Version: NE80E V300R002C06B325
Network topology: The S8505 is connected with the NE80E through four GE links. OSPF is enabled on each link to establish four neighbors.
Fault symptom: Only two OSPF neighbors are established, and the other two fail to be established.
220.127.116.11 18.104.22.168 1 36 Vlan-interface235 Full/DR
22.214.171.124 126.96.36.199 1 37 Vlan-interface236 Full/DR
188.8.131.52 184.108.40.206 1 40 Vlan-interface202 Init
220.127.116.11 18.104.22.168 1 36 Vlan-interface229 Init
Capture packets at the downlink of NP. The source IP address of the packets is the IP address of Gigabit 2/0/1 and the destination IP address is 244.0.0.5. The packets are multicast packets.
[NE80E-diag-ne5000]efu me slo 2 e d ring-packet fwd_to_cp h 10
0100 5E00 0005 0018 821F 7833 0800 45C0
0040 3701 0000 0159 B3AB XXXX XXXX E000
0005 0201 002C DB81 160A 0000 0000 1C23
0000 0000 0000 0000 0000 FFFF FFFC 000A
The source IP address is a local IP address, which indicates that the packets are attack packets. Configure an ACL to filter out the attack packets. After the packets are filtered out, the OSPF neighbors can be established. The problem is solved.
22.214.171.124 126.96.36.199 1 40 Vlan-interface202 full
188.8.131.52 184.108.40.206 1 36 Vlan-interface229 full
Configure an ACL rule on the NE80E to check whether the NE80E can receive OSPF packets from the S8505. The test shows that the NE80E receives no such packets.
[NE80E-acl-basic-2008]rule 5 permit source 21.10.X.X 0
<NE80E>debug ip packet acl 2008
OSPF global debugging state:
OSPF EVENT debugging is on
IP packet debugging is on ( ACL:2008 )
Info:Current terminal monitor is on
Info:Current terminal debugging is on
Enable the debugging of the messages, but no information can be displayed. Therefore, no packet sent from S8505 is received at the OSPF layer. The packets may be lost on the links, or discarded at a lower layer. Check whether there is abnormal count for discarded packets at the lower layer. There is no abnormal discarding, but a large number of OSFP packets are delivered to the upper layer.
[NE80E-diag-ne5000]efu me slo 2 i d c a c
[ EXCP_ID_IPV4_RESERVED_MC_OSPF ] = 2411654 ( 0x24CC86 )
Delivering a large number of OSPF packets will cause packet loss on CP-CAR. Display the count of CP-CAR packet loss.
[NE80E-diag-ne5000]efu qos cp-car cnt_show 2 clear
Excp ID : Green : Yellow : Red
16 P : 0x00000000000024ba : 0x0000000000000000 : 0x000000000025e077
B : 0x00000000000b30ac : 0x0000000000000000 : 0x000000000b8a6364
Delivering a large number of packets prevents normal packets from being sent to the upper layer. Therefore, all the OSPF neighbors of the interfaces on the interface board cannot be established (on slot 2).
To solve such problems caused by OSPF attack packets, configure ACLs to filter out attack packets.