Show interface in depth
In my opinion, a good network engineer must know the “show interface” in depth; indeed, this command is useful to obtain various interface information like drop, duplex mismatch, error, tx/rx load, …
Usually, the IOS switch/router have similar “show interface” output; the differences are dictated by devices, interface and IOS.
Below a show interface of a TenGigabitEthernet interface. The show is issued on a Cisco WS-C6509-E in VSS Mode with IOS version 15.
Ciscozine-IOS#sh int te1/5/4 TenGigabitEthernet1/5/4 is up, line protocol is up (connected) Hardware is C6k 10000Mb 802.3, address is 0000.0000.fd90 (bia 0008.ef4a.fd90) MTU 1500 bytes, BW 10000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 10Gb/s, media type is 10Gbase-SR input flow-control is on, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 7000 bits/sec, 8 packets/sec 5 minute output rate 10000 bits/sec, 11 packets/sec L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes 4495527 packets input, 488522378 bytes, 0 no buffer Received 4460539 broadcasts (1153347 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 6925984 packets output, 825456963 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Ciscozine-IOS#
TenGigabitEthernet1/5/4 is up, line protocol is up (connected)
Identify if the interface is phisically up and if the protocol is up.
Hardware is C6k 10000Mb 802.3, address is 0000.0000.fd90 (bia 0008.ef4a.fd90)
Identify the hardware interface and the interface mac-address; the BIA aka Burned-In (MAC) Address cannot be changed, while the “address“ can be changed with the command “mac-address 0000.0000.fd90” under the interface configuration mode.
Remember: When the interface mac address is changed, the arp or mac address table associated to the interface will be “linked” with the custom mac address!
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 100 usec
MTU: define the Maximum Transmission Unit. More info http://en.wikipedia.org/wiki/Maximum_Transmission_Unit
BW: The bandwidth command is only there to communicate the speed of the interface to higher level protocols. Most of the time, a routing protocol needs to know the speed of the interface so it can choose the best route. In the case of routing protocols, IGRP, EIGRP, and OSPF all use the bandwidth statement.
DLY: Propagation delay is the delay it takes for information to transmit from one point and be received by another down a line or through the air. Delay is another number used by a routing protocol to decide on the “best” route for traffic. It was intended to be the “delay” for packets over that path, so a routing protocol could choose the lowest delay path to send packets.
reliability 255/255, txload 1/255, rxload 1/255
reliability of the interface as a fraction of 255 (255/255 is 100 percent reliability), calculated as an exponential average over 5 minutes.
txload/rxload=Load on the interface as a fraction of 255 (255/255 is completely saturated), calculated as an exponential average over 5 minutes.
Encapsulation ARPA, loopback not set
Define the interface encapsulation; nowadays, you will see only the ARPA. In the past, there were also SAP and SNAP encapsulation.
Loopbacks are an important part of troubleshooting; they are used to isolate the fault on and end-to-end circuit (especially when the circuit is down). More info http://www.cisco.com/…/tech_note09186a00800c93c4.shtml
Keepalive set (10 sec)
Keepalives are used on the routers interfaces as hello mechanism to check the end to end connectivity to the other end.Routers interface used this mechanism to check the interface status.If you have no keepalive command its means that inerface status check mechansim in disabled and router will not transmit any keepalive packet on the link.
Full-duplex, 10Gb/s, media type is 10Gbase-SR
Define the physical speed of the interface and if it works in half or duplex mode. The last part of the line defines the type of the media.
input flow-control is on, output flow-control is off
Flow-control is a mechanics allowing the receiving party of a connection to control the rate of the sending party. You may see many different implementations of flow-control technologies at different levels of OSI model (e.g. XON/XOFF for RS232, TCP sliding window, B2B credits for Fibre Channel, FECN/BECN for Frame-Relay, ICMP source-quench message, etc). More info http://blog.ine.com/2008/07/08/802-3x-flow-control
Clock mode is auto
This command is supported on the 1Gb/10Gb transceivers only.
If the clock mode of the near end of a link does not match the clock mode of the far end, the line protocol does not come up. The active and passive clock status is determined during the auto negotiation process before the transmission link is established.
ARP type: ARPA, ARP Timeout 04:00:00
ARP type defines the encapsulation type of the interface; tipically, for ethernet interface is ARPA. The default ARP timeout is 4hours but can be customized using the command “arp timeout [timeout]”
Last input never, output never, output hang never
Last input, output are the number of hours, minutes, and seconds since the last packet was successfully received or transmitted by the interface.
Note: This counter is updated only when packets are process switched, not when packets are fast switched.
Last clearing of “show interface” counters never
It is the last time the clear counters command was issued since the last time the switch was rebooted. The clear counters command is used to reset interface statistics.
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Input queue is the number of packets in the input queue.
Size/max/drops = the current number of frames in the queue / the max number of frames the queue can hold before it must start dropping frames / the actual number of frames dropped because the max queue size was exceeded. Flushes is used to count Selective Packet Discard. SPD is a mechanism that quickly drops low priority packets when the CPU is overloaded in order to save some processing capacity for high priority packets. The flushes counter in the show interface command output increments as part of selective packet discard (SPD), which implements a selective packet drop policy on the IP process queue of the router. Therefore, it applies to only process switched traffic.
The purpose of SPD is to ensure that important control packets, such as routing updates and keepalives, are not dropped when the IP input queue is full. When the size of the IP input queue is between the minimum and maximum thresholds, normal IP packets are dropped based on a certain drop probability. These random drops are called SPD flushes.
Total output drops is the number of packets dropped because the output queue is full. A common cause of this might be traffic from a high bandwidth link being switched to a lower bandwidth link or traffic from multiple inbound links being switched to a single outbound link. For example, if a large amount of bursty traffic comes in on a gigabit interface and is switched out to a 100Mbps interface, this might cause output drops to increment on the 100Mbps interface. This is because the output queue on that interface is overwhelmed by the excess traffic due to the speed mismatch between the inbound and outbound bandwidths.
Queueing strategy: fifo
First-in, first-out (FIFO) queuing is the default queuing strategy that applies to all interfaces with more than 2 Mbps, or, in other words, E1 size or greater interfaces. With the FIFO Queuing strategy, packets are forwarded through the interface in the order that they are received. Other methods can be: WFQ, CBWFQ, …
Output queue: 0/40 (size/max)
The number of packets in the output queue. Size/max means the current number of frames in the queue/the max number of frames the queue can hold before it is full and must start dropping frames.
5 minute input rate 7000 bits/sec, 8 packets/sec
5 minute output rate 10000 bits/sec, 11 packets/sec
The average input and output rate seen by the interface in the last five minutes. In order to get a more accurate reading by specifying a shorter period of time (to better detect traffic bursts for example), issue the “load-interval <seconds>” interface command.
4495527 packets input, 488522378 bytes, 0 no buffer
Packets input: Total number of error-free packets received by the system.
Bytes: Total number of bytes, including data and MAC encapsulation, in the error-free packets received by the system.
No buffers: Number of received packets discarded because there was no buffer space in the main system. Compare with ignored count. Broadcast storms on Ethernet networks and bursts of noise on serial lines are often responsible for no input buffer events.
Received 4460539 broadcasts (1153347 multicasts)
Total number of broadcast or multicast packets received by the interface.
0 runts, 0 giants, 0 throttles
Runts: Number of packets that are discarded because they are smaller than the minimum packet size of the medium. For instance, any Ethernet packet that is less than 64 bytes is considered a runt.
Giants: Number of packets that are discarded because they exceed the maximum packet size of the medium. For example, any Ethernet packet that is greater than 1518 bytes is considered a giant.
Throttles: the number of times the receiver on the port is disabled, possibly because of buffer or processor overload. If an asterisk (*) appears after the throttles counter value, it means that the interface is throttled at the time the command is run.
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
Input error: Includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts. Other input-related errors can also cause the input errors count to be increased, and some datagrams may have more than one error; therefore, this sum may not balance with the sum of enumerated input error counts.
CRC: Cyclic redundancy checksum generated by the originating LAN station or far-end device does not match the checksum calculated from the data received. On a LAN, this usually indicates noise or transmission problems on the LAN interface or the LAN bus itself. A high number of CRCs is usually the result of collisions or a station transmitting bad data.
Frame: Number of packets received incorrectly having a CRC error and a noninteger number of octets. On a LAN, this is usually the result of collisions or a malfunctioning Ethernet device.
Overrun: Number of times the receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver’s ability to handle the data.
Ignored: Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different than the system buffers mentioned previously in the buffer description. Broadcast storms and bursts of noise can cause the ignored count to be increased.
0 watchdog, 0 multicast, 0 pause input
Watchdog: Number of times watchdog receive timer expired. It happens when receiving a packet with length greater than 2048.
Pause input: Counter incrementing means that the port is receving pause frame. Pause frame is a packet that tells the far-end device to stop transmitting packets until the sender is able to handle all the traffic and clear it’s buffers. It could be caused by a oversubscription of bandwidth, or a burst traffic pattern.
0 input packets with dribble condition detected
Dribble bit error indicates that a frame is slightly too long. This frame error counter is incremented just for informational purposes; the router accepts the frame.
6925984 packets output, 825456963 bytes, 0 underruns
Packets output: Total number of messages transmitted by the system.
Bytes: Total number of bytes, including data and MAC encapsulation, transmitted by the system.
Underruns: Number of times that the transmitter has been running faster than the router can handle. This may never be reported on some interfaces.
0 output errors, 0 collisions, 1 interface resets
Output errors: Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. Note that this may not balance with the sum of the enumerated output errors, as some datagrams may have more than one error, and others may have errors that do not fall into any of the specifically tabulated categories.
Collisions: Number of messages transmitted because of an Ethernet collision. A packet that collides is counted only once in output packets.
Interface resets: Number of times an interface has been completely reset. This can happen if packets queued for transmission were not sent within several seconds. On a serial line, this can be caused by a malfunctioning modem that is not supplying the transmit clock signal, or by a cable problem. If the system notices that the carrier detect line of a serial interface is up, but the line protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when an interface is looped back or shut down.
0 babbles, 0 late collision, 0 deferred
Babbles: Babble errors occur due to the transmission of frames in excess of 1518 bytes in size.
Late collision: Number of late collisions. Late collision happens when a collision occurs after transmitting the preamble. The most common cause of late collisions is that your Ethernet cable segments are too long for the speed at which you are transmitting.
Deferred: Deferred indicates that the chip had to defer while ready to transmit a frame because the carrier was asserted.
0 lost carrier, 0 no carrier, 0 PAUSE output
Lost carrier: Number of times the carrier was lost during transmission.
No carrier: Number of times the carrier was not present during the transmission.
PAUSE output: Pause outputs occur when the receiving port is getting overloaded and the so the device sends a pause request to the device connected to the port.
0 output buffer failures, 0 output buffers swapped out
Output buffer failures: Number of failed buffers and number of buffers swapped out.
Output buffers swapped out: If the outbound interface transmit queue is full, then the packet is copied from a hardware buffer to DRAM, then copied back to the transmit queue when there is room.
L2 Switched: ucast: 0 pkt, 0 bytes – mcast: 0 pkt, 0 bytes
L3 in Switched: ucast: 0 pkt, 0 bytes – mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
The output indicates how many packets have been L2 switched on the interface as well as how many packets have been L3 switched in and out of the interface.
Remember: There is a difference between the counter of show interface command output for a physical interface and a VLAN interface. The input packet counters increment in the output of show interface for a VLAN interface when that packet is Layer 3 (L3) processed by the CPU. Traffic that is Layer 2 (L2) switched never makes it to the CPU and is not counted in the show interface counters for the VLAN interface. It would be counted on the show interface output for the appropriate physical interface.
In NX-OS (Nexus device) the “show interface” output is slightly different than the IOS output, but it is it is easy to understand. Below an example:
Ciscozine-NX-OS# sh interface ethernet 1/1 Ethernet1/1 is up Dedicated Interface Hardware: 1000/10000 Ethernet, address: 000d.ecdd.2fc8 (bia 000d.ecdd.2fc8) Description: TERADATA - F4238 MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is access full-duplex, 10 Gb/s, media type is 10G Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 Last link flapped 5week(s) 6day(s) Last clearing of "show interface" counters never 30 seconds input rate 51128 bits/sec, 2 packets/sec 30 seconds output rate 109088 bits/sec, 15 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 78.13 Kbps, 9 pps; output rate 113.67 Kbps, 11 pps RX 22236230840 unicast packets 4414705 multicast packets 997021 broadcast packets 22241642569 input packets 27905275144675 bytes 881597017 jumbo packets 0 storm suppression packets 0 runts 0 giants 3 CRC 0 no buffer 3 input error 0 short frame 0 overrun 0 underrun 0 ignored 0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop 0 input with dribble 0 input discard 0 Rx pause TX 12574452594 unicast packets 112812737 multicast packets 66330588 broadcast packets 12753595920 output packets 5123002661192 bytes 1001411772 jumbo packets 1 output errors 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 output discard 0 Tx pause 9 interface resets Ciscozine-NX-OS#
- Browse With Encryption http://t.co/bzTKWWp4GD #security
- VU#361684: Router devices do not implement sufficient UPnP authentication and security: Home ro... http://t.co/ll4ujJxSzR #Vulnerability
- VU#201168: Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities: Belki... http://t.co/D50u7OCeFb #Vulnerability
Enter your email address to receive notifications of new posts.