★ Cloud AP ARP Broadcast Storm Problem
- 0 Followed
- 0Collected ,1420Browsed
Network Topology
Network topology
Problem Description
Switches experiencing high timeout, packet drop.
Open multiple windows to ping all access switches from the core switch at the same time, some are normal and some have a lot of RTOs.
Process Analysis
In the core switch display stp brief to view the port role is normal, there is no stp tc message growth, no stp blocking. dis mac-address mac-move found that there is a large number of mac-move, and mac-move port group has many groups. Try shutdown suspicious ports of mac-move record growth, but the effect is not obvious, and the problem of pinging the access switch from the core still persisted.
Check the log, a large number of arp exceeds the threshold, the arp request is discarded, and the log prints out the corresponding source mac.
In the probe view, debug rxtx softcar and see that there is arp over-speed software packet loss.
The debug arp packet sees that the sending source IP of the ARP packet is basically the IP segment of the AP, presumably the switch side receives the ARP broadcast storm from the AP.
Subsequently confirmed with the wireless product line engineers learned that when there are 2 or more APs in FAT, OASIS, Cloud, Anchor mode grouped in the network, and the APs open rrop anti-bmc network function, wireless terminal roaming between APs will trigger a broadcast storm, resulting in abnormal wireless service problems.
A technical announcement has been issued for this issue:
Solution
Workaround:
Disable the rrop anti-bmc network function to avoid this issue. This function is a wireless broadcast multicast control function, and the disable operation does not affect the wireless service. The command line reference is as follows:
[H3C] rrop anti-bmc network disable
Notes:
1) For versions before R2446P03/E2446P03 (exclusive.) and after R2452P02/E2452P02 (exclusive.), the rrop anti-bmc network function is disabled by default, if you enable the rrop anti-bmc network function manually, you need to implement the above workaround measures.
2) After R2446P03/E2446P03 (inclusive) and before R2452P02/E2452P02 (exclusive), the rrop anti-bmc network function is enabled by default; if the rrop anti-bmc network function is not manually disabled, the above workaround measures should be implemented.