IGMP CPU-Defend - Issue

Created: Nov 10, 2019 00:46:33Latest reply: Nov 13, 2019 00:58:47 152 13 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hello Guys,


I've been working on Switch S5720 as a PE switch, providing multicast service to our clients, that network is set up with PIM protocol.

So, a few days I've noticed that the cpu is quit high and some breakdown in this service, and the streaming sometimes stop being transmitted for few seconds.

In this case I tried to set up car cir to igmp protocol and change the default option to 256 until 1024, also the auto-port-defend option, but without successful, nonetheless, I still can see the message below pulled up on logbuffer;


%%01DEFD/4/CPCAR_DROP_LPU(l)[5]:Rate of packets to cpu exceeded the CPCAR limit on the LPU in slot 0. (Protocol=igmp, CIR/CBS=512/96256, ExceededPacketCount=439)

%01DEFD/4/CPCAR_DROP_MPU(l)[6]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=igmp, CIR/CBS=256/48128, ExceededPacketCount=29113)

%%01SECE/3/QUEUE_DROP(l)[7]:Rate of packets to cpu exceeded the QUEUE limit. (SlotId=0, Queue0DropNumber=0, Queue1DropNumber=251, Queue2DropNumber=0, Queue3DropNumber=11969, Queue4DropNumber=0, Queue5DropNumber=0, Queue6DropNumber=0, Queue7DropNumber=0)


And then,  I still can see the issue on the screen, such as black screen caused by traffic stopped for couple seconds.


Does anyone have any ideia to solve that question on IGMP traffic?

  • x
  • convention:

Featured Answers
chenhui
Admin Created Nov 12, 2019 01:26:07 Helpful(0) Helpful(0)

@welisson_br well, if you confirm that the high cpu usage is caused by the massive igmp join/leave packets, this is a normal scene, you are kindly advised to check if there are too many multicast users connected to the switch? Also, you can optimize the network.
  • x
  • convention:

welisson_br
welisson_br Created Nov 12, 2019 14:29:08
Hi Chenhui, Yep I have almost 2k multicast users connected on this switch. I really haven't found any place informed about the real limit this switch about multicast stream. have you? Cheers  
All Answers
DDSN
DDSN Admin Created Nov 10, 2019 02:19:01 Helpful(0) Helpful(0)

1.Run the auto-defend enable command to configure attack source tracing. If a possible attack source is detected, check on the network to determine whether it is a real attack source.
2.If a real attack source exists, run the blacklist command to add the attack source to the blacklist or run the auto-defend action command to configure a punish action for the attack source. If no attack source exists, run the car command to increase the CPCAR value properly.
NOTE:Improper CPCAR settings will affect services on your network. If you need to adjust CPCAR settings, you are advised to contact technical support personnel for help.
  • x
  • convention:

welisson_br
welisson_br Created Nov 10, 2019 15:13:52
Hi DDSN, I  
welisson_br
welisson_br Created Nov 10, 2019 15:16:45
Hi DDSN, I've already done it as you can see below; cpu-defend policy igmpdefend car packet-type igmp cir 512 auto-port-defend protocol igmp threshold 256 >dis cu | include cpu-defen cpu-defend policy igmpdefend cpu-defend-policy igmpdefend global Although doing that the issues still persist. Cheers,  
chenhui
chenhui Admin Created Nov 11, 2019 02:04:01 Helpful(0) Helpful(0)

@welisson_br hello,
from your description, it seems the massive IGMP join/leave messages coursed the high CPU usage.
you are kindly advised to check if there is any network loops in the network.
  • x
  • convention:

welisson_br
welisson_br Created Nov 11, 2019 21:07:20
Hi Chenhui. Actually not, in this case that massive igmp/leave is caused by clients wich are getting in/out on the multicast group.  
welisson_br
welisson_br Reply welisson_br  Created Nov 11, 2019 21:07:53
*igmp join/leave  
welisson_br
welisson_br Reply welisson_br  Created Nov 11, 2019 21:45:44
Also, there is igmp report massive.  
chenhui
chenhui Admin Created Nov 12, 2019 01:26:07 Helpful(0) Helpful(0)

@welisson_br well, if you confirm that the high cpu usage is caused by the massive igmp join/leave packets, this is a normal scene, you are kindly advised to check if there are too many multicast users connected to the switch? Also, you can optimize the network.
  • x
  • convention:

welisson_br
welisson_br Created Nov 12, 2019 14:29:08
Hi Chenhui, Yep I have almost 2k multicast users connected on this switch. I really haven't found any place informed about the real limit this switch about multicast stream. have you? Cheers  
WheatGrass
WheatGrass Created Nov 12, 2019 09:15:40 Helpful(0) Helpful(0)

 DEFD/4/CPCAR_DROP_LPU


Message

DEFD/4/CPCAR_DROP_LPU:Rate of packets to cpu exceeded the CPCAR limit on the LPU in slot [STRING]. (Protocol=[STRING], CIR/CBS=[ULONG]/[ULONG], ExceededPacketCount=[STRING])

Description

The rate of packets delivered to the CPU exceeds the CPCAR limit on the specified device.

Parameters

Parameter NameParameter Meaning
slot
  • Specifies the slot ID if stacking is not configured.

  • Specifies the stack ID if stacking is configured.

ProtocolIndicates the protocol type.
CIR/CBSIndicates the committed information rate and committed burst size.
ExceededPacketCountSpecifies the number of packets whose rate exceeds the CPCAR.

Possible Causes

The rate of packets sent to the CPU of the specified device exceeds the CPCAR.

Procedure

  1. Run the auto-defend enable command to configure attack source tracing. If a possible attack source is detected, check on the network to determine whether it is a real attack source.

  2. If a real attack source exists, run the blacklist command to add the attack source to the blacklist or run the auto-defend action command to configure a punish action for the attack source. If no attack source exists, run the car (attack defense policy view) command to increase the CPCAR value properly.

     

    notice_3.0-en-us.png

    Improper CPCAR settings will affect services on your network. If you need to adjust CPCAR settings, you are advised to contact technical support personnel for help.




____________________________________________________________________________________________________________________________________


DEFD/4/CPCAR_DROP_MPU

Message

DEFD/4/CPCAR_DROP_MPU:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=[STRING], CIR/CBS=[ULONG]/[ULONG], ExceededPacketCount=[STRING])

Description

The rate of packets delivered to the CPU exceeds the CPCAR limit.

Parameters

Parameter NameParameter Meaning
ProtocolIndicates the protocol type.
CIR/CBSIndicates the committed information rate and committed burst size.
ExceededPacketCountIndicates the number of packets whose rate exceeds the CPCAR.

Possible Causes

The rate of packets delivered to the CPU exceeded the CPCAR limit. As a result, some packets are discarded.

Procedure

  1. Control the rate of packets delivered to the CPU within the CPCAR limit, or run the car packet-type packet-type cir cir-value [ cbs cbs-value ] command to configure a proper CPCAR limit.

     

    notice_3.0-en-us.png

    Improper CPCAR settings will affect services on your network. If you need to adjust CPCAR settings, you are advised to contact technical support personnel for help.

____________________________________________________________________________________________________________________________________


SECE/3/QUEUE_DROP

Message

SECE/3/QUEUE_DROP: Rate of packets to cpu exceeded the QUEUE limit. (SlotId=[STRING], Queue0DropNumber=[STRING], Queue1DropNumber=[STRING], Queue2DropNumber=[STRING], Queue3DropNumber=[STRING], Queue4DropNumber=[STRING], Queue5DropNumber=[STRING], Queue6DropNumber=[STRING], Queue7DropNumber=[STRING])

Description

Some packets in queues sent to the CPU were dropped.

Parameters

Parameter NameParameter Meaning

SlotId

  • On a standalone switch, it specifies a slot ID.

  • On a stacked switch, it specifies a stack ID.

Queue0DropNumber/Queue1DropNumber/Queue2DropNumber/Queue3DropNumber/Queue4DropNumber/Queue5DropNumber/Queue6DropNumber/Queue7DropNumber

Indicates the number of packets dropped in every 10 minutes in queues 0 to 7.

Possible Causes

A large CPCAR value was set for packets to be sent to the CPU. As a result, a large number of packets were sent to the CPU.

Procedure

  1. Run the display cpu-defend configuration slot slot-id command to check whether the CPCAR value configured for each type of protocol packets is correct. The default CPCAR value is recommended.

  2. Collect log information and configuration information, and then contact technical support personnel.You can collect diagnostic information using the display diagnostic-information command.


  • x
  • convention:

welisson_br
welisson_br Created Nov 12, 2019 14:55:03
I did that configuration on CPCAR, and auto-defend, including set up whitelist with my range ip address allowed to make igmp query/join/report and so on, but not successful. So, increasing igmp values on cpcar more than 256 the switchs starts working not so good, where the access become quite slowly and the latency ahead it. is quite high as well, for sure the cpu get over 50% having peaks 80% when increased the cpcar over 256. I'm wondering is this switch can deal with a large multicast flow?  
welisson_br
welisson_br Created Nov 12, 2019 21:08:25 Helpful(0) Helpful(0)

One question I've been wondering about that situation, Is there some limitation on that switch model when we talk about traffic igmp/multicast (heavy traffic)?
Does anyone from Huawei who can answer me, pls?
  • x
  • convention:

chenhui
chenhui Admin Created Nov 13, 2019 00:58:47 Helpful(0) Helpful(0)

Posted by welisson_br at 2019-11-12 21:08 One question I've been wondering about that situation, Is there some limitation on that switch model ...
Yes, igmp limit function could restrict the number of multicast groups allowed in the system and on an interface.
please refer this https://support.huawei.com/hedex/hdx.do?docid=EDOC1100037168&id=dc_cfg_igmp_1019&lang=en

BTW, this is a temporary solution, I think, it's better to split part of the users to other devices.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login