FAQ-根据交换机ttl-expired告警日志如何排查网络中是否有路由环路

发布时间:  2016-02-01 浏览次数:  496 下载次数:  0
问题描述

交换机上产生大量的ttl-expired告警日志,如何排查网络中是否有路由环路:

===============display logbuffer===============
Feb  1 2016 10:57:58 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[0]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=ttl-expired, CIR/CBS=64/12032, ExceededPacketCount=283)
Feb  1 2016 09:57:58 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[2]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=ttl-expired, CIR/CBS=64/12032, ExceededPacketCount=12) 
Feb  1 2016 09:37:58 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[4]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=ttl-expired, CIR/CBS=64/12032, ExceededPacketCount=2)
Feb  1 2016 09:17:58 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[5]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=ttl-expired, CIR/CBS=64/12032, ExceededPacketCount=10)
Feb  1 2016 09:07:58 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[6]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=ttl-expired, CIR/CBS=64/12032, ExceededPacketCount=19)
Feb  1 2016 08:57:58 HUAWEI %%01DEFD/4/CPCAR_DROP_MPU(l)[7]:Rate of packets to cpu exceeded the CPCAR limit on the MPU. (Protocol=ttl-expired, CIR/CBS=64/12032, ExceededPacketCount=320)

 

解决方案
1、 执行命令查看ttl报文是否持续增长:
display  cpu-defend  statistics  packet-type  ttl-expired slot  0

2、找个没有使用的3000-3999的acl配置:
acl number 3999                                                                
rule 5 permit ip ttl-expired

3、执行以下命令打印上送的ttl=1报文:
< S5700>debugging  ip packet  acl 3999
< S5700>terminal debugging
< S5700>terminal monitor
< S5700>debugging timeout 0

4、如果报文太多, 建议开两个窗口, 一个窗口用于打日志, 一个窗口用于关闭日志:
< S5700>undo debugging all
< S5700>terminal debugging 
< S5700>terminal monitor


5、根据打印出的目的ip, 进行tracert操作, 看看是否存在路由环路。

END