某局点S5135S-48T4X-EI-Q ARP广播影响业务
组网及说明
接入S5135SBAGG52---汇聚S6520X BAGG4---汇聚S6520X BAGG48---核心7506XGBAGG42,汇聚接入均为二层。
问题描述
现场反馈出现全网业务丢包,将S5135S从连接汇聚的接口shutdown后恢复正常。现场更换另一台S5135S后,网络依然正常。
过程分析
故障时5135S info-center功能被关闭,而且更换交换机过程设备断电重启,一些重要信息没办法看到。
从6520X侧可以看到MAC地址漂移,但是现场检查过没有环路。
S6520X聚合成员口1/0/4接口下看广播流量占比比较大
Ten-GigabitEthernet1/0/4
Current state: Administratively DOWN
Line protocol state: DOWN(LAGG)
Input (total): 3185919532 packets, 335722928103 bytes
67601997 unicasts, 2717793455 broadcasts, 400524080 multicasts, 0 pauses
Input (normal): 3185919532 packets, - bytes
S6520X故障时间还有不少上送softcar丢包的,丢包看起来主要是ARP和ND报文。
%@4963%Mar 12 08:15:34:394 2026 SZV_L_Z3_1FIDF_A1_4.8_B&S_Dis DRVPLAT/4/DRVPLAT_SOFTCAR_DROP:
PktType=IPV6_ND_PASS, SrcMAC=484d-7ec9-1fff, Dropped from interface=Ten-GigabitEthernet1/0/4 at Stage=0, StageCnt=299, TotalCnt=599, MaxRateInterface=Ten-GigabitEthernet1/0/4.
31 ARP 0 1047681 51665 1000 S On SMAC 8 -
S7506X-G从聚合4收到大量广播报文,从其它端口泛洪出去,引起对端设备拥塞,发送pause帧。
interface Ten-GigabitEthernet2/0/0/42
port link-mode bridge
description To_SZV_L_Z3_1FIDF_A1_4.8_B&S_Dis
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 4 32 40 48 54 96 120 122 124
port trunk permit vlan 126 152 to 157
port link-aggregation group 4
%@486088%Mar 12 02:21:26:075 2026 SZV_L_Z2_MDF_4.1_Core IFMON/4/IFMON_INPUT_BC_RAPID_CHANGE: -Chassis=2-Slot=0; The incoming broadcast traffic of Ten-GigabitEthernet2/0/0/42 suddenly exceeds the threshold. Threshold=20000, current value=34097.
%@486097%Mar 12 02:21:26:687 2026 SZV_L_Z2_MDF_4.1_Core IFMON/4/IFMON_INPUT_BC_RAPID_CHANGE: -Chassis=1-Slot=0; The incoming broadcast traffic of Ten-GigabitEthernet1/0/0/42 suddenly exceeds the threshold. Threshold=20000, current value=167312.
%@486089%Mar 12 02:21:25:619 2026 SZV_L_Z2_MDF_4.1_Core IFMON/4/IFMON_RX_PAUSE_FRAME_RISING: -Chassis=2-Slot=1; The number of received pause frames on Ten-GigabitEthernet2/1/0/3 exceeds the upper threshold. Upper threshold=500, lower threshold=100, value=1026, interval=10s.
%@486090%Mar 12 02:21:25:619 2026 SZV_L_Z2_MDF_4.1_Core IFMON/4/IFMON_RX_PAUSE_FRAME_RISING: -Chassis=2-Slot=1; The number of received pause frames on Ten-GigabitEthernet2/1/0/4 exceeds the upper threshold. Upper threshold=500, lower threshold=100, value=1016, interval=10s.
在核心下其他接入与汇聚的日志里也可以看到收到大量arp等报文
Mar 12 2026 14:01:47+08:00 SZV_L_Z2_1FZC12A_4.235_S_Acc %%01DEFD/6/CPCAR_DROP_LPU(l)[1483]:Rate of packets to cpu exceeded the CPCAR limit on the LPU in slot 0. (Protocol=arp-request, CIR/CBS=128/24064, ExceededPacketCount=24157)
Mar 12 2026 14:01:47+08:00 SZV_L_Z2_1FZC12A_4.235_S_Acc %%01DEFD/6/CPCAR_DROP_LPU(l)[1484]:Rate of packets to cpu exceeded the CPCAR limit on the LPU in slot 0. (Protocol=dhcp-server, CIR/CBS=170/31960, ExceededPacketCount=5286659)
Mar 12 2026 14:01:47+08:00 SZV_L_Z2_1FZC12A_4.235_S_Acc %%01DEFD/6/CPCAR_DROP_LPU(l)[1485]:Rate of packets to cpu exceeded the CPCAR limit on the LPU in slot 0. (Protocol=dhcpv6-request, CIR/CBS=256/48128, ExceededPacketCount=4520152)
Mar 12 2026 14:02:58+08:00 SZV_L_Z2_1FZC12A_4.235_S_Acc %%01SECE/6/PORT_ATTACK_END(l)[1486]:Auto port-defend stop. (SourceAttackInterface=XGigabitEthernet0/0/3, AttackProtocol=ARP-REQUEST, ExceededPacketCountInSlot=3145)
Mar 12 2026 16:10:32+08:00 SZV_L_Z2_1FZC12A_4.235_S_Acc %%01MSTP/6/RECEIVE_MSTITC(l)[1487]:MSTP received BPDU with TC, MSTP process 0 instance 0, port name is Eth-Trunk1. (VlanId=0, SrcMAC=000f-e207-f2e0)
这种情况一般是接入侧有环路,但现场检查链路没有环路,判断是故障交换机发生回弹报文了。另外现场客户的接入放通了所有vlan,导致影响范围扩大。
解决方法
1、更换故障设备.
2、重新规划接口vlan配置。
3、可以通过broadcast-suppression 对广播流量进行限制。