The networking is as follows:
NE5000E-1 POS6/0/0 －－－-NE5000E-2 POS6/0/0
The public network or NE5000E-1 can ping through the NE5000E-2, but the telnet fails. Log in to the NE80E from the public network first, and then the telnet of the NE5000E-2 succeeds. When the fault occurs, all the services are normal.
Version: Version NE5000E-VRP5.10-21003300
1. Ensure that the configuration and the traffic diagram are normal, and then problems of the configuration, traffic overflow, virus attack and router filtering are excluded.
2. The difference between the telnet service and ping service is that the ping service can respond the packet on the interface board directly, but the telnet service needs send the packets to the main control board for process. Judging from information at the site, the channel from the interface board to the main control board may be disturbed.
3. The NE5000E-1 can ping through the IP address 220.127.116.11 of POS 6/0/0 directly connected to the NE5000E-2.Carrying the parameter �r, the NE5000E-1 cannot ping through the IP address 18.104.22.168 of POS 6/0/0 directly connected to the NE5000E-2.Through the preceding tests, it is certain that the process of sending packets to the main control board occupies large CPU resources.
4. Log in to the NE5000E-2 to local the problem, and find that the CPU utilization rate of slot 6 is higher than other interface boards.
5. Check the statistics on the IP layer and find that slot 6 on the NE5000E-2 has large TTL timeout packets to send and that the number increases fast.
< NE5000E-2>dis ip st slot 6
Input: sum 1952585742 local 0
bad protocol 0 bad format 0
bad checksum 0 bad options 0
TTL exceeded 165074682 //increased fast
Check on the NE5000E-1 and find that similar statistics exists on slot 6.
6. It is certain that the reason for the telnet failure is because large abnormal packets occupy the bandwidth for sending packets to the main control board. The traffic accesses the public network and the private network from the NE5000E-1; therefore, logging in to the NE5000E-2 connected to the slot 6 should also pass through the NE5000E-1. Logging in to the NE80E from the public network needs not pass through the NE5000E-2 and thus has no problem.
7. When the fault occurs, the interface of upstream devices on the NE5000E-1 has the problem of up/down. This problem causes the loop of abnormal packets on two devices.
1. The configuration fails.
2. The virus attacks.
3. The traffic overflows.
4. Telnet packets are filtered by the passing routers.
5. Abnormal traffic occupies the CPU resources.
Interface up/down of the upstream devices on the NE5000E-1 results in the generation of temperate routing loops. The NE5000E cannot ping through the telnet.
Telnet and ping packets have lower priority to be sent, therefore, when there are large TTL packets, telnet and ping packets fail to be sent to the main control board. Protocol packets have high priority and occupy separate bandwidth, so when there are large TTL packets to be sent, the routing protocol is not affected. When the fault occurs, the service data stays normal.