Intermittent ping interruption on S series switch


If an S series switch fails to be pinged intermittently, check whether ICMP packets are discarded by CPCAR.
- If ICMP packets are discarded by CPCAR, ping packets cannot be sent to the CPU. In this case, modify the CPCAR value of ICMP packets.
Note: An improper CPCAR setting will affect services on your network. It is recommended that you contact Huawei technical support personnel before adjusting the CPCAR setting.
-If ICMP packets are not discarded by CPCAR, run the undo icmp rate-limit enable command to disable ICMP rate limit. Then check whether forwarding information for ping packets, such as the returned route, exist on the switch.

Other related questions:
The reason of S series switch Ping packet loss
For S-series chassis switches: The Ping packets of the local switch are processed by the switch as a fib-hit packet. For packets of type fib-hit, the switch sends to CPUs at the default CAR value to prevent this type of packets from impacting the CPU. In the case of the default CAR value, the number of ping packets per second is too large for the CAR value, so the switch will discard some packets. Increase the fib value of fib-hit, you can solve the packet loss problem.

Some services are interrupted after IPSG is configured on an S series switch. Why
If some services are interrupted after IPSG is configured on an S series switch (except the S1700), possible causes include the following: 1. DHCP snooping is not enabled on a DHCP terminal or the DHCP terminal does not obtain an IP address again after DHCP snooping is enabled. As a result, the dynamic binding table does not contain correct information about the terminal. IP packets sent by the terminal are discarded, and the terminal cannot communicate with the network. Solution: Enable DHCP snooping on the terminal and make the terminal obtain an IP address again to generate a dynamic binding entry in the binding table. 2. No static binding entry corresponding to a static user is generated. As a result, the user cannot go online. Solution: Create a static binding entry for each authorized user connected to the switch. Note: After the ip source check user-bind enable command is configured on an interface or in a VLAN. The interface or VLAN matches all received IP packets against a binding table and discards those not matching the binding table.

Long ping latency on S series switches
Network latency indicates the round-trip period of time during which a source device sends a packet to the destination device and then the destination device returns a packet to the source device. Possible causes of long network latency are as follows: 1. Multiple hops on the packet forwarding path. The transmission time of packets in the physical medium can be ignored because optical and electrical signals are transmitted at a high speed. However, the time that a switch spends processing packets cannot be ignored. When packets are transmitted through too many hops, the network latency is long. 2. Insufficient network bandwidth. When the network through which packets are transmitted does not have sufficient bandwidth, network congestion occurs and packets need to wait in queues, resulting in long network latency. 3. Insufficient memory space. When a switch receives a large number of packets, the switch does not have sufficient memory space to process these packets, resulting in slow packet processing speed and long network latency. You can run the ping command to test network latency. The test results are only for reference and cannot be used as an absolute value of network latency measurement. No reference value is available for determining whether the ping latency is normal because requirement for network latency varies depending on network status. Other measurement methods such as network quality analysis (NQA) are also required to accurately measure network latency. Pay attention to the following points when analyzing a ping latency: 1. When a switch forwards packets through the hardware at a high speed, network latency is short. For example, ping a PC connected to the switch. When packets need to be processed by the CPU, network latency is long. For example, ping a gateway. Through network latency is long when the switch pings the gateway, packets are normally forwarded because the packets are processed by the underlying chip rather than the CPU. You can run the icmp-reply fast command to enable the fast ICMP reply function on the switch to shorten network latency when the switch pings the gateway. After the function is enabled, the switch quickly responds to received Echo Request packets destined for its own IP address. The CPU of the LPU directly responds to the received ICMP packets, improving the processing speed of ICMP packets and shortening network latency. 2. The processing priority of ICMP packets has been minimized to prevent impacts of common ping attacks on the switch, so that ICMP packets are the last to be transmitted and processed. Therefore, the network latency is long.

Reason for ping packet loss on S series switch
For S series modular switches: Ping packets sent from other devices to a switch are processed by the switch as fib-hit packets. The switch sends fib-hit packets to the CPU at the default CAR value to protect the CPU from being attacked by these packets. If the rate of ping packets sent to the CPU exceeds the CAR value, the switch discards the excess packets. To resolve the problem, set a larger CAR value for fib-hit packets.

How to check ping packet loss on S series switches
For S series switches (except the S1700), you can run the ping command to check ping packet loss directly. For example: [HUAWEI] ping -c 100 PING 56 data bytes, press CTRL_C to break Reply from bytes=56 Sequence=1 ttl=124 time=1 ms ... --- ping statistics --- 100 packet(s) transmitted //Total number of sent packets 91 packet(s) received //Total number of received packets 9.00% packet loss //Packet loss ratio round-trip min/avg/max = 1/1/19 ms You can also perform the following steps to configure traffic statistics collection to check ping packet loss: Configure traffic statistics collection for packets received by a switch. 1. Configure an ACL rule. [HUAWEI] acl number 3000 [HUAWEI-acl-adv-3000] rule permit icmp source 0 destination 0 [HUAWEI-acl-adv-3000] quit 2. Configure a traffic classifier. [HUAWEI] traffic classifier 3000 [HUAWEI-classifier-3000] if-match acl 3000 [HUAWEI-classifier-3000] quit3. Configure a traffic behavior. [HUAWEI] traffic behavior 3000 [HUAWEI-behavior-3000] statistic enable [HUAWEI-behavior-3000] quit 4. Configure a traffic policy. [HUAWEI] traffic policy 3000 [HUAWEI-trafficpolicy-3000] classifier 3000 behavior 3000 [HUAWEI-trafficpolicy-3000] quit 5. Apply the traffic policy to an interface. [HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] traffic-policy 3000 inbound [HUAWEI-GigabitEthernet0/0/2] quit 6. Check traffic statistics of packets received by the switch. [HUAWEI] display traffic policy statistics interface gigabitethernet 0/0/2 inbound verbose rule-base //The output is omitted. For more information about ping packet loss, see "Ping Failure Troubleshooting" or "S Series Switches packet Loss Troubleshooting" in "Maintenance Topics" in the Huawei S Series Campus Switches Maintenance Guide.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top