Routing loop trigger CPU high usage rate in case of fault analysis

Publication Date:  2012-12-18 Views:  336 Downloads:  0
Issue Description
 Network speed slow, interface flow greater than usual.
Alarm Information
None.
Handling Process
Show interface flow, found some interface flow is larger, at the same time, CPU usage is high.
<USG50>disp cpu 
===== Current CPU usage info ===== 
CPU Usage Stat. Cycle: 20 (Second) 
CPU Usage            : 63%
CPU Usage Stat. Time : 2000-04-02  19:54:06 
CPU Usage Stat. Tick : 0x117(CPU Tick High) 0x6fb7258e(CPU Tick Low) 
Actual Stat. Cycle   : 0x0(CPU Tick High) 0x143e6d83(CPU Tick Low)
 
19:54:07  04-02-2000


To view the IP statistical information was found to have a large TTL overflow message.

<USG50>disp ip stat 
  Input:   sum                     1421      local                          0  
           bad protocol            0           bad format                0 
           bad checksum        0           bad options               0 
           TTL exceeded       144441   
  Output:  forwarding         0            local                           1442 
           dropped                  0           no route                       0 
  Fragment:input                0           output                          0 
           dropped                  0    
           fragmented             0           couldn't fragment         0  
  Reassembling:sum         0             timeouts                     0 
  ReassemMBufErrs:         0 
03:08:22  04-02-2000 
<USG50>  

Show interface IP statistical information, found a large number of invalid TTL message.

Ethernet0/0/1 current state : UP
Line protocol current state : UP
The Maximum Transmit Unit : 1500 bytes      
ip fast-forwarding mode is QFF        
ip fast-forwarding outgoing packets is Enable
ip fast-forwarding on the same-interface is Disable
input packets :   14238, bytes : 1195355, multicasts : 0 
output packets : 14160, bytes : 792960,   multicasts : 0
ARP packet input number:           2 
  Request packet:                         0   
  Reply packet:                              2  
  Unknown packet:                        0   
Internet Address is        100.1.1.1/24  
Broadcast address :     100.1.1.255 
TTL invalid packet number:    144220
ICMP packet input number:          0
  Echo reply:                          0
  Unreachable:                       0
  Source quench:                   0
  Routing redirect:                  0
  Echo request:                      0 
  Router advert:                      0 
  Router solicit:                      0 
  Time exceed:                      0 
  IP header bad:                     0  
  Timestamp request:            0 
  Timestamp reply:                0 
  Information request:            0 
  Information reply:                 0 
  Netmask request:                0  
  Netmask reply:                    0 
  Unknown type:                     0  
DHCP packet deal mode:  global   

Through the above information should be judged existing routing loop, resulting in abnormal flow of message TTL, default is 255, when the loop, a message will be after 255 jumps until the TTL value reduced to 0 will be discarded, so this part of the flow will be amplified, affect the normal traffic forwarding.3 layer loop is generally more difficult to judge the accuracy of the loop position, requires a combination of tracert to analyze loop path, then the hop-by-hop routing inspection equipment, the most common is the default routing configuration due to improper part of the destination address of the message generating loop.
Root Cause
Network speed slow reason the general number of flow leads to congestion, network devices transmit delay increases, link packet loss resulted in increase of retransmission, overloading the server, while the flow of large it is possible that normal traffic, network attack, network loop produces abnormal flow.
Suggestions
Routing loop problems are improper configuration, good configuration specification is the effective method to avoid routing loop.

END