AR3260 双出口,公网用户telnet外网口地址卡顿

发布时间:  2016-06-13 浏览次数:  203 下载次数:  0
问题描述

问题现象:

AR3260作为出口设备,双wan接入(后描述为AB口),公网pc telnet任意一个wan口登录之后执行命令卡顿

 

组网:


处理过程

1、测试内网用户telnet内网口正常,查看设备自身cpu等正常。

2、 外网口AB俩口,down掉其中一个,外网用户telnet另外一个外网口一切正常。

3、清空两个wan口接口下计数查看,外部pc访问A口,A口input方向入包为58,AB两个口出方向都有output包计数

<Huawei>display interface Ethernet 0/0/0
Ethernet0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2016-06-08 14:50:44
Description:HUAWEI, AR Series, Ethernet0/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 202.1.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4cb1-6c90-0681
Last physical up time : 2016-06-08 14:50:44
Last physical down time : 2016-06-08 14:50:34
Current system time: 2016-06-08 15:26:51
Port Mode: COMMON COPPER
Speed : 100, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO, Clock : -
Last 300 seconds input rate 584 bits/sec, 0 packets/sec
Last 300 seconds output rate 16 bits/sec, 0 packets/sec
Input peak rate 600 bits/sec,Record time: 2016-06-08 15:26:37
Output peak rate 88 bits/sec,Record time: 2016-06-08 15:26:37

Input: 58 packets, 4292 bytes
Unicast: 58, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0

CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0

Output: 20 packets, 2210 bytes
Unicast: 20, Multicast: 2
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0

Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0

Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%


<Huawei>display interface Ethernet 0/0/8
Ethernet0/0/8 current state : UP
Line protocol current state : UP
Last line protocol up time : 2016-06-08 14:54:14
Description:HUAWEI, AR Series, Ethernet0/0/8 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 203.1.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 4cb1-6c90-0682
Last physical up time : 2016-06-08 14:50:54
Last physical down time : 2016-06-08 14:50:35
Current system time: 2016-06-08 15:26:58
Port Mode: COMMON COPPER
Speed : 100, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO, Clock : -
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 576 bits/sec, 0 packets/sec
Input peak rate 0 bits/sec,Record time: -
Output peak rate 704 bits/sec,Record time: 2016-06-08 15:26:17

Input: 0 packets, 0 bytes
Unicast: 0, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0

CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0

Output: 47 packets, 3230 bytes
Unicast: 45, Multicast: 2
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0

Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0

Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0%
Output bandwidth utilization : 0.01%

 

 

根因

公网pc telent路由器A口,部分回包从B口回,导致telnet流量卡顿


解决方案

使用本地策略路由的方法,使得外部用户telnetA口时,A口的回包只能从A口回去

配置如下:

acl number 3001

 rule 10 permit ip source 58.17.186.154 0

 

policy-based-route lab1 permit node 10

 if-match acl 3001

 apply ip-address next-hop 58.17.186.153

 

 

ip local policy-based-route lab1

建议与总结

原理描述:

本地策略路 pbr由是指导本机发送的流量(设备ping流量,telnet、web登录设备等)

普通的接口策略路由 traffic-policy 是指导转发流量的(过路流量)

END