Packet Capture
PCAPs are one of the most useful tools to debug traffic issues on the SSR, as well as wider networking issues. The nature of troubleshooting is that it is transitory; once the problem has been identified, the system state should be restored to its previous state (or possibly with necessary modifications as a result of the troubleshooting exercise). This guide walks through the approaches for applying dynamic capture filters to the SSR Networking Platform.
Packet capture information can be viewed and configured from both the PCLI and the user interface.
PCLI Packet Capture per Device Interface
Enabling packet capture through configuration, while useful for defining filters that will survive a reboot, can pose challenges while debugging. Pending configuration changes may exist, requiring reverting the configuration so as to apply a capture filter. Thankfully there exists a dynamic way to apply capture filters to a device interface that does not require making configuration changes.
When using dynamic capture filters, the following rules apply:
- Creating or removing a dynamic capture filter does not persist and will not survive a restart of the SSR software
- Interactions exist with configured capture filters
- If capture filters exist within the configuration and a configuration change happens that does not impact static capture filters, the configuration change will not affect dynamic capture filters
- If static capture filters exist within the configuration, and if a configuration change modifies the static capture filters, all dynamic capture filters will be removed
Three commands provide the capabilities to manage dynamic capture filters.
create capture-filter
Dynamic capture filters use Berkeley Packet Filter (BPF) syntax, the same as statically configured capture filters. If the syntax is not correct, the filter will be rejected. Please refer to online BPF documentation for syntax help. If a capture filter already exists, the create operation will be ignored.
The syntax for creating a capture filter can be seen below:
>> create capture-filter
usage: capture-filter [force] [router <router>] [node <node>]
device-interface <device-interface> <capture-filter>
Creates capture-filter from highway at the specified node
keyword arguments:
device-interface The device interface on which to create the capture
filter
force Skip confirmation prompt
node The node on which to create the capture filter
router The router on which to create the capture filter
positional arguments:
capture-filter The capture-filter to create (Uses BPF syntax)
delete capture-filter
This command can be used to remove dynamic capture filters as well as temporarily removing any static capture filtered added through configuration. The command will return an error if the capture filter is not present.
The syntax for removing a capture filter can be seen below:
>> delete capture-filter
usage: capture-filter [force] [router <router>] [node <node>]
device-interface <device-interface> <capture-filter>
Deletes capture-filter from highway at the specified node
keyword arguments:
device-interface The device interface on which to delete the capture
filter
force Skip confirmation prompt
node The node on which to remove the capture filter
router The router on which to remove the capture filter
positional arguments:
capture-filter The capture-filter to remove (Uses BPF syntax)
The keyword all
can be used as an argument to device-interface
to remove all capture filters on a particular node and router. Omitting capture-filter
from the command will remove all capture filters for a specified device interface.
show capture-filter
In order to display both static and dynamic capture filters, the show capture-filters PCLI command will reflect the current state capture filters.
The syntax for displaying static and dynamic capture filters can be seen below:
>> show capture-filters
usage: capture-filters [device-interface <device-interface>]
[force] [router <router>] [node <node>]
Show active capture-filters
keyword arguments:
device-interface Device interface on which to show capture-filters
force Skip confirmation prompt
node The node on which to show capture-filters
router The router on which to show capture-filters
Selective Packet Capture
While a powerful tool, it can be difficult to isolate a particular set of packets pertaining to a service using device-interface packet captures; especially if the session that is being tracked is an SVR session, where the IPs and L4 ports will be NATed. To simplify the troubleshooting effort, selective packet captures provides filtering controls beyond what is capable with BPF, and affords the administrator the ability to match traffic by service. A powerful capability of this feature is to apply a trace not only on the ingress node where the capture is defined, but also triggering traces on every subsequent SSR node the session traverses.
Selective capture can operate in one of two modes:
- local-only mode will trigger a capture only on the node to which the command is issued
- default mode will propagate the capture to all subsequent SSR nodes the session traverses
Much like per device interface packet captures, selective packet captures will not survive a restart of the SSR.