On Wed, Nov 29, 2017 at 9:06 AM, William Herrin <b...@herrin.us> wrote:
> On Tue, Nov 28, 2017 at 3:48 PM, Yifeng Zhou <zhuifeng0...@gmail.com> > wrote: > > > Is there any way that we can track TCP session hop by hop? > > > > Say we have 10 ECMP between A and Z point, what's the easiest way to > track > > specific session is using which path? How we can check between > > servers(Linux/Unix) and between Routers(Cisco/Juniper etc)? > > > > A TCP connection is uniquely identified by the combination of four numbers: > The source IP address, the source port, the destination IP address and the > destination port. You used the word session, but sessions happen above TCP > in the stack and may use more than one TCP connection. Every packet in the > connection contains all four numbers and no packet from any other > connection contains the same four numbers. > > If you want to track the connections, you capture the packets at each point > in the path (router products have vendor-specific ways of doing this) and > see which unique sets of the four numbers went through which router and > router interface. > > > If you want to -test- which path a TCP connection -would- take, Ruairi's > afore-mentioned tcptraceroute is the way to go. The regular traceroute with > modern Linux servers also supports the "-T" flag which does the same thing. > It works just like regular traceroute but uses synthetic TCP SYN packets > instead of ICMP or UDP packets, allowing the packets to pass firewalls > which would otherwise block the trace. > > Bear in mind that in each case you will likely only see the path taken at > the IP level. Underlying transits at the Ethernet or MPLS level are > intentionally invisible to the endpoints. > > In the data center context, enabling sFlow continuously captures packets from all paths and can be used to trace multi-path packet flows, whether layer 2 (MLAG/LAG), or layer 3 (ECMP). sFlow reports physical switch ports and captures Ethernet packet headers, so you can relate paths to MPLS labels, Ethernet headers, IP headers, TCP/UDP headers, VxLAN tunnels, etc. The following article provides an example: http://blog.sflow.com/2017/09/troubleshooting-connectivity-problems.html