Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ADPIPV4
ADPIPV4/4/CPCAR_TTL1_DROP
Message
ADPIPV4/4/CPCAR_TTL1_DROP: The number of packets sent to the CPU exceed the threshold [ULONG]. (Slot=[STRING], CPCARType=[STRING], DiscardPacketCount=[STRING], Reason="[STRING]")
Description
The device receives a large number of TTL-expired packets, which are then discarded because the packet rate exceeds CPCAR settings.
If the number of received TTL-expired packets exceeds 30,000 in a detection period (10 minutes), the packets are discarded. If packet loss occurs in three consecutive detection periods, the log is generated. If packet loss still occurs in the next detection period after the log is printed, the log is printed every 10 minutes. If packet loss no longer occurs in the next detection period after the log is generated, the device does not print the log until packet loss occurs in three consecutive detection periods again.
- Run the reset cpu-defend statistics command to clear statistics on packets sent to the CPU. Then the number of lost packets and the number of consecutive detection periods during which packet loss occurs are recalculated. If this command is run in a subsequent detection period after the log is generated, and the number of received TTL-expired packets exceeds 30,000 and packet loss occurs in the remaining time of the detection period, the log is printed every 10 minutes.
- After an active/standby switchover is performed, the number of lost packets and the number of consecutive detection periods during which packet loss occurs are recalculated.
Parameters
| Parameter Name | Parameter Meaning |
|---|---|
Slot |
Indicates the slot ID. |
CPCARType |
Indicates the CPCAR type.
|
DiscardPacketCount |
Indicates the number of discarded packets. |
Reason |
Indicates the reasons for packet discarding.
|
Possible Causes
Cause 1: A routing loop occurs on the network.
Cause 2: The device is attacked by TTL-expired packets.
Procedure
- Run the display cpu-defend statistics command in the user view multiple times to check whether the number of discarded TTL-expired packets continuously increases.
- If the number of discarded TTL-expired packets does not continuously increase and current services are normal, no action is required.
- If the number of discarded TTL-expired packets continuously increases, go to step 2.
- Check whether a routing loop occurs on the network. If so, eliminate the loop.
- Check whether the device is under an TTL-expired packet attack. If so, you are advised to configure the CPU attack defense policy to reduce the number of TTL-expired packets sent to the CPU and identify the attack source based on the source address and port information of attack packets.
- If the alarm persists after the routing loop and attack packets are removed, collect log information and configuration information, and then contact technical support personnel. You can collect diagnostic information using the display diagnostic-information command.
