USG9560防火墙(V5R1C20SPC2)主备状态协商异常

发布时间:  2016-07-12 浏览次数:  205 下载次数:  0
问题描述

设备类型:USG9560;系统版本:USG9560V500R001C20SPC200;

组网拓扑:

配置脚本:interface 10GE1/1/0
description TO_M1/1J0203/27U_FW-A_E8000E_10.X.x.x_10GE1/1/0
undo negotiation auto
eth-trunk 0
quit
interface 10GE2/1/0
description TO_M1/1J0203/27U_FW-A_E8000E_10.X.x.x_10GE2/1/0
undo negotiation auto
eth-trunk 0
quit
interface eth-trunk 0
description TO_M1/1J0203/27U_FW-A_E8000E_10.0.253.37_ETH-TRUNK0
ip address 192.168.1.2 24
quit
hrp enable
undo hrp preempt     
hrp interface eth-trunk 0 remote 192.168.1.3
hrp mirror session enable

故障现象:

命令查看设备的hrp状态:

HRP_S<dgd411fwhw60>dis hrp state
2016-07-05 03:50:16.000
Role: standby, peer: active (should be "active-standby")
Running priority: 49014, peer: 49014
Core state: abnormal(standby), peer: abnormal(active)
Backup channel usage: 0.00%
Stable time: 0 days, 0 hours, 16 minutes
Last state change information: 2016-07-05 3:33:42 HRP core state changed, old_state = normal, new_state = abnormal(standby), local_priority = 49012, peer_priority = 49014.

发现本端备机优先级正常49014;对端配置为主机的优先级异常;


告警信息

查看相关信息,发现如下:

1.Jul  4 2016 20:55:22 dgd411fwhw60 %%01SRM/4/CPU_RESET(l)[5573]:SPU7 CPU0 was reset, the reason was: login fail.


处理过程

1.查看hrp端口状态;发现各自端口状态正常

HRP_S<dgd411fwhw60>dis ip int brief
2016-07-05 03:45:27.900
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
(E): E-Trunk down
The number of interface that is UP in Physical is 7
The number of interface that is DOWN in Physical is 12
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 13

Interface                         IP Address/Mask      Physical   Protocol 
Aux0/0/1                          unassigned           down       down     
Eth-Trunk0                        192.168.1.2/24       up         up       
GigabitEthernet0/0/0              192.168.0.1/24       down       down   

2.查看设备配置,配置正确

3.查看设备版本,主备一致

4.查看设备SPU板卡CPU核心状态:

 HRP_S<dgd411fwhw60>dis dev pic-status
2016-07-05 03:49:52.060
Pic-status information in Chassis 1:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SLOT PIC Status     Type                   Port_count Init_result   Logic down  Registered Cpu
1    0   Registered ETH_1x40GC_B_CARD      1          SUCCESS       SUCCESS    
1    1   Registered LAN_WAN_6x10GF_B_CARD  6          SUCCESS       SUCCESS    
2    0   Registered ETH_1x40GC_B_CARD      1          SUCCESS       SUCCESS    
2    1   Registered LAN_WAN_6x10GF_B_CARD  6          SUCCESS       SUCCESS    
7    0   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU1         
7    1   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU2,CPU3    
8    0   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU0,CPU1    
8    1   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU2,CPU3   

5.查看DIAG信息及告警信息  


根因

经查,发现SPU板卡有一个cpu出现异常,没有注册成功

1.Jul  4 2016 20:55:22 dgd411fwhw60 %%01SRM/4/CPU_RESET(l)[5573]:SPU7 CPU0 was reset, the reason was: login fail.

由防火墙的优先级计算影响因素考虑,CPU注册失败导致主机优先级减二,导致主备优先级同为49014;


解决方案

解决方案:

1.开启hrp枪占模式

2.重启cpu注册异常单板

1.Jul  5 2016 03:33:43 dgd411fwhw60 %%01SRM/4/PICPOWEROFF(l)[7342]:SPU7 PIC0 powered off, the reason was: PIC0 power off from command.

结果:

1.Jul  5 2016 04:04:03 dgd411fwhw60 %%01SRM/4/CPUREGISTER(l)[8356]:SPU7 CPU0 registered successfully.


HRP_S<dgd411fwhw61>dis device pic-status 

2016-07-05 12:02:55.240 

Pic-status information in Chassis 1:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SLOT PIC Status     Type                   Port_count Init_result   Logic down  Registered Cpu

1    0   Registered ETH_1x40GC_B_CARD      1          SUCCESS       SUCCESS     

1    1   Registered LAN_WAN_6x10GF_B_CARD  6          SUCCESS       SUCCESS     

2    0   Registered ETH_1x40GC_B_CARD      1          SUCCESS       SUCCESS     

2    1   Registered LAN_WAN_6x10GF_B_CARD  6          SUCCESS       SUCCESS     

7    0   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU0,CPU1     

7    1   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU2,CPU3     

8    0   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU0,CPU1     

8    1   Registered SPU_CARD_TYPE_SPCB     0          SUCCESS       SUCCESS     CPU2,CPU3     

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

新的HRP状态:

HRP_M<dgd411fwhw60>dis hrp state

2016-07-05 04:05:02.170 

 Role: active, peer: standby

 Running priority: 49016, peer: 49014

 Core state: abnormal(active), peer: abnormal(standby)

 Backup channel usage: 0.00%

 Stable time: 0 days, 0 hours, 7 minutes

 Last state change information: 2016-07-05 4:04:56 HRP core state changed, old_state = normal, new_state = abnormal(active), local_priority = 49016, peer_priority = 49014.

异常恢复

END