某局点 S12500X-AF升级后直连fw不通，对端arp学习异常问题

/

/

接到某公司反馈一组S12500X备FW互联，升级后版本到R2820+H03后，与备FW直连不通，业务走主FW，业务暂未受影响：

我们的表项学习正常：

  ===============display mac-address=============== 

MAC Address      VLAN ID    State            Port/Nickname            Aging

642f-c7c7-51f1   1015       Learned          BAGG1015                 Y

  ===============display arp all=============== 

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VLAN/VSI name Interface                Aging Type

10.112.255.236  642f-c7c7-51f1 1015          BAGG1015                 1200  D  

抓包只看到发送过来的报文：

Debug我们却有收有发：

*Oct 12 20:57:52:480 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_RCV: -MDC=1-Slot=0; Received an ARP message, operation: 1, sender MAC: 642f-c7c7-51f1, sender IP: 10.112.255.236, target MAC: 0000-0000-0000, target IP: 10.112.255.233

*Oct 12 20:57:52:480 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_SEND: -MDC=1-Slot=0; Sent an ARP message, operation: 2, sender MAC: 0000-5e00-010f, sender IP: 10.112.255.233, target MAC: 642f-c7c7-51f1, target IP: 10.112.255.236

*Oct 12 20:57:52:480 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_RCV: -MDC=1-Slot=0; Received an ARP message, operation: 1, sender MAC: 642f-c7c7-51f1, sender IP: 10.112.255.236, target MAC: 0000-0000-0000, target IP: 10.112.255.234

*Oct 12 20:57:52:481 2022 CA1-F4-4F-Z03-OA-CORE1-S12504 ARP/7/ARP_SEND: -MDC=1-Slot=0; Sent an ARP message, operation: 2, sender MAC: 74ea-c828-0001, sender IP: 10.112.255.234, target MAC: 642f-c7c7-51f1, target IP: 10.112.255.236

从debug信息分析，问题锁定在设备发包环节上，进一步对应的物理端口，发现物理UP，但底层被错误的STP block了：

Aggregate Interface: Bridge-Aggregation1015

Creation Mode: Manual

Aggregation Mode: Dynamic

Loadsharing Type: Shar

Management VLANs: None

System ID: 0x8000, 74ea-c828-0000

Local:

  Port                Status   Priority Index    Oper-Key               Flag

  XGE0/0/11           S        32768    9        9                      {ACDEF}

  XGE0/0/12           S        32768    18       9                      {ACDEF}

Remote:

  Actor               Priority Index    Oper-Key SystemID               Flag  

  XGE0/0/11(R)        32768    292      3        0x8000, 642f-c7c7-51f0 {ACDEF}

  XGE0/0/12           32768    293      3        0x8000, 642f-c7c7-51f0 {ACDEF}

#

interface Bridge-Aggregation1015

description to_WIFI-FW01-outside

port access vlan 1015

link-aggregation mode dynamic

stp edged-port

#

====bcm slot 0 chip 0 ps==== 

xe11( 11)  up     10G  FD   SW  No     Block          None   FA     SR 12284    

xe12( 12)  up     10G  FD   SW  No   Forward          None   FA     SR 12284   

  ====debug port mapping chassis 1 slot 0==== 

[Interface]       [Unit] [Port] [Name] [Combo?] [Active?] [IfIndex] [MID] [Link]

=======================================================================

 XGE0/0/11        0       11    xe11    no        no      0xb       0     up

 XGE0/0/12        0       12    xe12    no        no      0xc       0     up

 XGE0/0/13        0       13    xe13    no        no      0xd       0     up

因此可以锁定是版本已知问题：

202203150167

 问题现象：震荡DR接口，概率出现DR聚合成员端口被STP BLOCK。

 问题产生条件：全局使能STP，震荡DR接口。

 说明：对于已有问题的环境，安装补丁后需要先shutdown/undo shutdown接口恢复。

综上，现场打H03补丁前触发了已知问题，T0/0/11口底层错误STP block了，所以转发不通，现场已经部署H03补丁，只要shutdown/undo shutdown T0/0/11即可恢复。