Wireless Access

On two occasions now I've seen output from the the "show datapath session" command that make me question the results of the output. For example if I run a ping between two devices there are lines of output for traffic in the return direction. I know for a fact that the ping responses did not make it back. I also notice that in the packets column there are zeros and in the bytes column there are also zeros. Can anyone explain precisely what the datapath session command is reporting and the presence of the zeros even though frames are being sent/received.

In the past I have pointed customers to the fact that the controller/RAP is receiving packets back and it now looks as though this might not be the concrete evidence i had assumed.

Why don't you post specific output and then we can speak to that.  Speaking to every thing that show datapath session represents is time consuming and might not even answer your question.

 

EDIT:  On second thought, if a session has a Y on the line, that means "no syn" or there is no bidirectional conversation.  Traffic is only being sent in one direction.  I hope that helps, because your question is very general.

 

Knowing everything would be nice, but I'll settle for the mere three I'm looking for info about. They are things which are general and not specific to a particular situation. I dont have access to the output - but I will try and re-create it in the lab. The traffic seen in one instance was ping traffic - four packets in one direction and four in the other - eight lines in a show datapath session output when only four packets outbound existed - no return traffic. In another situation a DNS request and response - two lines in a show datapath session output - however DNS packets were being blocked by a firewall so, again I know for a fact that a return packet did not exist yet a line was displayed in the datapath output.

There were "No SYN" flags seen for the ping traffic but I'm not sure about the DNS as it happened a while back.

There is always one in one direction and one in another, with a Y flag showing that there is no SYN or other flags indicating the nature of a successful connection.

 

My question is why is there always "one in another" when no traffic exists, this is meaningless from a debugging point of view. I have attached a screenshot of one-way traffic. The packets which exist (i.e a successful ping response) do not have the Y flag set in the output.

The flag is what indicates the status of a bidirectional connection. There are other flags that say more. It is far from useless.

How do I determine if the connection is bidirectional what does the Y flag mean - please explain in a lot more detail. I was under the impresssion that the purpose of the Airheads community was to share information and help each other out? The output indicates that there is traffic in the reverse direction - if this is not the case then, yes,  it is meaningless.

Anyone able to help with this?

MattF,

 

The bidirectional "session" is always built in anticipation of return traffic.  If that traffic is not returned, there is a "Y" flag that indicates that there is "No Syn".  A successful return of traffic does NOT have a Y as a flag:

 

Successful: Nslookup

 

$ nslookup
> server 4.2.2.2
Default server: 4.2.2.2
Address: 4.2.2.2#53
> www.yahoo.com
Server:		4.2.2.2
Address:	4.2.2.2#53

Non-authoritative answer:
www.yahoo.com	canonical name = fd-fp3.wg1.b.yahoo.com.
fd-fp3.wg1.b.yahoo.com	canonical name = ds-fp3.wg1.b.yahoo.com.
ds-fp3.wg1.b.yahoo.com	canonical name = ds-any-fp3-lfb.wa1.b.yahoo.com.
ds-any-fp3-lfb.wa1.b.yahoo.com	canonical name = ds-any-fp3-real.wa1.b.yahoo.com.
Name:	ds-any-fp3-real.wa1.b.yahoo.com
Address: 98.139.180.149
Name:	ds-any-fp3-real.wa1.b.yahoo.com
Address: 98.139.183.24
Name:	ds-any-fp3-real.wa1.b.yahoo.com
Address: 206.190.36.45
Name:	ds-any-fp3-real.wa1.b.yahoo.com
Address: 206.190.36.105

 Successful NSlookup

(192.168.1.3) #show datapath session table 4.2.2.2

Fri Feb 14 03:14:54 2014




Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
4.2.2.2         192.168.1.76    17   53    63131  0/0     0 0   0   tunnel 16   6    0         0          FI 
192.168.1.76    4.2.2.2         17   63131 53     0/0     0 0   1   tunnel 16   6    0         0          FCI 

(192.168.1.3) #show datapath session table 4.2.2.8

 

Unsuccessful Nslookup:

 

> server 4.2.2.8
Default server: 4.2.2.8
Address: 4.2.2.8#53
> www.yahoo.com
;; connection timed out; no servers could be reached
> www.zdnet.com
;; connection timed out; no servers could be reached

 Unsuccessful Nslookup

(192.168.1.3) #show datapath session table 4.2.2.8

Fri Feb 14 03:19:00 2014




Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
4.2.2.8         192.168.1.76    17   53    58514  0/0     0 0   0   tunnel 16   9    0         0          FYI    <---------No Return Traffic (Y Flag)
192.168.1.76    4.2.2.8         17   58514 53     0/0     0 0   0   tunnel 16   9    1         59         FCI 

 

Successful Ping: (No Y Flag)

(192.168.1.3) #show datapath session table 4.2.2.2

Fri Feb 14 03:45:22 2014




Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
192.168.1.76    4.2.2.2         1    3     2048   0/0     6 0   0   tunnel 16   8    1         84         FCI 
192.168.1.76    4.2.2.2         1    2     2048   0/0     6 0   0   tunnel 16   9    1         84         FCI 
192.168.1.76    4.2.2.2         1    1     2048   0/0     6 0   0   tunnel 16   a    0         0          FCI 
192.168.1.76    4.2.2.2         1    0     2048   0/0     6 0   0   tunnel 16   b    0         0          FCI 
192.168.1.76    4.2.2.2         1    6     2048   0/0     6 0   0   tunnel 16   4    1         84         FCI 
192.168.1.76    4.2.2.2         1    4     2048   0/0     6 0   0   tunnel 16   7    1         84         FCI 
192.168.1.76    4.2.2.2         1    5     2048   0/0     6 0   0   tunnel 16   5    1         84         FCI 
4.2.2.2         192.168.1.76    1    2     0      0/0     0 0   0   tunnel 16   9    1         84         FI 
4.2.2.2         192.168.1.76    1    3     0      0/0     0 0   0   tunnel 16   8    1         84         FI 
4.2.2.2         192.168.1.76    1    0     0      0/0     0 0   0   tunnel 16   b    0         0          FI 


4.2.2.2         192.168.1.76    1    1     0      0/0     0 0   0   tunnel 16   b    0         0          FI 
4.2.2.2         192.168.1.76    1    6     0      0/0     0 0   0   tunnel 16   5    1         84         FI 
4.2.2.2         192.168.1.76    1    5     0      0/0     0 0   0   tunnel 16   6    1         84         FI 
4.2.2.2         192.168.1.76    1    4     0      0/0     0 0   0   tunnel 16   8    1         84         FI 

(192.168.1.3) #   

 Unsuccessful Ping:

 

(192.168.1.3) #show datapath session table 4.4.4.8

Fri Feb 14 03:46:35 2014




Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
4.4.4.8         192.168.1.3     1    43    0      0/0     0 0   1   local       11   0         0          FYI   <-------------No Syn
4.4.4.8         192.168.1.3     1    45    0      0/0     0 0   1   local       10   0         0          FYI   <-------------No Syn
4.4.4.8         192.168.1.3     1    44    0      0/0     0 0   1   local       11   0         0          FYI   <-------------No Syn
192.168.1.3     4.4.4.8         1    43    2048   0/0     0 0   1   local       11   0         0          FCI 
192.168.1.3     4.4.4.8         1    44    2048   0/0     0 0   1   local       11   0         0          FCI 
192.168.1.3     4.4.4.8         1    45    2048   0/0     0 0   1   local       10   0         0          FCI 

(192.168.1.3) #

 

 

 

Thanks cjoseph - I assumed that it was a report of returned traffic, but now I understand the significance of the Y flag, thanks for clearing that up.