reset, refresh FIB table on s6720EI

Created: Jan 17, 2020 21:22:20Latest reply: Jan 22, 2020 06:07:33 161 6 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hello guys. We have this s6720 with resource-mode as enhanced-ipv4, in this mode we spect this device supports up to 128K  FIB entries.


display resource-mode configuration

Slot       Current Mode    Next Mode

- - - - - - - - - - - - - - - - - - - - - - -

0          enhanced-ipv4   enhanced-ipv4


The routing table is far of the fib maximum limit.


display ip routing-table statistics

Summary Prefixes : 19446


Regardless of that, this is the second time in six months, in what the devices start to behave like the fib table has been overloaded. 


The problem is solved restarting the s6720EI. 


We use default "fib regularly-refresh" setting.


What can I do to force FIB reset. We tryed reseting bgp peer with no luck.


display version Huawei Versatile Routing Platform Software VRP (R) software, Version 5.170 (S6720 V200R010C00SPC600) Copyright (C) 2000-2016 HUAWEI TECH CO., LTD HUAWEI S6720-30C-EI-24S-AC Routing Switch uptime is 0 week, 2 days


Thanks in advance.


Test for this diagnostic


When we try to reach some ipv4 destination, traceroute lounched from PC behind this device, the tracert start to show * as soon the packet reach this s6720EI, I'm preaty sure that the problem is not the next-hop device because tracert launched from s6720EI goes well. from ipv4 sources belonging to the same /24 of the PC.


  • x
  • convention:

Featured Answers
chenhui
Admin Created Jan 19, 2020 06:30:41 Helpful(0) Helpful(0)

Posted by pendorcho at 2020-01-18 05:27 Hi @Popeye_Wang. the device is working smooth right now, so this outputs do not represent the status ...
Hi @pendorcho
From your description, I would suggest you to check the CPU usage when the problem happen again.
The tracert start to show * as soon the packet reach this s6720EI might due to the switch is in high CPU usage situation, which causing the ICMP packets dropped.
(For what reason fib table entry count could be larger than routing-table count?) for this problem, when there are load-balancing routes in the routing table, the FIB entry count will be larger than routing table count.
For the last question, it depends on a lot of factors to accelerate the convergence of the routing table. It should be discussed in specific network enviroment. After the routing table generated, the router will calculate the FIB entry and add the result into the FIB, I don't think there is any delay between these two actions.
  • x
  • convention:

All Answers
Popeye_Wang
Popeye_Wang Admin Created Jan 18, 2020 03:09:17 Helpful(0) Helpful(0)

Hi,

You can use the display fib statistics all command to see if the fib is over the limit.


  • x
  • convention:

pendorcho
pendorcho Created Jan 18, 2020 05:27:42 Helpful(0) Helpful(0)

Hi @Popeye_Wang. the device is working smooth right now, so this outputs do not represent the status of the device when the problem happened.

display ip routing-table statistics
Summary Prefixes : 19178

display fib statistics all
IPv4 FIB Total Route Prefix Count : 19178; Entry Count : 19178

IPv4 FIB Public Route Prefix Count : 19178; Entry Count : 19178
IPv4 FIB VPN-instance dummy Route Prefix Count : 0; Entry Count : 0

For what reason fib table entry count could be larger than routing-table count?

Which command or config could I run or set to improve or accelerate the convergence between FIB with the routing table?

Thnaks
  • x
  • convention:

chenhui
chenhui Admin Created Jan 19, 2020 06:30:41 Helpful(0) Helpful(0)

Posted by pendorcho at 2020-01-18 05:27 Hi @Popeye_Wang. the device is working smooth right now, so this outputs do not represent the status ...
Hi @pendorcho
From your description, I would suggest you to check the CPU usage when the problem happen again.
The tracert start to show * as soon the packet reach this s6720EI might due to the switch is in high CPU usage situation, which causing the ICMP packets dropped.
(For what reason fib table entry count could be larger than routing-table count?) for this problem, when there are load-balancing routes in the routing table, the FIB entry count will be larger than routing table count.
For the last question, it depends on a lot of factors to accelerate the convergence of the routing table. It should be discussed in specific network enviroment. After the routing table generated, the router will calculate the FIB entry and add the result into the FIB, I don't think there is any delay between these two actions.
  • x
  • convention:

pendorcho
pendorcho Created Jan 20, 2020 01:59:57 Helpful(0) Helpful(0)

Hi @chenhui, the CPU was fine, slightly above average, but I think it was the cause of the problem itself. 

This command has executed during the event.


display ip routing-table statistics 

Summary Prefixes : 19498

Proto     total      active      added        deleted      freed   

          routes     routes      routes       routes       routes  

DIRECT    34         34          76           42           42        

STATIC    7          7           7            0            0         

RIP       0          0           0            0            0         

OSPF      4941       4937        3000108      2995167      2995167   

IS-IS     0          0           0            0            0         

BGP       14524      14520       980130       965606       965606    

UNR       0          0           0            0            0         

Total     19506      19498       3980321      3960815      3960815 



cpu

Also we get few logs like this


%ADPIPV4/4/CPCAR_TTL1_DROP(l)[41808]:The number of packets sent to
the CPU exceed the threshold 20000.(SLOT=0, CPCAR TYPE=CPCAR_TTL1,
DiscardPacketCount=1040403, Reason="A routing loop may occur")

%DEFD/4/CPCAR_DROP_LPU(l)[41807]:Rate of packets to cpu exceeded the
CPCAR limit on the LPU in slot 0. (Protocol=ttl-expired,
CIR/CBS=64/12032, ExceededPacketCount=1040403)


But traffic dose'nt show as if there was a routing loop in place, because the traffic drops, and  traffic usualy increase during routing loops.


Thanks

  • x
  • convention:

Steelblue
Steelblue Created Jan 22, 2020 00:35:25 Helpful(0) Helpful(0)

The situation looks complicated and it is difficult to find the cause from the information you provide. It is recommended that you contact the TAC and provide diagnostic logs for R&D engineers for analysis.
https://e.huawei.com/en/service-hotline-query
  • x
  • convention:

chenhui
chenhui Admin Created Jan 22, 2020 06:07:33 Helpful(0) Helpful(0)

Posted by pendorcho at 2020-01-20 01:59 Hi @chenhui, the CPU was fine, slightly above average, but I think it was the cause of the problem i ...
Hi,
from the logs, massive packets are dropped due to exceed the CPCAR rate limit. If you are sure that there is no routing loop in the live network, then you might under attacked by TTL-expired packets.
As the logs indicates, the packets are dropped due to exceed the CPCAR rate limit, so, the tracert result display * when the ICMP packets are dropped.
You are advised checking the dropped packets at fixed period, if the number of dropped packets keep raising, please do investigate the potential routing loop and TTL-expired pakcets attacking. If you are sure there isn't such error, please contact the TAC.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login