This time, I will share with you a case about the MA5800MA5800 is unreachable because a large number of ARP packets are sent from the network side.
Issue description
The MA5800 unreachable alarm has been cleared and services are normal. The cause needs to be analyzed. Here we use Huawei MA5800-X7 for example.
Handling Process
1. Checked the LACP log at the unreachable time (15:55). No intermittent disconnection occurred at 16:41. The cause was that the customer shut down the port on the peer device and the customer reported that services were normal. Therefore, the device was not unreachable by the NMS due to link exceptions.
The NMS became unreachable from 15:58 to 17:22.
Analyzed the LACP logs. The LACP intermittent disconnection occurred at 16:41 because the customer shut down the port on the peer device and the port went Down. As a result, the LACP fault occurred.
2. Query the OLC queue. It is found that queue 11 of the SRV process has a large number of tail drop packets, and queue 11 of the SRV process is ARP_NET. This indicates that ARP packet attacks occur on the network side, causing a large number of ARP packets to be discarded.
3. Check the historical ARP entry change information. It is found that ARP entries are added or deleted near the unreachable time (D/3 indicates that the entries are normally aged and deleted). ARP packet attacks will cause ARP packets to be discarded on the gateway. After the ARP entries on the OLT are aged, the OLT cannot learn the gateway ARP entries in time. As a result, SNMP packets do not have gateway ARP entries. As a result, the OLT cannot communicate with the NMS. As a result, the OLT becomes unreachable to the NMS. Normal service packets are forwarded at Layer 2. Therefore, services are not affected.
Root cause
When the OLT is attacked by network-side ARP packets, a large number of ARP packets are discarded in queue 11 (ARP_NET) of the SRV process. After the management ARP packets are discarded, the OLT cannot learn the ARP entries of the gateway in time after the ARP entries are aged. As a result, management packets cannot be forwarded, and the device is unreachable to the NMS. Normal service packets are forwarded at Layer 2. Therefore, services are not affected.
Solution
The OLT is attacked by network-side ARP packets. As a result, a large number of ARP packets are lost in queue 11 (ARP_NET) of the SRV process. You are advised to check the network-side ARP attack source packets based on the networking.
Summary
That’s all, if you have any questions, please feel free to contact: csd@telecomate.com.
Leave a comment