Hello,
you can quickly locate the source and destination IP addresses by capturing the packets sent to the CPU. The procedure is as follows:
1. Configure an ACL that matches the TTL-expired field.
Advanced ACL 3333, 1 rule
Acl's step is 5.
rule 5 permit ip ttl-expired
2. Capture packets sent to the CPU.
[Huawei]capture-packet cpu acl 3333 destination file ttl-expired.cap packet-num 1000 time-out 300
[Huawei]
-----------------Packet getting report-----------------
file: cfcard:/ttl-expired.cap:
packets getting: cpu
acl: 3333
vlan: - cvlan: -
car: -- timeout: 300s
packets: 1000 (expected) 1000 (actual)
length: 64 (expected)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
3. The ttl-expired.cap file is generated in the CFCARD:/ directory. Download the file to the PC and use Wireshark to open it.
4. Finding the route that caused the loop according to the destination IP of the packets can greatly reduce the scope.
I hope this helps.