华为交换机广播抑制造成网络异常

2021年10月9日 7066点热度 20人点赞 0条评论

背景

局域网中大概有600-700台使用的电脑，最近有个别电脑出现网络偶尔性闪断的情况，造成业务无法正常进行。经过重做水晶头等方式，确定了线路是正常的。还是无法解决。

处理步骤

一、查看交换机的日志发现，交换机里面有大量的接口异常信息。

Apr 25 2021 18:10:18 MT037 %%01MSTP/4/SET_PORT_FORWARDING(l)[316]:In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as forwarding.
Apr 25 2021 18:10:14 MT037 %%01IFPDT/4/IF_STATE(l)[317]:Interface GigabitEthernet0/0/35 has turned into UP state.
Apr 25 2021 18:10:12 MT037 %%01IFADP/4/PORTUPINFO(l)[318]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))
Apr 25 2021 18:10:11 MT037 %%01IFPDT/4/IF_STATE(l)[319]:Interface GigabitEthernet0/0/35 has turned into DOWN state.
Apr 25 2021 18:10:11 MT037 %%01IFADP/4/PORTDOWNINFO(l)[320]:Interface GigabitEthernet0/0/35 has turned into DOWN state. (Information=Physical state: down, Negotiation: enable, Negotiation complete: no, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))
Apr 25 2021 17:23:15 MT037 %%01MSTP/4/SET_PORT_FORWARDING(l)[321]:In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as forwarding.
Apr 25 2021 17:23:11 MT037 %%01IFPDT/4/IF_STATE(l)[322]:Interface GigabitEthernet0/0/35 has turned into UP state.
Apr 25 2021 17:23:09 MT037 %%01IFADP/4/PORTUPINFO(l)[323]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))
Apr 25 2021 17:23:08 MT037 %%01IFADP/4/PORTDOWNINFO(l)[324]:Interface GigabitEthernet0/0/35 has turned into DOWN state. (Information=Physical state: down, Negotiation: enable, Negotiation complete: no, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))
Apr 25 2021 17:23:07 MT037 %%01IFADP/4/PORTUPINFO(l)[325]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))
Apr 25 2021 17:23:05 MT037 %%01IFADP/4/PORTDOWNINFO(l)[326]:Interface GigabitEthernet0/0/35 has turned into DOWN state. (Information=Physical state: down, Negotiation: enable, Negotiation complete: no, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))
Apr 25 2021 17:23:05 MT037 %%01IFPDT/4/IF_STATE(l)[327]:Interface GigabitEthernet0/0/35 has turned into DOWN state.

Apr 25 2021 18:10:18 MT037 %%01MSTP/4/SET_PORT_FORWARDING(l)[316]:In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as forwarding.

Apr 25 2021 18:10:14 MT037 %%01IFPDT/4/IF_STATE(l)[317]:Interface GigabitEthernet0/0/35 has turned into UP state.

Apr 25 2021 18:10:12 MT037 %%01IFADP/4/PORTUPINFO(l)[318]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 25 2021 18:10:11 MT037 %%01IFPDT/4/IF_STATE(l)[319]:Interface GigabitEthernet0/0/35 has turned into DOWN state.

Apr 25 2021 18:10:11 MT037 %%01IFADP/4/PORTDOWNINFO(l)[320]:Interface GigabitEthernet0/0/35 has turned into DOWN state. (Information=Physical state: down, Negotiation: enable, Negotiation complete: no, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 25 2021 17:23:15 MT037 %%01MSTP/4/SET_PORT_FORWARDING(l)[321]:In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as forwarding.

Apr 25 2021 17:23:11 MT037 %%01IFPDT/4/IF_STATE(l)[322]:Interface GigabitEthernet0/0/35 has turned into UP state.

Apr 25 2021 17:23:09 MT037 %%01IFADP/4/PORTUPINFO(l)[323]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 25 2021 17:23:08 MT037 %%01IFADP/4/PORTDOWNINFO(l)[324]:Interface GigabitEthernet0/0/35 has turned into DOWN state. (Information=Physical state: down, Negotiation: enable, Negotiation complete: no, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 25 2021 17:23:07 MT037 %%01IFADP/4/PORTUPINFO(l)[325]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 25 2021 17:23:05 MT037 %%01IFADP/4/PORTDOWNINFO(l)[326]:Interface GigabitEthernet0/0/35 has turned into DOWN state. (Information=Physical state: down, Negotiation: enable, Negotiation complete: no, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 25 2021 17:23:05 MT037 %%01IFPDT/4/IF_STATE(l)[327]:Interface GigabitEthernet0/0/35 has turned into DOWN state.

通过以上截取的日志分析：

1. 接口状态DOWN的时候，物理线路还是正常的，只是在协商两端的速率。

2. 当速率协商成功后，接口状态变为UP。

3. 当状态变为UP后，经过了4秒后，将端口STP状态设置为FORWARDING。

二、通过以上日志判断，有可能是由于STP广播报文过量导致端口异常。

经过百度搜索，找到了华为案例库里面出现过些类的情况。

三、去除广播抑制

因为华为设备上默认会有端口广播抑制的功能。默认为10%，可以通过broadcast-suppression 100设置为不限制。

在交换机接口下配置如下：

配置完成后，经过半天测试没有再出现此类问题。

四、解决方案

将局域网中所有交换机的下联终端口设置为stp edged-port，解决由于终端电脑上下线、休眠等原因导致的端口状态改变，造成STP广播报文过多，端口抑制功能触发的问题。

状态设置完毕后，端口日志状态如下：

Apr 26 2021 07:56:27 MT037 %%01MSTP/4/SET_PORT_FORWARDING(l)[0]:In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as forwarding. 
Apr 26 2021 07:56:27 MT037 %%01MSTP/4/SET_PORT_LEARNING(l)[1]:In process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as learning. 
Apr 26 2021 07:56:27 MT037 %%01IFPDT/4/IF_STATE(l)[2]:Interface GigabitEthernet0/0/35 has turned into UP state. Apr 26 2021 07:56:26 MT037 %%01IFADP/4/PORTUPINFO(l)[3]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

Apr 26 2021 07:56:27 MT037 %%01MSTP/4/SET_PORT_FORWARDING(l)[0]:In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as forwarding.

Apr 26 2021 07:56:27 MT037 %%01MSTP/4/SET_PORT_LEARNING(l)[1]:In process 0 instance 0, MSTP set port GigabitEthernet0/0/35 state as learning.

Apr 26 2021 07:56:27 MT037 %%01IFPDT/4/IF_STATE(l)[2]:Interface GigabitEthernet0/0/35 has turned into UP state. Apr 26 2021 07:56:26 MT037 %%01IFADP/4/PORTUPINFO(l)[3]:Interface GigabitEthernet0/0/35 has turned into UP state. (Information=Physical state: up, Negotiation: enable, Negotiation complete: yes, Local full-duplex(10M: yes, 100M: yes, 1000M: yes), Local half-duplex(10M: yes, 100M: yes, 1000M: no), Remote full-duplex(10M: yes, 100M: yes, 1000M: yes), Remote half-duplex(10M: yes, 100M: yes, 1000M: no))

通过日志分析：

在接口变为UP状态后，立即将STP状态转为FORWARDING。

备注：

配置流量抑制示例

配置流量抑制后的广播、未知单播和组播报文的速率为接口速率的 %

1. 进入接口视图

<Quidway> system-view 
[Quidway] interface gigabitethernet 2/0/12

1 2	<Quidway> system-view [Quidway] interface gigabitethernet 2/0/12

2. 配置广播流量抑制

[Quidway-GigabitEthernet2/0/12] broadcast-suppression 80

1	[Quidway-GigabitEthernet2/0/12] broadcast-suppression 80

3. 配置组播流量抑制

[Quidway-GigabitEthernet2/0/12] multicast-suppression 80

1	[Quidway-GigabitEthernet2/0/12] multicast-suppression 80

4. 配置未知单播流量抑制

[Quidway-GigabitEthernet2/0/12] unicast-suppression 80

1	[Quidway-GigabitEthernet2/0/12] unicast-suppression 80

5. 验证配置结果

执行命令display flow-suppression interface查看GE0/0/1接口下的流量抑制配置情况。

<Quidway> display flow-suppression interface gigabitethernet 2/0/12 
storm type rate mode set rate value 
------------------------------------------------------------------------------- 
unknown-unicast percent percent: 80% 
multicast percent percent: 80% 
broadcast percent percent: 80% 
-------------------------------------------------------------------------------