Got it

Layer 2 Loop Prevention and Redundancy Solution for the Telecom Software Data Network part 2

322 0 0 0

Hello, everyone.

I will continue to introduce Layer 2 loop prevention and redundancy solution for the telecom software data network.

Solution 3: AND Tool


The AND tool can be used to implement redundancy on switching networks. In this solution, STP can be disabled on the core switches SW1 and SW2 and switch cards of ATAE frames. The two switch cards of an ATAE frame are disconnected so that there is no loop on the square-shaped network formed by core switches and ATAE frames. In this case, you can disable STP. In addition, to ensure the redundancy and hot backup of the active and standby network adapters on the ATAE service card, you need to use the AND tool on the service card. The AND tool periodically sends probe packages from the active network adapter to check the connectivity with the gateway (core switch). Once the gateway is unreachable, the switchover between the active and standby network adapters is triggered. The following figure describes the detailed process.


This solution requires few data to be configured and maintained on core switches and ATAE switch cards. Loops on physical networks are eliminated and STP is disabled. Therefore, spanning tree problems and loops caused by the STP protocol are avoided. The AND tool ensures network redundancy. In this solution, when the network topology changes, if a large number of cards exist on the network, the switchover between the active and standby network adapters may take 10 seconds. The actual time is subject to onsite tests and you need to take this point into consideration.

In previous projects, the AND tool has been deployed on the network with 15 ATAE frames and 160 to 200 cards. Therefore, the AND tool can easily handle the network with more than 10 ATAE frames. However, note the following cases:

80183001The AND tool Cannot Work Properly When There Are a Large Number of Cards

Symptom: After the AND tool is successfully deployed, the bond network adapters switch frequently.

Analysis: The fault is caused by a large number of cards on the network. As a result, the AND tool sends a large number of ICMP packets to detect the connectivity of the core switch S9300. However, the ICMP response of the S9300 times out. In this case, the AND tool considers that the network is faulty and the network adapter switchover is triggered. If there are a large number of ATAE frames on the network, the number of ICMP packets received by the S5300 or S9300 will exceed the default upper threshold.

Solution: Enable the fast ICMP reply function on the switch.

After the fast ICMP reply function is enabled on the switch, the switch can fast respond to the ICMP echo request packet whose destination address is the address of itself. In addition, reduce the packet sending frequency of the AND tool.

802001 Packets Are Lost When Many AND Tools Send Packets to Core Switches

Analysis: CPU resources on core switches are consumed because the core switches need to process ICMP packets sent by AND tools. When the AND tool deployed on 100 service cards of ATAE frames detects the same core switch at the same time (if the detection interval is set to 1 second), 12% of the CPU resources of the switch (S9300 series switch) are consumed. If the AND tool deployed on more than 100 cards detects the same core switch, you are advised to set the detection interval to 2 seconds to reduce the CPU usage of the switch.

If the core switch cannot process the ICMP packets send by the AND tool deployed on service cards of ATAE frames, ping packets destined for the core switch will be lost. In this case, you need to increase the upper limit on the number of ICMP packets that can be processed by the core switch during a certain period. The following uses the configuration on an S9300 switch as an example. (The commands vary depending on software versions). By default, the S9300 can respond to the detection requests sent by the AND tool on a maximum of 80 service cards.

[SW1] cpu-defend policy 1                            Create CPU attack defense policy 1 in the system view.

[SW1-cpu-defend-policy-1] car packet-type icmp cir 2500 cbs 250000

[SW1] slot x                                                    Display the desired slot view.

[SW1-slot-x] cpu-defend policy 1                  Activate CPU attack defense policy 1 on slot x.

To activate CPU attack defense policy 1 on all LPUs, log in to the switch, switch to the system view, run the cpu-defend-policy 1 and car commands, and then run the corresponding commands in the view of the LPU in each slot.

Using the car command, you can set the rate limit for packets sent to the CPU. You can run the display cpu-defend configuration command to view the default rate limit. After an attack defense policy is created, if the switch receives attack packets of a specified protocol or a large number of packets sent to the CPU, configure rate limit for the protocol packets in the attack defense policy to reduce the impact on the CPU.     

That's what I want to share with you.

                                                                                                                                         Authorized reprint by author zhushigeng (Vinsoney) 

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits


Huawei Enterprise Support Community
Huawei Enterprise Support Community
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.