Assigning ﬁlters, Tcpdump | Lucent Technologies 9077 16S, 9077 04S

Introduction to the SP Switch Router Adapter card

Assigning filters

Assigning ﬁlters

The SP Switch Router Adapter card supports IP packet ﬁltering. You can apply ﬁlters to the receive and/or transmit path of a logical interface as described in the “IP Packet Filtering” chapter of the GRF Conﬁguration and Management manual.

The ﬁlter conﬁguration ﬁle is /etc/filterd.conf. The maint 50 –58commands report statistics and information for ﬁlters assigned to the receive side of the card. The maint 150 – 158 commands report on transmit side ﬁlters.

The “IP Packet Filtering” chapter describes the entries in /etc/filterd.conf and tells you how to design several types of ﬁlters. The binding statement in /etc/filterd.conf is where you assign a ﬁlter you have created to a particular logical interface on a speciﬁc media card.

This statement has two variables that are media card speciﬁc, media and vlif.

In a binding statement, media is the type of media card and vlif is the logical interface number to which the ﬁlter is assigned. For the SP Switch Router Adapter card, media is always dev1 and the vlif is always 0 since the card has a single interface.

Here is a binding statement for an SP Switch Router Adapter card in slot 5, gt050 (the card is connected to node 8 on an SP switch):

media dev1 5 {

#the ﬁlter named “no_host_22” blocks all packets from remote host 192.168.22.22

bind no_host_22_22 {
vlif 0;	# this is the switch node 8 interface
direction out;	# outbound trafﬁc to node 8
action filter;
}
}
Here are the supported media names:
atm (OC-3c)
dev1
ether
fddi
hssi
hippi
sonet (OC-3c)

Please refer to the “IP Packet Filtering” chapter of the GRF Conﬁguration and Management manual for conﬁguration information and examples.

tcpdump

Filtering supports the standard UNIX tcpdump utility that enables you to examine the data crossing an SP Switch Router Adapter interface. A tcpdump “listen” command for interface gt030 is:

# tcpdump -i gt030

1-14	SP Switch Router Adapter Guide - 1.4 Update 2

Image 30

Lucent Technologies 9077 16S, 9077 04S, 9076 manual Assigning ﬁlters, Tcpdump

Contents

SP Switch Router Adapter Guide Lucent Technologies Contents Chapter Conﬁguring the SP Switch Router Adapter Chapter Appendix a Part Numbers Appendix C Viii SP Switch Router Adapter Guide 1.4 Update Figures Figures Tables Tables About 1.4 Update How to use this Guide SP Switch Router manuals Manual setsIBM SP system manuals Documentation conventions Convention Meaning IP routing publications Introduction to the SP Switch Router Adapter card What is the RS/6000 SP Switch Router ? SP Switch Router SP Switch Router systems for IBM sites SP Switch cableCables included in your system Pcmcia 520MB disk Redundant AC power suppliesRedundant supply safety Ethernet cable Upgrading system memory RAM Overview of the SP Switch Router Adapter card Face plate diagram Inserting a media card into the SP Switch Router Media card components Card insertion procedure ESD requirements OFF Error SP Switch Router Adapter card LEDsLED activity during boot OFF TX HB LED activity during normal operations STATE1 Bottom two LEDs amber go on during SP Switch Router Adapter card speciﬁcations Element Value Assigning ﬁlters Tcpdump Snmp on the SP Switch Router Adapter card SP Switch Router Adapter dependent node MIB support SP Switch Router Adapter media card states Snmp Snmp conﬁguration overview Snmp activity during media card start up Conﬁguring the SP Switch Router Adapter Introduction to installation and conﬁguration Pre-installation assumptions Location of relevant information Order of information Installing an SP Switch Router Adapter card Installation overview Installing the Pcmcia spinning disk Managing Pcmcia slots Installation steps Panic dumps sent to external ﬂash device ﬁle entries should now look like the following Save all changes and reboot Do not damage the connector ends Attaching SP Switch Router cablesSP switch cable Ethernet cable Procedure for attaching cables to card and SP Switch Keep the plastic cap on Determining the switch connection for a dependent node Conﬁguration required on the SP system Procedure Sources of conﬁguration information Multiple frames for multiple system connections SP system a Step-by-step media card conﬁguration Conﬁguration ﬁles and their usesOverview of steps SP Switch Router requires a speciﬁc conﬁguration ﬁle Check Snmp in the SP Switch Router system Members Unspecified Subagents Put Snmp changes into effect ALL GET SET Trap Assign IP addresses Method 1 Recommended, use SP Snmp ManagerMethod 2 Optional, edit /etc/grifconﬁg.conf Netmask Interface nameInternet address Broadcast / destination address Argument ﬁeld Default MTU valuesPutting grifconﬁg.conf additions into effect MTU discovery facility Change proﬁle settings Specify card-level parameters Card proﬁleSpecify Icmp throttling Specify different dump settings Specify different executables Configuring the SP Switch Router Adapter Look at the SP Switch Router Adapter card settings Change executables for all dev1 cards Load proﬁle Change dump defaults for all dev1 cards Dump proﬁle Dump vectors read-only Configuring the SP Switch Router Adapter How to run the command Run dev1conﬁg to create grdev1.confMethod 2 Optional, edit /etc/grdev1.conf Contents of /etc/grdev1.conf Parameter deﬁnitions Extension Node Identiﬁer ibmSPDepNodeName read-only Conﬁguration State ibmSPDepConfigState read-only Reset card to install ﬁles Saving conﬁguration ﬁles Verify SP Switch Router Adapter card from router Verify media card operation using ping Verify switch node connectivity using ping Check media card status using grcardMedia card states Reset media card using grreset # grreset all -h # grreset slot -h Checking connectivity to the SP system Procedure Configuring the SP Switch Router Adapter Monitoring and Management Tools SP Switch Router command overview Csconﬁgﬂashcmd Grcard GetverGrarp Grﬁns Grrmb GrresetGrms Grroute Mountf GrstatGrwrite Setver SP Switch Router Unix tools PingRoute Traceroute Grroute.conf ﬁle Using the netstat command Netstat -rn Netstat -rs Netstat -in Netstat -an Netstat -s Layer 3 statistics Obtaining layer 2 and 3 statistics grstatOptions List of IP stats Multicast packets attempted to route Layer 2 statistics List of layer 2 stats SP Switch Router Adapter card maint commands Preparing to use maint commands Find transmit tx binary version maint Sample maint commandsFind hardware and software version numbers maint Display conﬁguration and status maint Maint 5 display switch statistics Maint 4 display media statistics Filtering commands maint 50-58 Maint 6 display combus statistics List where ﬁlters are assigned maint List the ﬁlters per media card maintConﬁgure UDP packet discards maint 89 Display ARP table maint 189 Flush the ARP cache maint 189 Display switch route table maint 189 Switch route not found Where to ﬁnd the user guide Checking for hardware problems grdiagWhat is tested Stopping or halting grdiag When a media card does not boot after grdiag Switch receive error can indicate hardware problem Media card dumps SP Switch Router dumpsSystem dumps Use grdinfo to collect logs Data collection utility grdinfo Grdinfo -card=slot all SP Switch Router example Grdinfo -all ============================================================ Monitoring and Management Tools Monitoring and Management Tools SP Switch Router logs Accessing a log ﬁle Sample gr.console log For example Sample gr.boot log Sample entries in the gr.boot log Sample messages log Sample entries in the messages log Burning in media card ﬂash memory Part Numbers Parts list model 04S GRF-AC-CB16 Parts list model 16SGRF-AC-SWB16 GRF-AC-AC16 Publication numbers IBM manuals IBM publication number Manual title Log Messages Alphabetical list of messages Log Messages Message descriptions Access Fifo Sync Error from RC, int1=%dAccess Fifo Sync Error from TC, int1=%d ACK Words 0x%08x, 0x%08x, 0x%08x, 0x%08x, 0x%08x, 0x%08x ARP added IP= %s, SW-node=%d, state=%d Bad Hdr/Svc received, Ret code=%dBoard Conﬁguration timed-out, retrying Conﬁguration Parameters Conﬁguring transmit sideCPU ready msg received from TX-CPU Discarding msg, unknown msgtype 0x%x Descriptor Sync Error from RC, int1=%dDescriptor Sync Error from TC, int1=%d ERR! Duplicated buffer %d Hot interrupt detected, ier1=0x%8x, ier2=0x8x Expect Nodeinit but received Stat/Err RequestExpired IP buffer received %d Initializing Main Task Loopback routes found for IP adr 0x%x, sw-node IOSTB3RX SET TOD service message receivedInitializing RX Subsystem data structure Lost of STI clock, Tbic Status = 0x%x RX Clock is valid NetStar GigaRouter %s RX Interface InitializingNetStar GigaRouter %s TX Interface Initializing RX-CPU Loaded msg received from TX-CPU RX-TBIC permanent errors detected IER1=0x%x, IER2=0x%x RX send Sendtod to the switch. or RX Reading TBICs TODRX-TBIC outage errors detected IER1=0x%x, IER2=0x%x RX got Tbic Inited fron TX Sending if Reset message to TX-CPU RX-TBIC transientt errors detected IER1=0x%x, IER2=0x%xSend TOD service message received Sending Grid Init Sending if Init for if 0x%x Sending mib-2 trap, type = %d, state = %d Sending params to TXState machine changes from xxx to yyy Switch route entry not found, node = %d Status/Err service message receivedSwitch received with errors. Descriptor 0x%8x Svc Msg rxed, svccmd=0x%x %s, nodecmd 0x%x %s TB4 segment received in wrong state Switch Route table loaded, %d entriesTB4 segment received in error. TB4-HDR word%d 0x%x Tbic Init msg sent to TX-CPU TBSI-RX TBICs TOD 0x%x, 0x%x Tbus Parity Error from RC, int1=%dTbus Parity Error from TC, int1=%d TBSI-TX Unexpected SVC threshold interrupt Timeout waiting for Cfgdn bits clear, stat0=%x Timeout waiting for FPGAINITCOMPLETE, stat0=%x Timed out resolving ARP. If %d IP %d.%d.%d.%d RX Setting the RC in operational mode, stat=0x%xTX-CPU Access Fifo busy, discarding IP packet TX-CPU Conﬁg Params msg received from RX-CPU TX-PROR startnode %d, endnode %d, # entries %d TX-CPU Tbic Init msg received from RX-CPUTX Port is connected, stat=0x%x TX pseudo STI clock is valid TX-TBIC transient errors detected IER1=0x%x, IER2=0x%x TX-TBIC outage errors detected IER1=0x%x, IER2=0x%xTX-TBIC permanent errors detected IER1=0x%x, IER2=0x%x Un-expected descriptor from RC, desctype=%d Log Messages Network Conﬁguration Examples Conﬁguration requirements Example 2 Multiple cards, single partition ARP table Conﬁguration tasks Incoming trafﬁc going to SP processor nodesOutgoing trafﬁc coming from SP processor nodes Recovery procedure if an SP Switch Router Adapter card fails Example 3 Multiple cards, multiple SP partitions SP Switch Router as an IBM product Support for code installationObtaining new machine code IBM License Agreement for Machine Code Index ARP Index GRF IBM Index MTU Snmp Index Index