【华为】环路引起交换机CPU占用率高的业务时通时不通问题

现象描述

某网络迁移改造，将原网中的核心层设备部署为接入层设备，即从三层变为二层。如图所示，网络迁移完成后，从核心层设备向接入层设备的管理IP地址发起Ping测试，发现时通时不通，并且核心层设备输出VRRP主备状态频繁切换的告警。

故障组网图

在Switch_1上出现如下告警信息：

Sep 17 2015 21:46:11+08:00 DS_02 VRRP/3/VRRPMASTERDOWN:OID 1.3.6.1.4.1.2011.5.25.127.2.30.1 The state of VRRP changed from master to other state.(VrrpIfIndex=143, VrId=48, IfIndex=143, IPAddress=11.91.127.239, NodeName=DS_02, IfName=Vlanif948, CurrentState=2, ChangeReasnotallow=priority calculation)
Sep 17 2015 21:46:11+08:00 DS_02 %%01VRRP/4/STATEWARNINGMEV1R3(l):Virtual Router state BACKUP changed to MASTER, because of protocol timer expired. (Interface=Vlanif948, VrId=48).
Sep 17 2015 21:46:11+08:00 DS_02 %%01VRRP/4/STATEWARNINGMEV1R3(l):Virtual Router state MASTER changed to BACKUP, because of priority calculation. (Interface=Vlanif948, VrId=48).

原因分析

网络中存在环路。

问题判断

1. 查看VRRP备份组的状态信息。

<Switch_1> display vrrp brief
VRID State       Interface         Type    Virtual IP   
--------------------------------------------------------
3    Backup      Vlanif903         Normal  10.93.4.30   
5    Backup      Vlanif599         Normal  11.91.127.94 
14   Backup      Vlanif914         Normal  10.93.41.126 
24   Backup      Vlanif924         Normal  10.93.32.126 
25   Backup      Vlanif925         Normal  10.93.32.254
…………

发现Switch_1在该备份组中作为Backup，且状态都为正常。

1. 查看上送CPU的VRRP协议报文统计信息。

<Switch_1> display cpu-defend vrrp statistics all
Statistics on mainboard:
-------------------------------------------------------------------------------
Packet Type         Pass(Bytes)  Drop(Bytes)   Pass(Packets)   Drop(Packets)
-------------------------------------------------------------------------------
vrrp                          0            0               0               0
-------------------------------------------------------------------------------
Statistics on slot 1:
-------------------------------------------------------------------------------
Packet Type         Pass(Bytes)  Drop(Bytes)   Pass(Packets)   Drop(Packets)
-------------------------------------------------------------------------------
vrrp                          0            0               0               0
-------------------------------------------------------------------------------
Statistics on slot 4:
-------------------------------------------------------------------------------
Packet Type         Pass(Bytes)  Drop(Bytes)   Pass(Packets)   Drop(Packets)
-------------------------------------------------------------------------------
vrrp                79880066214   2581617736      1174644777        37950869
-------------------------------------------------------------------------------

发现Switch_1的4号接口板上有大量丢包。

2. 查看端口状态统计信息。

<Switch_1> display interface brief
…………
Interface                   PHY   Protocol  InUti OutUti   inErrors  outErrors
Eth-Trunk1                  up    up          31%    31%         0          0
GigabitEthernet4/0/22       up    up          0.72%  81%         0          0
GigabitEthernet4/0/23       up    up          81%    0.73%       2          0
Ethernet0/0/0               down  down        0%     0%          0          0
…………
GigabitEthernet4/0/0        up    up          0%    81%          0          0
GigabitEthernet4/0/1        up    up          0%    81%          0          0
GigabitEthernet4/0/2        up    up          0%    81%          2          0
GigabitEthernet4/0/3        up    up          0%    81%          0          0
GigabitEthernet4/0/4        up    up          0%    81%          0          0
GigabitEthernet4/0/5        up    up          0%    81%          0          0
GigabitEthernet4/0/6        up    up          0%    81%          0          0
GigabitEthernet4/0/7        up    up          0%    81%          0          0
GigabitEthernet4/0/8        up    up          0%    82%          0          0
GigabitEthernet4/0/9        up    up          0%    82%          0          0
GigabitEthernet4/0/10       up    up          0%    82%          0          0
GigabitEthernet4/0/11       down  down        0%    0%           0          0
GigabitEthernet4/0/12       up    up          0%    82%          0          0
GigabitEthernet4/0/13       up    up          0%    82%          0          0
GigabitEthernet4/0/14       up    up          0%    82%          0          0
GigabitEthernet4/0/15       up    up          0%    82%          0          0
GigabitEthernet4/0/16       up    up          0%    82%          0          0
GigabitEthernet4/0/17       up    up          0.01% 82%          0          0
GigabitEthernet4/0/18       up    up         82%     0%          0          0
GigabitEthernet4/0/19       up    up         87%    82%          0          0
GigabitEthernet4/0/20       down  down        0%     0%          0          0
GigabitEthernet4/0/21       up    up          0.01%  0.01%       0          0
LoopBack500                 up    up(s)       0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0
Vlanif599                   up    up          --     --          0          0
…………

发现GigabitEthernet4/0/19端口出方向的平均带宽利用率达到80%以上，应该存在环路，并且GigabitEthernet4/0/18和GigabitEthernet4/0/19端口的入方向流量统计也到达80%以上，初步判断是这两个端口下挂的设备引起环路导致。 

3. 手工shutdown端口利用率超限的端口GigabitEthernet4/0/18和GigabitEthernet4/0/19，再查看上送CPU的VRRP协议报文统计信息，发现VRRP协议报文Drop统计数不再增加。同时Ping其他接入层设备的管理地址发现可以Ping通。

4. 检查Switch_1的GigabitEthernet4/0/18和GigabitEthernet4/0/19两个端口下接的接入层设备，这两台交换机都是其他厂商设备，排查后发现，由于这两台设备都是三层设备，没有开启STP协议，部署成二层设备时，未添加开启STP的命令，导致环路。

解决方案

1. 在Switch_1的GigabitEthernet4/0/18和GigabitEthernet4/0/19两个端口下接的接入层设备上开启STP。
2. 从Switch_1上undo shutdown端口GigabitEthernet4/0/18和GigabitEthernet4/0/19，查看STP状态和接口流量，业务恢复正常。

建议与总结

在网络流量不稳定时，可以通过接口流量状态查看是否有环路，并根据收发状态猜测环路的源头，尽快关闭端口来临时解决问题，分析出根因后，再实施解决方案。