CDP anuncia el reboot del equipo al vecino ?

Fecha: 6 al 8 de enero del 2021

 

Escenario

 

En este lab intentamos determinar por qué un switch “dispara” un paquete CDP justo al momento de hacer un reload.

Esto surgió de manera accidental documentando justamente lo inverso: que se transmite primero al levantar una interfaz.

Luego de configurar todo lo necesario y reiniciar el switch se capturó este paquete malformado, lo que llevó a verificar

si fue casual o no repitiendo la prueba.

 

                           

 

Buscando en un foro de Wireshark sobre paquetes malformados me encuentro con que posiblemente sea un

“rudimentario” aviso al vecino de que va a dejar de estar en línea, y lo cual hay que probar :-)

 

1.- Verificación de paquetes CDP recibidos:

 

Switch#debug cdp packets

CDP packet info debugging is on

Switch#

Switch#

Jan  7 07:54:27.874: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1

Jan  7 07:55:19.677: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1

Jan  7 07:56:07.915: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1

Jan  7 07:56:59.054: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1

Jan  7 07:57:52.200: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1

Switch#

 

2.- Reinicio del switch:

 

Switch#reload

 

System configuration has been modified. Save? [yes/no]: yes

Building configuration...

[OK]

Proceed with reload? [confirm] (enter)

 

Jan  7 07:58:06.265: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.

CPU rev: B

Image passed digital signature verification

 

Board rev: 24

Testing DataBus...

Testing AddressBus...

Testing Memory from 0x00000000 to 0x1fffffff...

---reboot omitido---

 

3.- Captura en el Wireshark:

 

 

4.- Comparación de tramas de CDP:

 

Se comparan las tramas 5 y 6 de la captura, en los logs del switch observamos que se envían 5 tramas CDP.

La trama 6 se dispara una vez ejecutado el comando reload y ya no se muestra en el debug de la consola.

 

 

Frame 5: 466 bytes on wire (3728 bits), 466 bytes captured (3728 bits) on interface id 0

IEEE 802.3 Ethernet

Logical-Link Control

Cisco Discovery Protocol

    Version: 2

    TTL: 180 seconds

    Checksum: 0xe942 [correct]

    [Checksum Status: Good]

    Device ID: Switch

        Type: Device ID (0x0001)

        Length: 10

        Device ID: Switch

    Software Version (esto el paquete malformado no lo informa)

        Type: Software version (0x0005)

        Length: 250

        Software version: Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M),

                                      Version 15.2(2)E3, RELEASE SOFTWARE (fc3)

        Software version: Technical Support: http://www.cisco.com/techsupport

        Software version: Copyright (c) 1986-2015 by Cisco Systems, Inc.

        Software version: Compiled Wed 26-Aug-15 07:12 by prod_rel_team

    Platform: cisco WS-C2960X-24PS-L

        Type: Platform (0x0006)

        Length: 26

        Platform: cisco WS-C2960X-24PS-L

    Addresses

        Type: Addresses (0x0002)

        Length: 8

        Number of addresses: 0

    Port ID: GigabitEthernet1/0/1

        Type: Port ID (0x0003)

        Length: 24

        Sent through Interface: GigabitEthernet1/0/1

    Capabilities (el resto el paquete malformado no lo informa)

        Type: Capabilities (0x0004)

        Length: 8

        Capabilities: 0x00000028

    Protocol Hello: Cluster Management

        Type: Protocol Hello (0x0008)

        Length: 36

        OUI: 00:00:0c (Cisco Systems, Inc)

        Protocol ID: Cluster Management (0x0112)

        Cluster Master IP: 0.0.0.0

        IP?: 255.255.255.255

        Version?: 0x01

        Sub Version?: 0x02

        Status?: 0x21

        UNKNOWN: 0xff

        Cluster Commander MAC: 00:00:00:00:00:00

        Switch's MAC: 00:5f:86:f8:b7:00

        UNKNOWN: 0xff

        Management VLAN: 0

    VTP Management Domain:

        Type: VTP Management Domain (0x0009)

        Length: 4

        VTP Management Domain:

    Native VLAN: 100

        Type: Native VLAN (0x000a)

        Length: 6

        Native VLAN: 100

    Duplex: Full

        Type: Duplex (0x000b)

        Length: 5

        Duplex: Full

    Trust Bitmap: 0x00

        Type: Trust Bitmap (0x0012)

        Length: 5

        Trust Bitmap: 0x00

    Untrusted port CoS: 0x00

        Type: Untrusted Port CoS (0x0013)

        Length: 5

        Untrusted port CoS: 0x00

    Management Addresses

        Type: Management Address (0x0016)

        Length: 8

        Number of addresses: 0

    Power Available: 0 mW, 4294967295 mW

        Type: Power Available (0x001a)

        Length: 16

        Request-ID: 0

        Management-ID: 1

        Power Available: 0mW

        Power Available: 4294967295mW

    Spare Pair PoE

        Type: Spare PoE (0x001f)

        Length: 5

        Spare Pair PoE: 0x00

    Type: Unknown (0x1004), length: 19

        Type: Unknown (0x1004)

        Length: 19

        Data: 303035662e383666382e6237303000

    Radio 1 channel: 1

        Type: Radio1 channel (0x1003)

        Length: 5

        Platform: 1

 

Frame 6: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface id 0

IEEE 802.3 Ethernet

Logical-Link Control

Cisco Discovery Protocol

    Version: 2

    TTL: 0 seconds

    Checksum: 0x9016 [correct]

    [Checksum Status: Good]

    Device ID: Switch

        Type: Device ID (0x0001)

        Length: 10

        Device ID: Switch

    Port ID: GigabitEthernet1/0/1\020\004\000

        Type: Port ID (0x0003)

        Length: 24

        Sent through Interface: GigabitEthernet1/0/1\020\004

[Malformed Packet: CDP]

    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]

        [Malformed Packet (Exception occurred)]

        [Severity level: Error]

        [Group: Malformed]

 

5.- Detalle encontrado en la web de Wireshark:

 

It seems that Cisco uses CDP packet with capability 0 and Null platform string to force CDP

entry aging on neighboring device during reload.

 

Fuente: https://www.wireshark.org/lists/wireshark-bugs/201608/msg00434.html

 

6.- Por lo que nos lleva a verificar mediante un vecino CDP:

 

 

7.- Verificamos vecino CDP:

 

Switch-B#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform        Port ID

Switch-A         Gig 1/0/1           129              S I           WS-C2960X  Gig 1/0/1

 

Total cdp entries displayed : 2

Switch-B#

 

8.- Verificamos en Switch-A:

 

Switch-A#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform           Port ID

Switch-B         Gig 1/0/1           168              S I           WS-C2960X     Gig 1/0/1

 

Total cdp entries displayed : 1

Switch-A#

 

9.- Reiniciamos en Switch-A:

 

Switch-A#reload

Proceed with reload? [confirm] (enter)

 

10.- Verificamos en Switch-B:

 

Switch-B#

Jan  8 08:00:53.817: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down (por el reinicio del Switch-A)

Jan  8 08:00:54.820: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down

Switch-B#

 

11.- Verificamos vecino CDP:

 

Switch-B#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

 

Total cdp entries displayed : 0

Switch-B#

 

12.- Verificación si es por SHUT de la interface o el CDP malformed:

 

Al reiniciar el switch A ambas interfaces entran en modo DOWN por lo que el vecino CDP se retira de la tabla

debido a que la interface asociada “se cae”.

 

 

Switch-B#sh cdp nei

Jan  8 08:06:13.297: CDP-PA: Packet received from Switch-A on interface GigabitEthernet1/0/1

Jan  8 08:06:13.300: **Entry  found in cache**

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform        Port ID

Switch-A         Gig 1/0/1           178              S I           WS-C2960X Gig 1/0/1

 

Total cdp entries displayed : 1

Switch-B#

 

13.- Sacamos patch-cord:

 

 

Switch-B#

Jan  8 08:06:23.772: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

Jan  8 08:06:24.772: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down

Switch-B#

 

14.- Verificamos vecino CDP:

 

Switch-B#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

 

Total cdp entries displayed : 0

Switch-B#

 

15.- Pruebas manteniendo la interface UP en el Switch-B:

 

De esta manera mantenemos arriba la interface del Switch-B, por lo que solo deberia retirar de la tabla CDP

al vecino (Switch-A), o por el paquete malformado que indica retirar, o al cumplirse el hold-time.

 

 

16.- Verificamos vecino CDP:

 

Switch-B#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform        Port ID

Switch-A         Gig 1/0/1           172              S I           WS-C2960X  Gig 1/0/1

 

Total cdp entries displayed : 1

Switch-B#

 

17.- Reiniciamos el Switch-A:

 

 

Switch-B#debug cdp events

CDP events debugging is on

Switch-B#

 

(último paquete normal recibido)

Jan  8 08:22:16.627: CDP-EV: Packet Received from Switch-A with capability = 28 and Platform string = cisco WS-C2960X-24PS-L on interface GigabitEthernet1/0/1

Jan  8 08:22:16.627: CDP-EV: APP-TLV already enqueued: duplex = 3, native-vlan = 1

  CDP-EV: received_vtp_mgmt_domain = 1, vtp_mgmt_domain_length = 0

  CDP-EV: vtp-management-domain-name = '', type: 4099

Jan  8 08:22:30.213: CDP-PA: Packet received from Switch-A on interface GigabitEthernet1/0/1

Jan  8 08:22:30.213: **Entry  found in cache**

(paquete malformado)

Jan  8 08:22:30.213: CDP-EV: Packet Received from Switch-A with capability = 0 and Platform string =  on interface GigabitEthernet1/0/1

Jan  8 08:22:30.220: CDP-EV: Notify registered clients about the entry deletion from CDP cache for GigabitEthernet1/0/1

Jan  8 08:22:30.220: CDP-EV: APP-TLV removed, neighbor:Switch-A, type: 4100

Jan  8 08:22:30.220: CDP-EV: APP-TLV removed, neighbor:Switch-A, type: 4099

Switch-B#

 

18.- Verificamos vecino CDP:

 

Switch-B#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

 

Total cdp entries displayed : 0

Switch-B#

 

19.- Resumen:

 

Podemos afirmar que al momento del reinicio, el switch envía un paquete CDP con parámetros que de alguna manera

indican que deben quitarlo como vecino de la tabla CDP, esto en ciertas condiciones puede evitar un mal diagnóstico de

posibles problemas de conectividad asumiendo que un vecino existe cuando en realidad está off-line mientras dure el

holdtime CDP (en la última prueba, punto 15 es de 172 segundos).

 

(2021) What will you say before you die?

Rosario, Argentina