:53: %SYS-5-CONFIG_I: Configured from console by console
> 00:06:55: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back
> detected on FastEthernet0/2.
> 00:06:55: %PM-4-ERR_DISABLE: loopback error detected on Fa0/2, putting
> Fa0/2 in err-disable state
> 00:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> FastEthernet0/2, changed state to down
> 00:06:57: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down
>
> When I set "no keepalive" to this very same switch port under C2950
> and connect the same RJ45 hardware loop, the port stayed up.
>
> By "Type 2" cabling you mean so-called "Cat2"(Two shielded twisted
> pairs + four voice grade twisted pairs) cabling? And the idea is that
> in case there is a loop on physical layer, the switch port receives a
> keepalive frame with it's own MAC address as a destination and source
> address and shuts down the port?
> In the light of modern cabling standards, the "keepalive" feature
> isn't very useful, is it?
>
> regards,
> martin
>
> 2011/7/31 Tóth András <diosbejgli at gmail.com>:
>> Hi Martin,
>>
>> Keepalives are sent on the Catalyst 2940, 2950, 2950-LRE, 2955, 2970,
>> 3550, 3560 or 3750 switch to prevent loops in the network. The primary
>> reason for the keepalives is to prevent loops as a result of Type 2
>> cabling which does cause a loop in some situations. A loop is detected
>> when the switch receives back it's own keepalive pakcet.
>>
>> Keepalives are sent on ALL interfaces by default in 12.1EA based
>> software. Starting in 12.2SE based releases, keepalives are NO longer
>> sent by default on fiber and uplink interfaces.
>>
>> Best regards,
>> Andras
>>
>>
>> On Sun, Jul 31, 2011 at 3:51 AM, Martin T <m4rtntns at gmail.com> wrote:
>>> I have a following connection:
>>>
>>> T60[eth0] <-> [Fa0/2]WS-C2950C-24
>>>
>>> ..and port Fa0/2 in the switch in configured like this:
>>>
>>> WS-C2950C-24#sh run int Fa0/2
>>> Building configuration...
>>>
>>> Current configuration : 149 bytes
>>> !
>>> interface FastEthernet0/2
>>>  description -> T60
>>>  switchport mode access
>>>  switchport nonegotiate
>>>  no cdp enable
>>>  spanning-tree bpdufilter enable
>>> end
>>>
>>> WS-C2950C-24#
>>>
>>> ..and "keepalive" signals are sent after every 10s:
>>>
>>> WS-C2950C-24#sh int Fa0/2 | i Keepalive
>>>  Keepalive set (10 sec)
>>> WS-C2950C-24#
>>>
>>> Now if I tcpdump those frames, they look like this:
>>>
>>> root at martin-ThinkPad-T60:~# tcpdump -i eth0 -e -XX -c 4
>>> tcpdump: WARNING: eth0: no IPv4 address assigned
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>>> 03:26:35.984629 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000  ................
>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
>>> 03:26:45.984971 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000  ................
>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
>>> 03:26:55.984277 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000  ................
>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
>>> 03:27:05.984651 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000  ................
>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000  ................
>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
>>> 4 packets captured
>>> 4 packets received by filter
>>> 0 packets dropped by kernel
>>> root at martin-ThinkPad-T60:~#
>>>
>>> As you can see, they are sent by switch port after every 10s. The
>>> source and destination MAC address are the same and ethertype is
>>> 0x9000 and it looks like the frame is just padded with zeros. I can
>>> change the keepalive messages interval between 1s and 32767s or
>>> disable keepalive frames by "no keepalive" or "keepalive 0".
>>> What are those "keepalive" frames used for? Some historical
>>> configuration setting? What should my T60 NIC do with those frames as
>>> at the moment it responds nothing?
>>>
>>>
>>> regards,
>>> martin
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>

More information about the cisco-nsp mailing list