Inter-card NLB Service Forwarding Is Abnormal Because the G24SA Card of the S7700 Does Not Support NLB

Issue Description

[Version information]

QQ图片20170804141853

[Networking description]

1. The Huawei S7700s use CSS cards to establish a CSS as the core gateway of all services. The two chassis of the S7700 use cards of the same type and the slot distribution is the same. The figure shows the card type and slot distribution.

2. The Huawei S5700EI connects to the NLB server, and the NLB server works in multicast mode and the MAC address starts with 03BF. The downstream PC connected to the S5700LI needs to access the NLB server of which the MAC address starts with 03BF (the MAC address corresponds to a virtual IP address).

[Networking topology]

QQ图片20170804141953

[Key configuration script]

S7700:
#
arp static 10.28.38.102 03bf-0a1c-2666 vpn-instance Internal_Service
arp static 10.28.38.108 03bf-0a1c-266c vpn-instance Internal_Service
arp static 10.28.38.112 03bf-0a1c-2670 vpn-instance Internal_Service
arp static 10.28.38.132 03bf-0a1c-2684 vpn-instance Internal_Service
arp static 10.28.38.135 03bf-0a1c-2687 vpn-instance Internal_Service
arp static 10.28.38.141 03bf-0a1c-268d vpn-instance Internal_Service
arp static 10.28.38.105 03bf-0a1c-2669 vpn-instance Internal_Service
#
interface Eth-Trunk5
description To_Floor-S5700LI-01_Eth-trunk5
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 8 to 4094
#
interface Eth-Trunk40
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 103 400 to 499
traffic-policy test outbound
mac-address multiport 03bf-0a1c-2666 vlan 403
mac-address multiport 03bf-0a1c-2669 vlan 403
mac-address multiport 03bf-0a1c-266c vlan 403
mac-address multiport 03bf-0a1c-2670 vlan 403
mac-address multiport 03bf-0a1c-2684 vlan 404
mac-address multiport 03bf-0a1c-2687 vlan 404
mac-address multiport 03bf-0a1c-268d vlan 404
#
interface Vlanif100
description Management_IP
ip binding vpn-instance Internal_Service
ip address 172.21.32.1 255.255.255.0
#
interface Vlanif403
description IT_Server_04
ip binding vpn-instance Internal_Service
ip address 10.28.38.97 255.255.255.224
#

[Fault description]

The red line of the networking topology shows that the ping operation fails.

Handling Process

  1. Determine the node where packet loss occurs. Collect traffic statistics in the inbound direction of Eth-Trunk 5 and outbound direction of Eth-Trunk 40 on the S7700.

    Traffic statistics configuration script:

    #
    acl number 3000
    rule 5 permit ip source 172.21.32.10 0 destination 10.28.38.105 0
    #
    traffic classifier test operator or precedence 5
    if-match acl 3000
    #
    traffic behavior test
    permit
    statistic enable
    #
    traffic policy test
    classifier test behavior test
    #
    interface Eth-Trunk5
    traffic-policy test inbound
    #
    interface Eth-Trunk40
    traffic-policy test outbound
    #

    [S7700]dis traffic policy  statistics  interface  E
    th-Trunk 5 inbound
    Interface: Eth-Trunk5
    Traffic policy inbound: test
    Rule number: 1
    Current status: OK!
    Statistics interval: 300
    ———————————————————————
    Board : 1/1
    ———————————————————————
    Matched          |      Packets:                            42
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Passed         |      Packets:                            42
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Dropped        |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Filter       |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————
    Car          |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————
    Board : 2/1
    ———————————————————————
    Matched          |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Passed         |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Dropped        |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Filter       |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————
    Car          |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————

    [S7700]dis traffic policy  statistics  interface  E
    th-Trunk 40 outbound

    Interface: Eth-Trunk40
    Traffic policy outbound: test
    Rule number: 1
    Current status: OK!
    Statistics interval: 300
    ———————————————————————
    Board : 1/1
    ———————————————————————
    Matched          |      Packets:                            0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Passed         |      Packets:                            0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Dropped        |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Filter       |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————
    Car          |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————
    Board : 2/1
    ———————————————————————
    Matched          |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Passed         |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Dropped        |      Packets:                             0
    |      Bytes:                               –
    |      Rate(pps):                           0
    |      Rate(bps):                           –
    ———————————————————————
    Filter       |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————
    Car          |      Packets:                             0
    |      Bytes:                               –
    ———————————————————————

    The preceding information shows that traffic is discarded on the S7700.

    When traffic arrives at XGE 1/3/0/4 of the S7700, the ping operation is normal.

    The two test results indicate that the type of the card where inbound traffic is transmitted is different. The fault may be relevant to the card.

    2. Perform the ping operation on the S7700 so that traffic is received by multiple identical VLANIF interfaces and different cards. The test result indicates that results of traffic received by the same Layer 3 interfaces on different card are different. Ping packets on the G24SA card are discarded, and ping packets on the X12SA card are normal.

    3. The G24SA card does not support NLB.

Root Cause

The ES0D0G24SA00 and ES0D0G24CA00 cards of the S7700 cannot connect to the clients or NLB server cluster.

Solution

The outbound interface of the NLB service is Eth-Trunk 40. Configure a traffic policy to redirect packets destined for the NLB virtual IP address to Eth-Trunk 40. The configuration script is as follows:

#
traffic classifier test operator or precedence 5
if-match acl 3000
#
traffic behavior test
permit
statistic enable
redirect interface Eth-Trunk40
#
traffic policy test
classifier test behavior test
#
traffic-policy test global inbound slot 1/1
traffic-policy test global inbound slot 2/1
#

Suggestions

Fault location:

1. Determine the faulty node by configuring traffic statistics collection and obtaining packets through mirroring.

2. Perform the comparison test to determine the problem.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s