No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Packet Discarded Rate Exceeding the Threshold During TCP-IP Protection

Publication Date:  2012-07-27 Views:  40 Downloads:  0
Issue Description
TCP/IP or UDP packets discarded on LPU because of increace in  abnormal or non fragmented packets TCP/IP or UDP packets.
NE verison details:
VRP (R) software, Version 5.70 (NE40E&80E V600R001C00SPC800) 
Alarm Information
On NMS we will get the alarm of packet discarded with the NE information. Below alarm will pop up on NMS:
"Packet Discarded Rate Exceeding the Threshold During TCP/IP Protection"
Handling Process
To handle the same we need to check below command to find out which type of TCP/IP packets where droped.
<KOL:VSB-NE40E-AR-B1>dis cpu-defend tcpip-defend statistics  slot 2
Slot      Attack-Type               Total-Packets Passed-Packets Dropped-Packets
--------------------------------------------------------------------------------
2         Tcpip-defend                    2645104          41267        2603837
--------------------------------------------------------------------------------
          Abnormal-packet                     4                  0                     4
          Fragment-packet                 11360          11360              0
          Tcpsyn-packet                     29907          29907                0
          Udp-packet                        2603833              0              2603833
--------------------------------------------------------------------------------
To find out the detailed informantion of the drop packets or to know the source and destination IP these attack packets use below command:
"display attack-source-trace slot  2 verbose"
or
"display attack-source-trace slot  2 statistics"
This will show the detailed information of the droped packets. 
Root Cause
After analysis this cause we find to safeguard the CPU of mother-card we use some defend policy on LPU. If this policy find some abnormal packets or attack packets above configured CAR value(pass limit) it will drop the packets on the LPU itself.So that attack packets will not be processed by MPU and MPU can be protected by such kind of attackes.
If the forwarding traffic exceed the configured threshold value the NE will drop the packet at LPU only, it will never be processed by MPU.To check the default or configured CAR value use following command:
"display cpu-defend car protocol <protocol name> statistics"
Suggestions
This commands should be included in daily maintainance to know the attack information and take the action of the attack source.

END