背景
本年度二季度为某客户巡检数通设备(Huawei居多)时,在某楼宇汇聚设备上display logbuffer发现存在大量告警,如下:
Jun 8 2023 15:34:24 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[58]:Last message repeated 2 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 15:23:41 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[59]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 14:53:41 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[60]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 14:14:24 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[61]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 13:44:24 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[62]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 13:14:24 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[63]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 12:53:41 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[64]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 12:34:24 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[65]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)
Jun 8 2023 12:04:24 AGG-S5720-1 %%01INFO/4/SUPPRESS_LOG(l)[66]:Last message repeated 1 times.(InfoID=4280946690, ModuleName=DEFD, InfoAlias=CPCAR_DROP_MPU)设备型号及版本:
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.160 (S5720 V200R007C00SPC500)
Copyright (C) 2000-2014 HUAWEI TECH CO., LTD
HUAWEI S5720-36C-EI-28S-AC Routing Switch uptime is a weeks, b days, c hours, d minutes现有信息梳理
针对告警内容查找相应官网资料:
INFO - S1700, S2720, S5700, S6700 V200R019C10 日志参考 - 华为
设备中没有看到最早一条的告警消息,寻找上一季度巡检报告以及所收集的设备巡检信息,发现上一季度已存在相关告警,但未在报告中指出问题。
由日志参数可知日志所属模块为“DEFD”,日志别名为“CPCAR_DROP_MPU”,针对该关键词继续检索。
虽然设备日志中未出现与官方案例中一致的信息,但“CPCAR_DROP_MPU”条目下只存在这一条说明,故暂时推测上送CPU的报文速率超过了CPCAR的速率限制,导致部分报文被丢弃。
图中关于针对该告警的处理步骤为:
控制上送CPU的报文速率在CPCAR的限制阈值内或执行car packet-type packet-type cir cir-value [ cbs cbs-value ]命令配置合理的CPCAR限速值。
关于CPCAR:
CPCAR - 华为
关于配置动态自适应调整协议报文的默认CPCAR值:
配置动态自适应调整协议报文的默认CPCAR值 - S2720, S5700, S6700 V200R020C00 配置指南-安全 - 华为
实验环境下的相关命令测试
笔者的实验设备型号及版本如下:
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (S5720 V200R010C00SPC600)
Copyright (C) 2000-2016 HUAWEI TECH CO., LTD
HUAWEI S5720-28P-PWR-LI-AC Routing Switch uptime is 0 week, 0 day, 0 hour, 15 minutes和客户现场设备一样,不属于支持“CPCAR值的动态自适应调整功能”设备范畴。
由于对何种类型报文被设备CPU丢弃,故依照如下案例对较常见的ARP-Request报文进行减少限速配置:
car(防攻击策略视图) - S300, S500, S1700, S2700, S5700, S6700 V200R021C10 命令参考 - 华为
[Quidway]cpu-defend policy test
[Quidway-cpu-defend-policy-test]car packet-type ?8021x 8021x packet arp-reply ARP reply packet arp-request ARP request packet bpdu-tunnel BPDU packet capwap-ctrl CAPWAP-CTRL packet dhcp-client DHCP client DHCPv6 reply packetdhcp-server DHCP server DHCPv6 request packeteth-ring SMLK RRPP SEP ERPS packet fib-hit Host route hit packet ftp FTP packet https HTTPS packet icmp ICMP packetigmp IGMP packetldt LDT packet nd IPV6 ND packet ospf OSPF packetpppoe PPPOE packet rip RIP RIPNG packet telnet Telnet packet vbst VBST packet vbst-trunk VBST packet for eth-trunk vrrp VRRP packet [Quidway-cpu-defend-policy-test]car packet-type arp-request cir 64 cbs 640000
Warning: Improper parameter settings may affect stable operating of the system. Use this command under assistance of Huawei engineers. Continue? [Y/N]:y注:
由于对于现场情况不够了解,故本文只用作对于未来可能需要现场进行配置调整前的相关概念/配置的提前熟悉与参考。
如有相关经验或处理过相关案例的前辈们,欢迎指点。
