Fault Symptom
The NE40E on the backbone network of a carrier upgrades from V600R001C00SPCc00 to V600R001C00SPCf00. After the upgrade, packet loss occurs when access devices ping the NE40E. This fault never occurs before the upgrade. In addition, no packet loss occurs when access devices ping the other devices on the same network before and after the upgrade.
Fault Analysis
1. It is confirmed that the size of the ping packet is 1900 bytes, and the rate of sending ping packets is 80 packets per second. Since packet loss occurs when several access devices ping the NE40E using different physical links, the physical interfaces may be faulty. By checking physical interfaces, there is no error packet and the CRCs do not increase. The fault is not caused by faulty physical links. The analysis about the NE40E configurations shows no configuration about the rate limit. However, the display cpu-defend application-apperceive statistics command output shows that the number of discarded ICMP packets is increasing.
<NE40E>display cpu-defend application-apperceive statistics slot 2
Slot Attack-Type Total-Packets Passed-Packets Dropped-Packets
--------------------------------------------------------------------------------
2 Application-Apperceive 837917 834765 3152
--------------------------------------------------------------------------------
FTP SERVER 0 0 0
SSH SERVER 0 0 0
SNMP 0 0 0
TELNET SERVER 25 25 0
OSPF 811666 811666 0
ISIS 0 0 0
ICMP 25014 21862 3152 //keep increasing
802.1AG 0 0 0
FTP CLIENT 0 0 0
TELNET CLIENT 1212 1212 0
2. Run the display icmp statistics command to check ICMP traffic statistics. The statistics about destination unreachable are displayed as follows:
<NE40E>display icmp statistics
Input: bad formats 0 bad checksum 0
echo 292101 destination unreachable 234900//keep increasing
source quench 0 redirects 0
echo reply 240 parameter problem 0
timestamp 0 information request 0
mask requests 0 mask replies 0
time exceeded 26
Mping request 0 Mping reply 0
Output:echo 611 destination unreachable 0
source quench 0 redirects 0
echo reply 292101 parameter problem 0
timestamp 0 information reply 0
mask requests 0 mask replies 0
time exceeded 718
Mping request 0 Mping reply 0
It is suspected that the packet loss is caused by the CAR function. The information about packet drop caused by the ICMP CAR function on the LPU is displayed as follows:
<NE40E>display cpu-defend car protocol icmp statistics slot 2
Slot : 2
Application switch : Open
Default Action : Min-to-cp
--------------------------------------------
ICMP packet
Protocol switch: Open
Packet information:
Passed packet(s) : 311923
Dropped packet(s) : 1086
Configuration information:
Configged CIR : 1000 kbps Actual CIR in NP : 1000 kbps
Configged CBS : 1000000 bytes Actual CBS in NP : 1000000 bytes
Priority : high
Min-packet-length : NA
Calculate the rate of sending ping packets: 1900 bytes x 8 x 80 = 1216 kbit/s. Since the rate is greater than 1000 kbit/s, the CAR function enabled on the LPU causes the packets to be discarded. On V600R001C00SPCc00 before the upgrade, since the CIR of the LPU CAR function is 4000 kbit/s, ping packets are not discarded. After the upgrade, ping packets are discarded.
Procedure
1. Run the cpu-defend policy 2 command to create an attack defense policy.
2. Run the car icmp cir 4000 command to modify the CAR configuration on the LPU and change the CIR to 4000 kbit/s.
3. Run the cpu-defend-policy 2 command in the slot 2 view to apply the attack defense policy.
After the preceding operations, packet loss does not occur when access devices ping the NE40E.
Summary
Problems often occur because the default configurations are changed during the system version upgrade on routers. Ping is a common method used to check the network connectivity. If ping packets are discarded, you can locate the problem by checking details about discarding packets by application layer association.
