Layer 2 traceroute

Traceroute is a well-known and helpful tool used to display the route of packets across the network.
Available on most operating system, traceroute works at the network layer (layer 3) of an IP Network and it returns the list of routers a connection must pass through to get to its destination.
Very often though, especially for troubleshooting reasons, it is needed to know also which switches a packet encounters along its path between two hosts.
Based on the fact that Ethernet has no TTL (Time To Live) counter that is altered hop-by-hop in the data plane, the traceroute command as it is does not work on the data link layer (layer 2).
traceroute ethernet is part of the Connectivity Fault Management (CFM) protocol and determines the path from a maintenance endpoint (MEP) to a given MAC address.
That given MAC address is normally another MEP's MAC address. The CFM traceroute works in a referral manner: The originating MEP sends a message to a destination MAC address.
The message will be stopped by any encountered MEP or maintenance intermediate point (MIP). Each receiving MEP or MIP sends then a reply to the original MEP and regenerates the
traceroute message sending it out to the next point on the path.

l2traceroute.png


The command traceroute ethernet is unfortunately not trivial to use and requires some configuration, like the definition of a maintenance domain and which MEPs and MIPs are part of this domain.
More detailed information on the configuration of IEEE Standard-Compliant Ethernet CFM in a Service Provider Network can be found on Cisco website.
Besides CFM, which is standardized and offered by other venders as well, Cisco also implemented on its own devices a layer 2 traceroute utility.
The Layer 2 traceroute utility identifies the Layer 2 path that a packet takes from a source device to a destination device by using the MAC address tables of the switches in the path.
The utility was first introduced with the release of the IOS 12.1 and it is based on the proprietary Cisco Discovery Protocol (CDP) which must be enabled on all the devices on the network.
Two CLI commands are available: traceroute mac and traceroute mac ip

traceroute mac source_mac_address destination_mac_address vlan_id
where the MAC addresses of source and destination are specified together with the VLAN id. It is important to know that the specified source and destination MAC addresses must
belong to the same VLAN. In case they belong to different VLANs, the Layer 2 path is not identified, and an error message appears.

swiWS1#traceroute mac c8bc.c88b.393b 0000.0c9f.f004 
Source c8bc.c88b.393b found on swiWSC3b
1 swiWSC3b (130.59.2.29) : Gi0/41 => Gi0/45
2 swiWS2 (130.59.15.202) : Gi2/3 => Te1/1
3 swiWS1 (130.59.15.182) : Te1/1 => Vl4
Destination 0000.0c9f.f004 found on swiWS1
Layer 2 trace completed

traceroute mac ip {source_ip_address | source_hostname} {destination_ip_address | destination_hostname}
where instead the IP addresses (or host names) belonging to the same subnet can be used and the corresponding MAC addresses will be fetched from the Address Resolution Protocol (ARP) table.

swiWS1#traceroute mac ip 130.59.4.118 130.59.4.1
Translating IP to mac ..... 
130.59.4.118 => c8bc.c88b.393b
130.59.4.1 => 0000.0c9f.f004

Source c8bc.c88b.393b found on swiWSC3b
1 swiWSC3b (130.59.2.29) : Gi0/41 => Gi0/45
2 swiWS2 (130.59.15.202) : Gi2/3 => Te1/1
3 swiWS1 (130.59.15.182) : Te1/1 => Vl4
Destination 0000.0c9f.f004 found on swiWS1
Layer 2 trace completed

References

-- AlessandraScicchitano - 30 Apr 2012
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2012-05-02 - AlessandraScicchitano
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2004-2009 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.