Networking overview: Two Cisco devices and the NE08E-S6 constitute a VRRP group. A gateway is deployed on routers to provide external network access for office users at the site.
Symptom: After the master VRRP is switched to the NE08E-S6, terminals at the site randomly experience the packet loss issue during access the external network or cross-network-segment access. The packet loss rate is about 30%. After the configuration is manually refreshed, the service is restored. However, the problem persists after a period of time. The problem is resolved after the VRRP is switched back to the Cisco router.
Device information: NE08E-S6 V200R006C20SPC600
Patch version: V200R006SPH216.pat
Login in to the NE08E-S6 to view ARP entries. It is found that the faulty terminal fails to generate ARP entries through automatic learning during the period when the fault occurs.
Add static ARP entries. The faulty terminal is restored. The capacity issue of ARP entries is ruled out.
Configure a traffic statistics collection policy on the interfaces connecting the NE08E-S6 and internal server. Packet loss does not occur on the interfaces.
Run the display cpu-defend car arp statistics command to check ARP packet loss. It is found that lots of ARP packets are lost and the number keeps increasing.
Check the ARP forwarding performance on the NE08E-S6. It is found that the threshold of the rate at which ARP packets are transmitted on an NE08E-S6 interface is 20 PPS.
Run the arp rate-limit command on the interfaces connecting the NE08E-S6 and internal server to adjust the threshold of the rate at which ARP packets are transmitted.
The ARP entries of the NE08E-S6 are not independent entries. A default policy is used to control the threshold of the rate at which ARP packets are transmitted (By default, the threshold of the rate at which ARP packets are sent on a device is 300 PPS, and the threshold of the rate at which ARP packets are sent on an interface is 20 PPS).
Increase the threshold of arp rate-limit on the interface. Note that an increased threshold may lead to increasing CPU usage. Therefore, slightly increase the threshold for many times, instead of setting the value high at a time.
Move the gateway downwards to the core switch so that the NE08E-S6 is not used to directly learn ARP entries of terminals.