For some IP signaling bearer network, NE40 acts as network backbone device and accesses softswitch signaling through transmission MSTP. Client reports that softswitch service is out of service for 40 seconds and recovers one day. And then it is found that the continuity of IP bearer network breaks about 10 seconds.
1. NGN is out of service for 40 seconds and recovers.
2. The continuity of IP bearer network breaks about 10 seconds.
3. The rate of broadcast traffic of NE40 connecting transmission MSTP is about 20M seconds.
1. Change configuration of transmission to avoid loop.
2. The leaky bucket value handled by CPU (No 22 leaky bucket is ARP sent one) is configured as 2K.
3. Configure static ARP entry between NE40. The broadcast collison will not cause ARP entry to lose.
The configuration of tranmission MSTP is false and results in loop. So there is much ARP broadcast attack. The attack traffic exceeds tolerance upper limit 2229 packets/s (1.5M) of NE40. CPU is very busy and cannot handle protocol packets (e.g. Hello packet of routing protocol). The device is down.
For important network, it can be optimized according to actual situation. Make traffic control for packets handled by CPU to improve its robustness.