No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The Voice Service Is Interrupted Because the MA5606T Encounters the ARP Attack

Publication Date:  2012-07-25 Views:  107 Downloads:  0

Issue Description

Networking: Soft3000---SE2300---NE40---S8505≡≡≡≡≡≡three OLTs<<<<<<Multi-MA5606T
OLT: V800R105C33B015
MxU: SmartAX MA5600 V800R005C23B052
The voice services on the MxU devices connected to the three OLTs are interrupted. 

Alarm Information


Handling Process

1. Enable the broadcast suppression on the OLT, and set the level of the broadcast suppression to 4.
{ portid<U><0,7>|all<K> }:all
{ broadcast<K>|multicast<K>|unicast<K> }:broadcast
{ value<K> }:value
{ value<L><1,13> }:4
traffic-suppress all broadcast value 4
The number of the ARP attack packets received by the MDU on the network side is limited to 95 per second, which ensures that the CPU usage of the MDU does not exceed 70%.
2. On the router of the upper layer datacom device, add a black hole route, through which the ARP attack packets on the existing network are transmitted to the address that does not exist. In this case, the packet flooding is prevented.
3. Run the ring check enable command to enable the loop detection function on the MDU to prevent the loop on the user side. 

Root Cause

The fault is caused by the upper layer device that encounters the ARP attack. The attack packets are forwarded to the MA5680T through the S8505. The ARP attack causes the CPU overload (80%-100%) of the MDU. To ensure that the device can run in the normal state, the MDU provides the call restriction function for the CPU usage. By default, when the CPU usage exceeds 70%, the call is restricted, and thus the service is interrupted.