The CPU of MPU and Interface Board Reaches 100 Percent because of IGMP Packet Attack

Publication Date:  2012-07-27 Views:  72 Downloads:  0
Issue Description
The CPU of MPU and interface board reaches 100%. There is block at interface board.
Alarm Information
Null
Handling Process
The device does not enable IGMP, configure traffic-policy to filter all IGMP packets, as follows:
1. Configure acl to match IGMP packet
acl number 3099                                                                 
 rule 5 deny igmp                                                               
 rule 10 permit ip                                                              
2. Configure traffic classifier
traffic classifier antiIGMP operator or                                         
 if-match acl 3099                                                              
3. Configure traffic behaviour                                               
traffic behavior antiIGMP                                                       
4. Configure traffic policy                                                   
traffic policy antiIGMP                                                         
 classifier antiIGMP behavior antiIGMP 
5. Apply the policy at inbound interface
interface pos1/0/0
traffic-policy antiIGMP inbound  
After the configuration above is finished, the CPU of MPU and interface board reduces.
Root Cause
1. Check CPU usage and it is found that the CPU of MPU and interface board reaches 100%.
<NE5000E>dis health
Slot          CPU Usage     Memory Usage (Used/Total)
-----------------------------------------------------
17 MPU(Master) 100%           24%  462MB/1913MB
 1 LPU          42%           48%  188MB/390MB
 2 LPU          38%           48%  188MB/390MB
 3 LPU         100%           54%  214MB/390MB
2. Check the task of CPU and VPR task occupies much CPU resource. The task is to handle the packet sent to the CPU.
<W-1>dis cpu 
TaskName        CPU        Runtime(CPU Tick High/CPU Tick Low)
VIDL            1%               0/2be77165
TICK             0%               0/  17e5db
IPCR             0%               0/    4b6f
 VPR            90%               0/ 65e8b49
 VPS             0%               0/   3a150
dTcm             5%               0/ 3423ea3
BEAT             0%               0/   1a7cf
3. According to the information above after analyzing traffic on forwarding layer, there are many packets sent to CPU of MPU. The protocol No of these packets is 2 (IGMP packet) and destination IP is unicast.
*3.1139475482 
IP/8/debug_case:Slot=14;                        
Discarding, interface = Pos14/1/0, version = 4, headlen = 20, tos = 0,          
pktlen = 45, pktid = 39706, offset = 0, ttl = 124, protocol = 2,                
checksum = 57757, s = 60.178.203.231, d = 218.16.223.108                        
*3.1139475482 
IP/8/debug_case:Slot=14;                        
Discarding, interface = Pos14/1/0, version = 4, headlen = 20, tos = 0,          
pktlen = 45, pktid = 13670, offset = 0, ttl = 122, protocol = 2,                
checksum = 35548, s = 60.181.138.90, d = 218.16.223.108      
Suggestions
Null

END