Inter-card NLB Service Forwarding Is Abnormal Because the G24SA Card of the S7700 Does Not Support NLB

Publication Date:  2015-11-20 Views:  517 Downloads:  0
Issue Description
[Version information]



[Networking description]

1. The S7700s use CSS cards to establish a CSS as the core gateway of all services. The two chassis of the S7700 use cards of the same type and the slot distribution is the same. The figure shows the card type and slot distribution.

2. The S5700EI connects to the NLB server, and the NLB server works in multicast mode and the MAC address starts with 03BF. The downstream PC connected to the S5700LI needs to access the NLB server of which the MAC address starts with 03BF (the MAC address corresponds to a virtual IP address).

[Networking topology]



[Key configuration script]


S7700:
#                                                                               
arp static 10.28.38.102 03bf-0a1c-2666 vpn-instance Internal_Service
arp static 10.28.38.108 03bf-0a1c-266c vpn-instance Internal_Service
arp static 10.28.38.112 03bf-0a1c-2670 vpn-instance Internal_Service
arp static 10.28.38.132 03bf-0a1c-2684 vpn-instance Internal_Service
arp static 10.28.38.135 03bf-0a1c-2687 vpn-instance Internal_Service
arp static 10.28.38.141 03bf-0a1c-268d vpn-instance Internal_Service
arp static 10.28.38.105 03bf-0a1c-2669 vpn-instance Internal_Service
#
interface Eth-Trunk5
description To_Floor-S5700LI-01_Eth-trunk5
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 8 to 4094
#
interface Eth-Trunk40
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 103 400 to 499
traffic-policy test outbound
mac-address multiport 03bf-0a1c-2666 vlan 403
mac-address multiport 03bf-0a1c-2669 vlan 403
mac-address multiport 03bf-0a1c-266c vlan 403
mac-address multiport 03bf-0a1c-2670 vlan 403
mac-address multiport 03bf-0a1c-2684 vlan 404
mac-address multiport 03bf-0a1c-2687 vlan 404
mac-address multiport 03bf-0a1c-268d vlan 404
#
interface Vlanif100
description Management_IP
ip binding vpn-instance Internal_Service
ip address 172.21.32.1 255.255.255.0
#
interface Vlanif403
description IT_Server_04
ip binding vpn-instance Internal_Service
ip address 10.28.38.97 255.255.255.224
#

[Fault description]

The red line of the networking topology shows that the ping operation fails.
Handling Process
1. Determine the node where packet loss occurs. Collect traffic statistics in the inbound direction of Eth-Trunk 5 and outbound direction of Eth-Trunk 40 on the S7700.

Traffic statistics configuration script:

#
acl number 3000
rule 5 permit ip source 172.21.32.10 0 destination 10.28.38.105 0
#
traffic classifier test operator or precedence 5
if-match acl 3000
#
traffic behavior test
permit
statistic enable
#
traffic policy test
classifier test behavior test
#
interface Eth-Trunk5
traffic-policy test inbound
#
interface Eth-Trunk40
   traffic-policy test outbound
#
 
[S7700]dis traffic policy  statistics  interface  E
th-Trunk 5 inbound
Interface: Eth-Trunk5
Traffic policy inbound: test
Rule number: 1
Current status: OK!
Statistics interval: 300
---------------------------------------------------------------------
Board : 1/1
---------------------------------------------------------------------
Matched          |      Packets:                            42
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                            42
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
Board : 2/1
---------------------------------------------------------------------
Matched          |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
 
[S7700]dis traffic policy  statistics  interface  E
th-Trunk 40 outbound 
 
Interface: Eth-Trunk40
Traffic policy outbound: test
Rule number: 1
Current status: OK!
Statistics interval: 300
---------------------------------------------------------------------
Board : 1/1
---------------------------------------------------------------------
Matched          |      Packets:                            0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                            0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
Board : 2/1
---------------------------------------------------------------------
Matched          |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               -
---------------------------------------------------------------------

The preceding information shows that traffic is discarded on the S7700.

When traffic arrives at XGE 1/3/0/4 of the S7700, the ping operation is normal.

The two test results indicate that the type of the card where inbound traffic is transmitted is different. The fault may be relevant to the card.

2. Perform the ping operation on the S7700 so that traffic is received by multiple identical VLANIF interfaces and different cards. The test result indicates that results of traffic received by the same Layer 3 interfaces on different card are different. Ping packets on the G24SA card are discarded, and ping packets on the X12SA card are normal.

3. The G24SA card does not support NLB.
Root Cause
The ES0D0G24SA00 and ES0D0G24CA00 cards of the S7700 cannot connect to the clients or NLB server cluster.
Solution
The outbound interface of the NLB service is Eth-Trunk 40. Configure a traffic policy to redirect packets destined for the NLB virtual IP address to Eth-Trunk 40. The configuration script is as follows:


traffic classifier test operator or precedence 5 
if-match acl 3000 

traffic behavior test 
permit 
statistic enable 
redirect interface Eth-Trunk40 

traffic policy test 
classifier test behavior test 

traffic-policy test global inbound slot 1/1 
traffic-policy test global inbound slot 2/1 
#
Suggestions
Fault location:

1. Determine the faulty node by configuring traffic statistics collection and obtaining packets through mirroring.

2. Perform the comparison test to determine the problem.

END