Packet Tracing : Versa Support

Versa FlexVNF supports packet tracing for debugging Life of a Packet or a Session. Since enabling debug-level logs on production system is not recommended, a few logs might help identify the root cause via packet tracing, whose logs are stored in /var/log/versa/versa-pkttrace.log

Packet Filter Options

root@gotham-cli> request debug session filter-create ?
Description: Enable packet/flow logging
Possible completions:
  description        - Session filter description
  destination-port   - Destination port or port range (e.g. 5000-6000, 5000)
  destination-prefix - Destination IP prefix
  filter-name        - Session filter name
  ip-version         - IP version/family (default IPv4)
  modules            - Module specific logging
  protocol           - Protocol value
  routing-instance   - Routing instance name
  source-port        - Source port or port range (e.g. 5000-6000, 6000)
  source-prefix      - Source IP prefix

Create Packet Trace Filter

To illustrate, let's assume you want to trace DNS packets originating from the 192.168.130.0/24 subnet. A packet trace filter can be created using the following request command:

root@gotham-cli> request debug session filter-create filter-name DNS source-prefix 192.168.130.0/24 destination-prefix 8.8.8.8/32 protocol 17 routing-instance riCustomer1

View Packet Trace Filter

To view an existing packet trace filter, use the following CLI:

root@gotham-cli> request debug session filter-display DNS 
result Success
routing-instance DNS
ip-version ipv4
source-prefix 192.168.130.0/24
destination-prefix 8.8.8.8/32

Delete Packet Trace Filter

A packet filter can be deleted using its name. For instance, the DNS packet trace filter created above can be deleted using the following CLI:

root@gotham-cli> request debug session filter-delete DNS

View Packet Trace Table (Datapath)

To ensure that the packet trace filter is installed correctly in the datapath, use the following CLI:

root@gotham-cli> show debug filter trace table 
 
Legends
  C/Catg - Category
  L/Prio - Level/priority
  P/Prot - Protocol

 +------------+---+-----+-----+-----------+--------------------+--------------------+-------------+-------------+
 |   Rule Hdl | C |  L  |  P  |    VRF    |     SOURCE-IP      |       DEST-IP      |    SPORT    |    DPORT    |
 +------------+---+-----+-----+-----------+--------------------+--------------------+-------------+-------------+
 | 0x00010000 | A |  22 |  17 |    8-8    |   192.168.130.0/24 |         8.8.8.8/32 |     0-65535 |     0-65535 |
 +------------+---+-----+-----+-----------+--------------------+--------------------+-------------+-------------+
 | Total IPv4 Filters: 1                                                                                        |
 +--------------------------------------------------------------------------------------------------------------+


root@gotham-cli> show debug filter trace stats 

 Rule Handle 0x00010000 :     1

Note:

Packet Tracing filters should be as constrained as possible.
Always delete the packet tracing filter after collecting the logs.

Packet Tracing

Modified on: Tue, 6 Jun, 2023 at 6:36 AM