Network 一个关于网络问题的解决过程 发表于 2022-01-24 浏览量 532 没有评论 # 前期 最近几天,陆陆续续有同事反映网络有些许卡顿,到他电脑前就马上好了,基本上反映就只有他一个人(反映人数不多,自我意识也是觉得可能是他电脑问题),但是不是所以都卡顿,本人也发现有时候网络不太OK,但是问了旁边的伙伴说还可以,我就没太在意,以为是自己的电脑的问题,再过来两天左右,还是反应网络不稳定,第一时间检查自建的DNS,因为首选是114.114.114.114,以为这个不稳定,于是就换了广州电信的dns,但是并未改善(也未收到反馈),经过三天,ARP及转发表全面爆发,全公司网络卡断了,断断续续,根本不能使用,随即而来的是公司几百号人的@我,作为公司的network-administrator这时候是有点慌的。。(自研的英文语法,勿喷,哈哈哈!) # 解决过程 ## 1、检查日志 登录路由器后台,发现,会话使用率几乎接近100%,还发现有arp工具,丢包。。(日志网上参照的,解决问题时候未保留日志) ``` <Huawei> display logbuffer Logging buffer configuration and contents: enabled Allowed max buffer size: 1024 Actual buffer size: 512 Channel number: 4, Channel name: logbuffer Dropped messages: 0 Overwritten messages: 167 Current messages: 512 Mar 5 2021 15:47:25+08:00 Huawei %%01FORWARD/4/SESSION-RES-LACK(l)[135]:The device session resources were overloaded.(Usage = 94%) Mar 5 2021 16:29:25+08:00 Huawei %%01FORWARD/4/CAP-BLOCK-RES-LACK(l)[259]:The block memory resources were overloaded.(Usage = 97%) Mar 5 2021 16:34:25+08:00 Huawei %%01FORWARD/4/SESSION-RES-LACK(l)[261]:The device session resources were overloaded.(Usage = 92%) Mar 5 2021 16:43:25+08:00 Huawei %%01FORWARD/4/CAP-BLOCK-RES-LACK(l)[273]:The block memory resources were overloaded.(Usage = 96%) Sep 9 2014 16:01:55+00:00 Huawei %%01SECE/4/PORT_ATTACK(l)[0]:Port attack occurred.(Slot=MPU, SourceAttackInterface=GigabitEthernet0/0/0, OuterVlan/InnerVlan=0/0, AttackPackets=64 packets per second) Sep 9 2014 16:01:54+00:00 Huawei %%01DEFD/4/CPCAR_DROP_MPU(l)[1]:Some packets are dropped by cpcar on the MPU. (Packet-type=arp-miss, Drop-Count=770) Sep 9 2014 16:01:54+00:00 Huawei %%01DEFD/4/CPCAR_DROP_MPU(l)[2]:Some packets are dropped by cpcar on the MPU. (Packet-type=arp-request, Drop-Count=3458) ``` ## 2、处理session问题 先处理导致上不了网的先。session 100%应该是导致上不了网的根源,之前也有发现过有丢包的,但不至于全部断网。 ``` <Huawei> system-view [Huawei] diagnose # 进入诊断模式 [Huawei-diagnose] display session statistics top 10 order-by source-ip # 查看前十名的占用比例 Session statistic top 10 (Condition: Source IP, Service: SESSION, Items: 10, Total Sessions: 25768) ------------------------------------------------------------------------------------------------- TOP-N IP/Port Counts Percentage(%) ------------------------------------------------------------------------------------------------- 1 192.168.1.99 19714 76.505744 2 192.168.1.88 5988 23.238125 3 192.168.1.165 9 0.034927 ``` 可以看到 192.168.1.99,单个IP占了全局的百分之76%,不正常,可能存在攻击行为。 ``` [Huawei-diagnose] display session statistics top 10 order-by destination-port Session statistic top 10 (Condition: Destination Port, Service: SESSION, Items: 10, Total Sessions: 25768) ------------------------------------------------------------------------------------------------- TOP-N IP/Port Counts Percentage(%) ------------------------------------------------------------------------------------------------- 1 445 15486 60.097796 2 1433 9565 37.119683 3 3389 648 2.514747 ``` 进一步查看攻击的端口,查到IP及端口处理起来就方便了,新建acl拒绝攻击的IP即可。(最后发现是自建的服务被黑导致,升级后解决问题。)
