No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Of Ping Test Fail For AntiDDos( V100R001C00SPC600)

Publication Date:  2016-04-10 Views:  2 Downloads:  0
Issue Description

When the user connected the AntiDDos and SW directly.



The ping test from SW to AntiDDos failed

Alarm Information
[SW]ping 192.168.XX.2
  PING 192.168.XX.2: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 192.168.XX.2 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss
Handling Process

1. Check the configuration of SW. Vlan 200 and Vlanif 200 (192.168.XX.1/24) were created. The setting for the port is ok.
2. Check the ARP table for the SW.
===============================================
  ===============display arp===============
===============================================
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                          VLAN/CEVLAN
------------------------------------------------------------------------------
168.187.XX.126 9c37-####-46b3            I -         Vlanif2
168.187.XX.122 9c37-####-46b5            I -         Vlanif4
168.187.XX.121 000b-####-1419  15        D-0         GE0/0/24
                                             4/-
192.168.YY.1   9c37-####-46b6            I -         Vlanif200
192.168.XX.2   8038-####-9ecc  8         D-0         GE0/0/23
                                             5/-
192.168.XX.1   9c37-####-46b4            I -         Vlanif3
------------------------------------------------------------------------------
Total:6         Dynamic:2       Static:0     Interface:4  
3. Check the setting for AntiDDos. The details just as below:
The port GE3/0/0 (10G) with 192.168.XX.2/24
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 192.168.XX.2 255.255.255.0
#
The port GE3/0/0 have already been added to trust interzone.
#
firewall zone trust
set priority 85
add interface GigabitEthernet3/0/0
#
Policy for the interzones are default permit.
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
4. Check the license of AntiDDos.
===================================================
  ===============display license===============
===================================================
13:27:29  2016/04/04
MainBoard:
Device ESN is: 210305G06R10F3000039
License file is not activated, please use default configuration!
SlaveBoard:
Device ESN is: 210305G06R10F3000041
License file is not activated, please use default configuration!
5. After applied and activated the license, the ping test is still fail.

The session is normal. There are packets received and sent.

7. Check the traffic statics of SW side.

8. Capture the packets at inbound direction for AntiDDos.

There is not any mistake for the data for oport, nhip, vlan.
9. Check the next hop and MAC address. And there is not any mistake for this.

10. Capture the packets for AntiDDos.

There is not any mistake for hnip, oport and vlan.
11. Ping test form SW to AntiDDos, and found there is ARP MISS for LPU of AntiDDos.

12. From these information, we did not find any abnormal information for  EPHP, DMA, ARP. For ARP MISS. This issue is due to transition-BIT from EF module to algorithm module and then there replied the arp request with wrong value.
13. After reboot the equipment, this issue resolved.

Root Cause
Soft error will be triggered when the equipment reboot or restart. This is due to the high-energy particle. But the probability is very low.
Suggestions
During the Troubleshooting, using different way to reduce the arrange of  possible root cause. That will be helpful for the work.

END