S7700交换机G24SA单板不支持NLB特性导致NLB业务跨板转发异常

发布时间:  2015-11-20 浏览次数:  441 下载次数:  11
问题描述

【版本信息】
 

S7700

V200R003C00SPC500

V200R003SPH012

S5700LI

V200R003C00SPC300

V200R003SPH010

S5700EI

V200R003C00SPC300

V200R003SPH010


【组网概述】
 

1、如组网拓扑图中,S7700采用堆叠卡堆叠,作为所有业务的核心网关;S7700堆叠的两个单框采用相同类型的板卡,且槽位分布完全相同,板卡类型及分布见图中描述;

 

2、S5700EI设备下挂NLB业务,NLB服务器采用组播模式,MAC03BF开头;现网NLB业务需要S5700LI下挂PC客户端能够访问S5700EI下挂NLB服务器虚拟出来的03BF开头的MAC地址(对应相应的虚拟IP)。
 

【组网拓扑图】

 

【关键配置脚本】
 

S7700

#                                                                               

arp static 10.28.38.102 03bf-0a1c-2666 vpn-instance Internal_Service           

arp static 10.28.38.108 03bf-0a1c-266c vpn-instance Internal_Service           

arp static 10.28.38.112 03bf-0a1c-2670 vpn-instance Internal_Service           

arp static 10.28.38.132 03bf-0a1c-2684 vpn-instance Internal_Service           

arp static 10.28.38.135 03bf-0a1c-2687 vpn-instance Internal_Service           

arp static 10.28.38.141 03bf-0a1c-268d vpn-instance Internal_Service           

arp static 10.28.38.105 03bf-0a1c-2669 vpn-instance Internal_Service           

#  

interface Eth-Trunk5                                                           

 description To_Floor-S5700LI-01_Eth-trunk5                                     

 port link-type trunk                                                          

 undo port trunk allow-pass vlan 1                                             

 port trunk allow-pass vlan 8 to 4094                                          

#

interface Eth-Trunk40                                                          

 port link-type trunk                                                          

 undo port trunk allow-pass vlan 1                                             

 port trunk allow-pass vlan 103 400 to 499                                     

 traffic-policy test outbound                                                  

 mac-address multiport 03bf-0a1c-2666 vlan 403                                 

 mac-address multiport 03bf-0a1c-2669 vlan 403                                 

 mac-address multiport 03bf-0a1c-266c vlan 403                                 

 mac-address multiport 03bf-0a1c-2670 vlan 403                                 

 mac-address multiport 03bf-0a1c-2684 vlan 404                                 

 mac-address multiport 03bf-0a1c-2687 vlan 404                                 

 mac-address multiport 03bf-0a1c-268d vlan 404                                 

#        

interface Vlanif100                                                             

 description Management_IP                                                     

 ip binding vpn-instance Internal_Service                                      

 ip address 172.21.32.1 255.255.255.0                                           

#  

interface Vlanif403                                                            

 description IT_Server_04                                                      

 ip binding vpn-instance Internal_Service                                       

 ip address 10.28.38.97 255.255.255.224                                        

#    
 

【故障现象】
 

如组网拓扑图中红色线条,Ping业务故障。

处理过程
1、首先判断丢包节点,在S7700上,分别对Eth-trunk5的入方向和Eth-trunk40的出方向做流量统计。

流量统计配置脚本:

#
acl number 3000
rule 5 permit ip source 172.21.32.10 0 destination 10.28.38.105 0
#
traffic classifier test operator or precedence 5
if-match acl 3000
#
traffic behavior test
permit
statistic enable
#
traffic policy test
classifier test behavior test
#
interface Eth-Trunk5
traffic-policy test inbound
#
interface Eth-Trunk40
   traffic-policy test outbound
#
 
[S7700]dis traffic policy  statistics  interface  E
th-Trunk 5 inbound
Interface: Eth-Trunk5
Traffic policy inbound: test
Rule number: 1
Current status: OK!
Statistics interval: 300
---------------------------------------------------------------------
Board : 1/1
---------------------------------------------------------------------
Matched          |      Packets:                            42
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                            42
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
Board : 2/1
---------------------------------------------------------------------
Matched          |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
 
[S7700]dis traffic policy  statistics  interface  E
th-Trunk 40 outbound 
 
Interface: Eth-Trunk40
Traffic policy outbound: test
Rule number: 1
Current status: OK!
Statistics interval: 300
---------------------------------------------------------------------
Board : 1/1
---------------------------------------------------------------------
Matched          |      Packets:                            0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                            0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
Board : 2/1
---------------------------------------------------------------------
Matched          |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------

由上述回显信息可以看出,流量在S7700上被丢弃;

对比测试,当业务流量从S7700的XGE 1/3/0/4端口进入时,Ping包正常。

对比两次测试结果,发现入方向流量的单板类型不同,遂怀疑故障与单板强相关。

2、进一步验证推测,在S7700上通过Ping包,使业务流量从多个相同的VLANIF三层接口,不同的单板进入,测试结果显示,相同的三层VLANIF接口进入的流量在不同的单板上出现不同的表现。从G24SA单板入的Ping业务均被丢弃,而从X12SA单板入的Ping业务均正常,进一步验证了结论。

3、经确认,G24SA单板不支持NLB特性。
根因
S7700的ES0D0G24SA00、ES0D0G24CA00单板不支持连接客户端侧,也不支持连接NLB服务器群集。
解决方案
通过分析发现,现网NLB业务的出端口统一为Eth-trunk40上,所以通过流策略匹配,目的地址去往NLB虚拟IP地址的业务,强制重定向至Eth-trunk40端口,规避问题,配置脚本如下:


traffic classifier test operator or precedence 5 
if-match acl 3000 

traffic behavior test 
permit 
statistic enable 
redirect interface Eth-Trunk40 

traffic policy test 
classifier test behavior test 

traffic-policy test global inbound slot 1/1 
traffic-policy test global inbound slot 2/1 
#
建议与总结
业务功能障碍定位总结:

1、通过流统计、镜像抓包等手段确认业务故障节点;

2、通过对比测试发现问题共性。

END