Slow Network Access Due to an ARP Conflict

Publication Date:  2015-07-03 Views:  362 Downloads:  0
Issue Description
Networking:



Fault Symptom:

The USG2200 serves as an intranet gateway and connects to a customer network. According to a customer report, the network access is slow, and a ping test to the URLs of Sina and Baidu is found to have a long delay and packet loss.
Handling Process
1. On an intranet PC, ping the intranet and extranet interfaces on the USG2200, the next-hop address, and the public address hop by hop. Check the network delays and packet loss.

Configure the intranet PC to ping intranet interface E2/0/0 10.100.20.1 of the USG2200.


C:\Users\xxx\Desktop\IPOP>ping 10.100.20.1 -t

Pinging 10.100.20.1 with 32 bytes of data:
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=3ms TTL=255
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=2ms TTL=255
Reply from 10.100.20.1: bytes=32 time=5ms TTL=255
Reply from 10.100.20.1: bytes=32 time=6ms TTL=255


Configure the intranet PC to ping extranet interface E0/0/0 192.168.10.235 of the USG2200.

C:\Users\xxx\Desktop\IPOP>ping 192.168.10.235 -t

Pinging 192.168.10.235 with 32 bytes of data:
Reply from 192.168.10.235: bytes=32 time=5ms TTL=255
Reply from 192.168.10.235: bytes=32 time=3ms TTL=255
Reply from 192.168.10.235: bytes=32 time=2ms TTL=255
Reply from 192.168.10.235: bytes=32 time=4ms TTL=255
Reply from 192.168.10.235: bytes=32 time=2ms TTL=255
Reply from 192.168.10.235: bytes=32 time=2ms TTL=255
Reply from 192.168.10.235: bytes=32 time=2ms TTL=255
Reply from 192.168.10.235: bytes=32 time=4ms TTL=255
Reply from 192.168.10.235: bytes=32 time=3ms TTL=255
Reply from 192.168.10.235: bytes=32 time=2ms TTL=255
¡­¡­


Configure the intranet PC to ping next-hop address 192.168.10.1 of the USG2200.

C:\Users\ xxx \Desktop\IPOP>ping 192.168.10.1 -t

Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time=238ms TTL=253
Reply from 192.168.10.1: bytes=32 time=323ms TTL=253
Reply from 192.168.10.1: bytes=32 time=195ms TTL=253
Reply from 192.168.10.1: bytes=32 time=337ms TTL=253
Request timed out.
Request timed out.
Reply from 192.168.10.1: bytes=32 time=299ms TTL=253
Reply from 192.168.10.1: bytes=32 time=501ms TTL=253
Reply from 192.168.10.1: bytes=32 time=201ms TTL=253
Reply from 192.168.10.1: bytes=32 time=224ms TTL=253
Request timed out.
Reply from 192.168.10.1: bytes=32 time=353ms TTL=253
Reply from 192.168.10.1: bytes=32 time=389ms TTL=253
Reply from 192.168.10.1: bytes=32 time=500ms TTL=253
Reply from 192.168.10.1: bytes=32 time=362ms TTL=253
Reply from 192.168.10.1: bytes=32 time=277ms TTL=253
Reply from 192.168.10.1: bytes=32 time=187ms TTL=253
Request timed out.
Reply from 192.168.10.1: bytes=32 time=320ms TTL=253
......


Configure the internet PC to ping the Baidu URL: www.baidu.com.

C:\Users\Guojixiang\Desktop\IPOP>ping www.baidu.com -t

Pinging www.a.shifen.com [61.135.169.105] with 32 bytes of data:
Reply from 61.135.169.105: bytes=32 time=68ms TTL=54
Reply from 61.135.169.105: bytes=32 time=69ms TTL=54
Reply from 61.135.169.105: bytes=32 time=21ms TTL=54
Reply from 61.135.169.105: bytes=32 time=53ms TTL=54
Request timed out.
Reply from 61.135.169.105: bytes=32 time=136ms TTL=54
Reply from 61.135.169.105: bytes=32 time=83ms TTL=54
Reply from 61.135.169.105: bytes=32 time=131ms TTL=54
Reply from 61.135.169.105: bytes=32 time=30ms TTL=54
Reply from 61.135.169.105: bytes=32 time=60ms TTL=54
Reply from 61.135.169.105: bytes=32 time=346ms TTL=54
Reply from 61.135.169.105: bytes=32 time=277ms TTL=54
Reply from 61.135.169.105: bytes=32 time=309ms TTL=54
Reply from 61.135.169.105: bytes=32 time=215ms TTL=54
Request timed out.
Reply from 61.135.169.105: bytes=32 time=124ms TTL=54
Reply from 61.135.169.105: bytes=32 time=106ms TTL=54
Reply from 61.135.169.105: bytes=32 time=186ms TTL=54
Reply from 61.135.169.105: bytes=32 time=105ms TTL=54
Reply from 61.135.169.105: bytes=32 time=22ms TTL=54
Request timed out.
Reply from 61.135.169.105: bytes=32 time=91ms TTL=54
Reply from 61.135.169.105: bytes=32 time=99ms TTL=54
Reply from 61.135.169.105: bytes=32 time=156ms TTL=54
Reply from 61.135.169.105: bytes=32 time=133ms TTL=54
¡­¡­


Based on the ping results, the network delay is short and no packet is discard during the ping from the intranet PC to the intranet interface of the USG2200, the network delay becomes longer and packets start to be discarded during the ping from the intranet PC to the next-hop address of the USG2200, the delay is longest and lots of packets are discarded during the ping from the intranet PC to the public network. It is concluded that a fault occurs in the link between the USG2200 and its next-hop device.

2. Check the logbuff of the USG2200. Lots of logs on an ARP conflict are generated. Specifically, the ARP conflict occurs on extranet interface Ethernet0/0/0 of the USG2200.

%2013-07-07 21:33:20 USG %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address 192.168.10.235 from Ethernet0/0/0, source MAC is 0024-xxxx-xxxx!
%2013-07-07 21:33:15 USG %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address 192.168.10.235 from Ethernet0/0/0, source MAC is 0024-xxxx-xxxx!
%2013-07-07 21:33:10 USG %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address 192.168.10.235 from Ethernet0/0/0, source MAC is 0024-xxxx-xxxx!
%2013-07-07 21:33:05 USG %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address 192.168.10.235 from Ethernet0/0/0, source MAC is 0024-xxxx-xxxx!
%2013-07-07 21:33:00 USG %%01ARP/4/DUP_IPADDR(l): Receive an ARP packet with duplicate ip address 192.168.10.235 from Ethernet0/0/0, source MAC is 0024-xxxx-xxxx!


3. The ARP conflict on E0/0/0 indicates that another device on the broadcast domain connected to E0/0/0 has the same IP address (192.168.10.235) as E0/0/0. As a result, when other devices send ARP requests that carry IP address address 192.168.10.235, both the device and E0/0/0 respond to the ARP requests, causing the ARP conflict. In this case, the downstream device of the USG2200 may update the ARP entry with IP address 192.168.10.235. 192.168.10.235 may not identify E0/0/0 of the USG2200. Therefore, network access services on the intranet PC may be affected. After the downstream device updates the ARP entry and the IP address in the ARP entry identifies E0/0/0 of the USG2200, network access services become normal. As a result, the Internet access is slow, and lots of packets are discarded.

4. Locate conflicting devices based on MAC address conflicts. A wireless router conflicts with the USG2200. After the wireless router is removed from the network, the slow network access, long delay, and packet loss problems are resolved.
Root Cause
The slow network access, long network delays, and ping packet loss are caused by an ARP conflict between E0/0/0 of the USG2200 and its connected device on the broadcast domain. Because of the ARP conflict, the MAC address in the ARP entry on the downstream device of the USG2200 constantly changes.
Solution
Locate the devices where the ARP conflict occurs and eliminate the ARP conflict.

END