A certain site's S5130S-28P-EI exceeded specifications usage caused Layer 3 forwarding failure for some cross-subnet services

source address 172.10.1.10 ---------------- 1/0/20vlaif 10 (5130s-ei gateway)-vlanif31 GE1/0/5 -------------- destination address 172.31.5.6

Traffic measurement found ping172.31.5.6 request packets lost at the 1/0/5 out orientation of the gateway

Comparison between the ARP issued表象 and the actual address

[sw-probe]display  arp 172.31.5.6

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VLAN/VSI name Interface                Aging Type

172.31.5.6      5cf2-8681-bab3 31            GE1/0/5                  1165  D 

underlying issuance as follows

[sw-probe]debug ipv4-drv show arp 0 172.31.5.6 slot 1

**********************************************************

- IPv4 ARP Information Slot 1

**********************************************************

--- UNIT: 0 ---

- RouteType: 0

- VRF:            0

- IP ADDR:        172.31.5.6

- LOCATION:      Lpm

- EGRESS ID:      1

- URPFCheckEnable: No

- SipSaCheckMismatchEnable: No

- Ipv6MCGroupScopeLevel: 0

- NextHopType: 0

- NextHopIndex: 1

- Cmd: 3 black hole

- CpuIndex: 1

- CountSet: 1

- SpecificCpuCodeEnable: Yes

- UcPacketSipFilterEnable: No

- IsTunnelStart: No

- ttlHopLimitDecEnable: No

- MtuProfileIndex: 0x0

- ARPPointer: 0x0

- TunnelPointer: 0x0

- NextHopInterfaceType: 0

- VLAN: 0 Not vlan31

- DMOD:          0

- DPORT: 62 Egress interface is not 1/0/5

- TRUNK:          0

- VIDX:          0

- MAC ADDR: 98f1-12af-148c //Not the actual MAC of the terminal

Normal ARP表象 for other normal destinations are as follows

[sw-probe]dis arp 172.31.5.7

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VLAN/VSI name Interface                Aging Type

172.31.5.7      5cf2-8681-baa7 31            GE1/0/5                  1195  D   

[HIK-probe]debug ipv4-drv show arp 0 172.31.5.7 slot 1

**********************************************************

- IPv4 ARP Information Slot 1

**********************************************************

--- UNIT: 0 ---

- RouteType: 0

- VRF:            0

- IP ADDR:        172.31.5.7

- LOCATION:      Lpm

- EGRESS ID:      681

- URPFCheckEnable: No

- SipSaCheckMismatchEnable: No

- Ipv6MCGroupScopeLevel: 0

- NextHopType: 0

- NextHopIndex: 681

- Cmd: 5 Forwarding表象

- CpuIndex: 0

- CountSet: 2

- SpecificCpuCodeEnable: Yes

- UcPacketSipFilterEnable: No

- IsTunnelStart: No

- ttlHopLimitDecEnable: Yes

- MtuProfileIndex: 0x0

- ARPPointer: 0x2a1

- TunnelPointer: 0x0

- NextHopInterfaceType: 0

- VLAN:          31 

- DMOD:          0

- DPORT: 4 Interface corresponds to 1/0/5

- TRUNK:          0

- VIDX:          0

- MAC ADDR: 5cf2-8681-baa7 Destination terminal MAC

The following command can assist in viewing resource utilization and preliminarily determine insufficient specifications

  ===============debug l3intf-drv show statistics slot 1===============  

**********************************************************

- L3INTF Statistics Slot 1 MDC 1

----------------------------------------------------------

**********************************************************

- ARP

SPECIFICATION: 896 specifications

COUNT: 888 used

        NHCOUNT:          0

- IPV4 ROUTE

SPECIFICATION: 1000 specifications

COUNT: 954 used

acknowledge

ARP+IPV4+ECMP=1024 where ECMP occupies 128 fixedSo the remaining arp+ipv4 is1024-128== 896. Check platform dis fib count exceeds 896, exceeding resources.

  ===============display fib=============== 

Destination count: 961 FIB entry count: 961

172.31, 5.6 The entry view is not a forwarding entry but a black hole, indicating that this mac+ip may have been involved in an attack or was unreachable before, so it was denied. This does not affect learning new ARP.

Replace high specifications device or modify the network to enable Layer 2 forwarding