[c-nsp] how do keepalive frames work

Martin T m4rtntns at gmail.com
Sun Jun 9 19:11:33 EDT 2013 

One small observation/conjecture to this thread- looks like if the switch
is under heavy load(for example L2 loop) then it might not send out
keepalive frames. For example if I connected my laptop GigE port to Cisco
2950 FE port which had to send out keepalive messages with 10s interval, it
missed quite a many keepalive frames:

22:13:49.786134 00:09:7c:4c:38:81 > 00:09:7c:4c:38:81, ethertype Loopback
(0x9000), length 60:
22:14:19.787212 00:09:7c:4c:38:81 > 00:09:7c:4c:38:81, ethertype Loopback
(0x9000), length 60:
22:15:49.807377 00:09:7c:4c:38:81 > 00:09:7c:4c:38:81, ethertype Loopback
(0x9000), length 60:
22:15:59.807661 00:09:7c:4c:38:81 > 00:09:7c:4c:38:81, ethertype Loopback
(0x9000), length 60:
22:16:09.807976 00:09:7c:4c:38:81 > 00:09:7c:4c:38:81, ethertype Loopback
(0x9000), length 60:
22:16:49.820440 00:09:7c:4c:38:81 > 00:09:7c:4c:38:81, ethertype Loopback
(0x9000), length 60:

According to "ip -s link show dev eth0" there were no dropped/overrun
packets during the packet capture. Module in use was e1000e. I tried with
different machine using Broadcom 1GigE chipset(tg3 v3.121 module) instead
of the Intel one and observed same interesting behavior- some keepalive
frames were missing.


regards,
Martin

2011/8/1 Martin T <m4rtntns at gmail.com>

> András,
> I don't think I'll see such cable at nowadays :) However, thank you
> for explaining this!
>
>
> regards,
> martin
>
> 2011/8/1 Tóth András <diosbejgli at gmail.com>:
> > Hi Martin,
> >
> > I cannot comment on the 2900 switches, as it's very old and not
> > supported anyway by Cisco. On the 2950 switches, when keepalives are
> > enabled and looping condition is detected, the interface will be
> > err-disabled, this is an expected behavior. For more information,
> > please visit the below documentations.
> >
> > Refer to the "Loopback error" section on the following link:
> >
> http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
> >
> > Refer to the "%ETHCNTR-3-LOOP_BACK_DETECTED : Keepalive packet
> > loop-back detected on [chars]" section here:
> >
> http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#prob1b
> >
> > I guess you can read more about Type 2 cabling on the following link.
> >
> http://www.cisco.com/en/US/products/hw/gatecont/ps2250/products_tech_note09186a008009452e.shtml#ii
> >
> > Best regards,
> > Andras
> >
> >
> > 2011/7/31 Martin T <m4rtntns at gmail.com>:
> >> András,
> >> under IOS one can configure "keepalive" settings of Fa/Gi/Te
> >> interfaces of Cisco 4500 and Fa ports of Cisco 2900 series as well,
> >> but as much as I tested with 2900 series, while keepalive frames are
> >> actually sent, in case of loop(I made a RJ45 hardware loop), the port
> >> is not shut down.
> >>
> >> On the other hand, in case of Cisco 2950, the keepalive frame indeed
> >> forced port to "err-disabled" state when I plugged my RJ45
> >> hardware-loop into the port:
> >>
> >> 00:06:53: %SYS-5-CONFIG_I: Configured from console by console
> >> 00:06:55: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back
> >> detected on FastEthernet0/2.
> >> 00:06:55: %PM-4-ERR_DISABLE: loopback error detected on Fa0/2, putting
> >> Fa0/2 in err-disable state
> >> 00:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> >> FastEthernet0/2, changed state to down
> >> 00:06:57: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to
> down
> >>
> >> When I set "no keepalive" to this very same switch port under C2950
> >> and connect the same RJ45 hardware loop, the port stayed up.
> >>
> >> By "Type 2" cabling you mean so-called "Cat2"(Two shielded twisted
> >> pairs + four voice grade twisted pairs) cabling? And the idea is that
> >> in case there is a loop on physical layer, the switch port receives a
> >> keepalive frame with it's own MAC address as a destination and source
> >> address and shuts down the port?
> >> In the light of modern cabling standards, the "keepalive" feature
> >> isn't very useful, is it?
> >>
> >> regards,
> >> martin
> >>
> >> 2011/7/31 Tóth András <diosbejgli at gmail.com>:
> >>> Hi Martin,
> >>>
> >>> Keepalives are sent on the Catalyst 2940, 2950, 2950-LRE, 2955, 2970,
> >>> 3550, 3560 or 3750 switch to prevent loops in the network. The primary
> >>> reason for the keepalives is to prevent loops as a result of Type 2
> >>> cabling which does cause a loop in some situations. A loop is detected
> >>> when the switch receives back it's own keepalive pakcet.
> >>>
> >>> Keepalives are sent on ALL interfaces by default in 12.1EA based
> >>> software. Starting in 12.2SE based releases, keepalives are NO longer
> >>> sent by default on fiber and uplink interfaces.
> >>>
> >>> Best regards,
> >>> Andras
> >>>
> >>>
> >>> On Sun, Jul 31, 2011 at 3:51 AM, Martin T <m4rtntns at gmail.com> wrote:
> >>>> I have a following connection:
> >>>>
> >>>> T60[eth0] <-> [Fa0/2]WS-C2950C-24
> >>>>
> >>>> ..and port Fa0/2 in the switch in configured like this:
> >>>>
> >>>> WS-C2950C-24#sh run int Fa0/2
> >>>> Building configuration...
> >>>>
> >>>> Current configuration : 149 bytes
> >>>> !
> >>>> interface FastEthernet0/2
> >>>>  description -> T60
> >>>>  switchport mode access
> >>>>  switchport nonegotiate
> >>>>  no cdp enable
> >>>>  spanning-tree bpdufilter enable
> >>>> end
> >>>>
> >>>> WS-C2950C-24#
> >>>>
> >>>> ..and "keepalive" signals are sent after every 10s:
> >>>>
> >>>> WS-C2950C-24#sh int Fa0/2 | i Keepalive
> >>>>  Keepalive set (10 sec)
> >>>> WS-C2950C-24#
> >>>>
> >>>> Now if I tcpdump those frames, they look like this:
> >>>>
> >>>> root at martin-ThinkPad-T60:~# tcpdump -i eth0 -e -XX -c 4
> >>>> tcpdump: WARNING: eth0: no IPv4 address assigned
> >>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> >>>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> >>>> 03:26:35.984629 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
> >>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
> >>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000
>  ................
> >>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
> >>>> 03:26:45.984971 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
> >>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
> >>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000
>  ................
> >>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
> >>>> 03:26:55.984277 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
> >>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
> >>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000
>  ................
> >>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
> >>>> 03:27:05.984651 00:12:7f:13:8f:c2 (oui Unknown) > 00:12:7f:13:8f:c2
> >>>> (oui Unknown), ethertype Loopback (0x9000), length 60:
> >>>>        0x0000:  0012 7f13 8fc2 0012 7f13 8fc2 9000 0000
>  ................
> >>>>        0x0010:  0100 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
>  ................
> >>>>        0x0030:  0000 0000 0000 0000 0000 0000            ............
> >>>> 4 packets captured
> >>>> 4 packets received by filter
> >>>> 0 packets dropped by kernel
> >>>> root at martin-ThinkPad-T60:~#
> >>>>
> >>>> As you can see, they are sent by switch port after every 10s. The
> >>>> source and destination MAC address are the same and ethertype is
> >>>> 0x9000 and it looks like the frame is just padded with zeros. I can
> >>>> change the keepalive messages interval between 1s and 32767s or
> >>>> disable keepalive frames by "no keepalive" or "keepalive 0".
> >>>> What are those "keepalive" frames used for? Some historical
> >>>> configuration setting? What should my T60 NIC do with those frames as
> >>>> at the moment it responds nothing?
> >>>>
> >>>>
> >>>> regards,
> >>>> martin
> >>>> _______________________________________________
> >>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>>
> >>>
> >>
> >
>

More information about the cisco-nsp mailing list