Procedure
- If the number of dropped ARP packets keeps increasing, run the display cpu-usage command to view the CPU usage.
<HUAWEI> display cpu-usage
CPU Usage Stat. Cycle: 60 (Second)
CPU Usage : 7% Max: 80%
CPU Usage Stat. Time : 2016-06-17 02:34:38
CPU utilization for five seconds: 7%: one minute: 7%: five minutes: 9%
Max CPU Usage Stat. Time : 2016-05-20 00:31:17.
- If the CPU usage is in the normal range but ARP packets are dropped, increase the CPCAR value for ARP.
Run the
display cpu-defend configuration command to view the CPCAR setting for the ARP packets sent to the CPU.
<HUAWEI> display cpu-defend configuration all
Car configurations on mainboard.
------------------------------------------------------------------
Packet Name Status Cir(Kbps) Cbs(Byte) Queue Port-Type
------------------------------------------------------------------
¡¡
arp-miss Enabled 64 10000 3 NA
arp-reply Enabled 128 16000 3 NA
arp-request Enabled 128 16000 3 NA
Based on the previous CPU statistics, increase the CPCAR value for ARP.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] car packet-type arp-reply cir 128
[HUAWEI-cpu-defend-policy-test] car packet-type arp-miss cir 128
[HUAWEI-cpu-defend-policy-test] car packet-type arp-request cir 128
[HUAWEI-cpu-defend-policy-test] quit
[HUAWEI] cpu-defend-policy test //Apply the policy globally.
- If the switch has a high CPU usage, do not increase the CPCAR value. Instead, find out the attack source.