Users in New VLANs on the S7700 Cannot Implement Layer 3 Access with Users in Ot

Latest reply: Dec 31, 2015 03:12:13 1669 1 0 0
Problem Description
The S7700 functions as the access gateway, multiple VLANs are used, and each VLANIF interface is enabled with DHCP to dynamically allocate IP addresses to users.

Three VLANs are added on the S7700, and the S7700 is also used as the gateway for users in the three VLANs. Users in new VLANs cannot communicate with users in other VLANs through Layer 3 services.
Alarm Information
6757 #Sep 10 2015 15:48:39 IDC-RedFinger-S7706-1 L3MB/4/FWDRESLACK:OID 1.3.6.1.4.1.2011.5.25.227.2.1.5 The layer 3 resource usage has reached or exceeded 100%.(EntPhysicalindex=67895305,EntPhysicalName=LPU Board 3,Slot=3,ResourceType=31)

6758 #Sep 10 2015 15:48:09 IDC-RedFinger-S7706-1 L3MB/4/FWDRESLACK:OID 1.3.6.1.4.1.2011.5.25.227.2.1.5 The layer 3 resource usage has reached or exceeded 85%.(EntPhysicalindex=67895305,EntPhysicalName=LPU Board 3,Slot=3,ResourceType=31)

6759 #Sep 10 2015 15:48:09 IDC-RedFinger-S7706-1 L3MB/4/FWDRESLACK:OID 1.3.6.1.4.1.2011.5.25.227.2.1.5 The layer 3 resource usage has reached or exceeded 85%.(EntPhysicalindex=67895305,EntPhysicalName=LPU Board 3,Slot=3,ResourceType=27)
Procedure
1. Check MAC address entries and ARP entries corresponding to users in new VLANs. The S7700 can learn ARP entries of users in new VLANs.

2. Run the ping command to check connectivity between devices of new users and the S7700. The devices of new users can ping IP addresses of VLANIF interfaces on the S7700.

3. Run the display trapbuffer command to check alarms. The following alarm information indicates that the Layer 3 resource usage exceeds the upper threshold.

Check the ID of ResourceType. The number of next hop entries reaches 100%.

6757 #Sep 10 2015 15:48:39 IDC-RedFinger-S7706-1 L3MB/4/FWDRESLACK:OID 1.3.6.1.4.1.2011.5.25.227.2.1.5 The layer 3 resource usage has reached or exceeded 100%.(EntPhysicalindex=67895305,EntPhysicalName=LPU Board 3,Slot=3,ResourceType=31)

6758 #Sep 10 2015 15:48:09 IDC-RedFinger-S7706-1 L3MB/4/FWDRESLACK:OID 1.3.6.1.4.1.2011.5.25.227.2.1.5 The layer 3 resource usage has reached or exceeded 85%.(EntPhysicalindex=67895305,EntPhysicalName=LPU Board 3,Slot=3,ResourceType=31)

6759 #Sep 10 2015 15:48:09 IDC-RedFinger-S7706-1 L3MB/4/FWDRESLACK:OID 1.3.6.1.4.1.2011.5.25.227.2.1.5 The layer 3 resource usage has reached or exceeded 85%.(EntPhysicalindex=67895305,EntPhysicalName=LPU Board 3,Slot=3,ResourceType=27)

4. Run the display diagnostic resource l3 slot 3 command to check the Layer 3 resource usage. The command output indicates that next hop entries are exhausted.

<Switch> display diagnostic resource l3 slot 3 
=========================================================================== 
L3 Slot: 3 
Unit: 0         TOTAL            USED            FREE 
L3ENTRY:        8192             7794            398     
L3DEFIP:        12288            440             11848   
L3DEFIPV6_128:  256              0               256     
TUNNEL_TERM:    256              0               256     
NEXT_HOP:       8192             8192            0       
L3_INTF:        4096             47              4049    
L3_ECMP:        2048             0               2048    

Unit: 1         TOTAL            USED            FREE 
L3ENTRY:        8192             7794            398     
L3DEFIP:        12288            440             11848   
L3DEFIPV6_128:  256              0               256     
TUNNEL_TERM:    256              0               256     
NEXT_HOP:       8192             8192            0       
L3_INTF:        4096             47              4049    
L3_ECMP:        2048             0               2048  

5. The number of next hop entries is relevant to ARP entries, ND entries, and host routes or subnet routes. Run the display arp command to check ARP entries. The number of ARP entries is 8923, and is far more than the number of next hop entries.

<Switch> display arp 
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
                                          VLAN/CEVLAN 
------------------------------------------------------------------------------ 
10.1.254.200    1803-7351-cea5  18        D-0         GE3/0/37 
                                           254/- 
10.72.1.254     3400-a353-e6d6            I -         GE3/0/47 
10.72.1.253     7ca2-3efc-47fa  10        D-0         GE3/0/47 
------------------------------------------------------------------------------ 
Total:8923      Dynamic:8868    Static:0     Interface:55

The number of ARP entries exceeds the maximum value. Consequently, next hop entries are exhausted, and next hop entries cannot be generated for newly connected PCs. In this case, users in new VLANs cannot implement Layer 3 access with users in other VLANs.

6. Deploy the gateway of users at a lower layer to reduce the number of ARP entries on the S7700 and prevent next hop entries of the S7700 from being exhausted.
Root Cause
There are many access users and the number of ARP entries has exceeded the maximum value allowed by the LPU. As a result, next hop entries are exhausted, next hop entries cannot be generated for newly connected PCs. In this case, users in new VLANs cannot implement Layer 3 access with users in other VLANs.
Solution
Configure the gateway of some users as the access or aggregation switch to reduce the number of ARP entries on the S7700 so that the number of ARP entries does not exceed the maximum value.
Suggestions
When there are many access users, configure the gateway of access users as the access or aggregation device. This deployment prevents service forwarding failures due to insufficient resources and network-wide interruptions due to device faults.
  • x
  • convention:

who_knows
Created Dec 31, 2015 03:12:13 Helpful(0) Helpful(0)

Thank you for sharing!

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login