ADPIPV4
ADPIPV4/4/CPCAR_TTL1_DROP
Message
ADPIPV4/4/CPCAR_TTL1_DROP: The number of packets sent to the CPU exceed the threshold [ULONG]. (Slot=[STRING], CPCARType=[STRING], DiscardPacketCount=[STRING], Reason="[STRING]")
Description
The device receives a large number of TTL-expired packets, which are then discarded because the packet rate exceeds CPCAR settings.
- Run the reset cpu-defend statistics command to clear statistics on packets sent to the CPU. Then the number of lost packets and the number of consecutive detection periods during which packet loss occurs are recalculated. If this command is run in a subsequent detection period after the log is generated, and the number of received TTL-expired packets exceeds 30,000 and packet loss occurs in the remaining time of the detection period, the log is printed every 10 minutes.
- After an active/standby switchover is performed, the number of lost packets and the number of consecutive detection periods during which packet loss occurs are recalculated.
Parameters
Parameter Name | Parameter Meaning |
---|---|
Slot |
Indicates the slot ID. |
CPCARType |
Indicates the CPCAR type.
|
DiscardPacketCount |
Indicates the number of discarded packets. |
Reason |
Indicates the reasons for packet discarding.
|
Possible Causes
Cause 1: A routing loop occurs on the network.
Cause 2: The device is attacked by TTL-expired packets.
Procedure
- Run the display cpu-defend statistics command in the user view multiple times to check whether the number of discarded TTL-expired packets continuously increases.
- If the number of discarded TTL-expired packets does not continuously increase and current services are normal, no action is required.
- If the number of discarded TTL-expired packets continuously increases, go to step 2.
- Check whether a routing loop occurs on the network. If so, eliminate the loop.
- Check whether the device is under an TTL-expired packet attack. If so, you are advised to configure the CPU attack defense policy to reduce the number of TTL-expired packets sent to the CPU and identify the attack source based on the source address and port information of attack packets.
- If the alarm persists after the routing loop and attack packets are removed, collect log information and configuration information, and then contact technical support personnel. You can collect diagnostic information using the display diagnostic-information command.