Saturday, January 24, 2009

Conditional Debug

I came across this useful nugget the other day, wishing I knew about it years ago.

One of the first considerations when turning on a debug is that you can potentially bring a router to its knees. In theory, you should only log to the buffer, assign an access list to the debug, and adjust the scheduler to ensure that a certain amount of time is dedicated to essential process, blah, blah, blah.

Even when following these precautions, it can be gut-wrenching to even consider running a debug that you know is going to generate A LOT of output.

Take for example, debug ppp packet. What if you have a router that has tens, or even hundreds, of interfaces running ppp? Yet you need something beyond debug ppp authentication and debug ppp negotiation. There is not an option to specify an ip address on debug ppp packet, like there is for debug ip packet. No wonder, since ppp is layer 2.

There is still a safe way to do this (disclaimer: test this in the lab first, don't blame me if you muck up your production network!)

debug condition interface [interface] allows you to only perform the debug on a specified interface.

For example, say you have a native 6500 with 336 interfaces, and you want to debug ip packet on interface f2/41. You don't really want to use an access list because you're more interested in all traffic on the interface, rather than a specific set of IPs.

You can do the following:

debug condition interface f2/41
debug ip packet

And the result is you'll only see ip packets associated with f2/41, instead of all 336 interfaces.

Further details can be found here.

2 comments:

Michael said...

wow nice!

Shivlu Jain said...

its a good finding. But i recommend to bind acl with the debug.

regards
shivlu jain