No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

When switch receives Topology Change BPDU, then traffic is broadcasting on all interfaces in MSTP instance. After a short period of time traffice is decreasing.

Publication Date:  2012-07-27 Views:  60 Downloads:  0
Issue Description

     When switch receives Topology Change BPDU, then traffic is broadcasting on all interfaces in MSTP instance. After a short period of time traffice e.g. to GGSN is deacreasing.

Alarm Information
none
Handling Process


    1: Use "display stp tc" in hidden mode. You will see the quantity of TC packets received and it all indicate the receiving ports. And observe if the quantity of Tc-received is increasing , And you can find the way TC packet pass through , and then go to the next switch , use the same method ,to find out the next ,next switch.
      2: But when you reach  the source switch you will not see any information about the received TC packet quantity. Because "display stp tc" will just represent the tc-receiving information not TC-sending information ,but source switch just has sending information .
     3:  So when at source switch you can use "display log" to check if these is any port-up-down event or the link-cost-change strange thing which can change the stp topology. The switch is the right source. Or use "display stp instance 0 interface XXX" as bellow , the source switch will flood out the TC packet , so at the source switch you can see sending-TC packets quantity.

<Quidway> display stp instance 0 interface gigabitethernet 0/0/1
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge            :32768.00e0-fc0e-a421
Bridge Times           :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC         :32768.00e0-fc0e-a421 / 0
CIST RegRoot/IRPC      :32768.00e0-fc0e-a421 / 0
CIST RootPortId        :0.0
BPDU-Protection        :disabled
TC or TCN received     :8
TC count per hello     :8
STP Converge Mode      :Normal
Time since last TC     :0 days 23h:9m:30s
----[Port3(GigabitEthernet0/0/1)][FORWARDING]----
 Port Protocol         :enabled
 Port Role             :Designated Port
 Port Priority         :128
 Port Cost(Dot1T )     :Config=auto / Active=200000000
 Desg. Bridge/Port     :32768.00e0-fc0e-a421 / 128.1229
 Port Edged            :admin=enabled
 Point-to-point        :Config=ForceTrue
 Transit Limit         :3 packets/hello-time
 Protection Type       :None
 Port Stp Mode         :MSTP
 Port Protocol Type    :Config=auto / Active= dot1s
 PortTimes             :Hello 2s MaxAge 20s FwDly 15s RemHop 20
 TC or TCN send      :0
 TC or TCN received  :0
 BPDU Sent             :0
       TCN: 0, Config: 0, RST: 0, MST: 0
 BPDU Received         :0
       TCN: 0, Config: 0, RST: 0, MST: 0  

Root Cause
After receiving TC-BPDUs, a switch deletes MAC address entries and ARP entries. If a malicious attacker sends pseudo TC-BPDUs to attack the switch, the switch will receive a large number of TC-BPDUs within a short time period, and delete its MAC entries and ARP entries frequently. As a result, the switch is heavily burdened, threatening the network stability.
After enabling TC-BPDU attack defense, you can set the number of times TC-BPDUs are processed by the MSTP process within a given time period (the default time period is 2s, and the default number of times is 3). If the number of TC-BPDUs that the MSTP process receives within the given time exceeds the specified threshold, MSTP processes TC-BPDUs only for the specified number of times. After the timer expires, the MSTP process processes the remaining TC-BPDUs together. In this way, the switch is prevented from frequently deleting its MAC entries and ARP entries, and thus is protected from being over-burdened.
Suggestions
make sure the whole topology is stable .

END