NAT_1.3.6.1.4.1.2011.5.25.240.2.86 hwVSUServiceFaultAlarm

Trap Buffer Description

VSU service fault alarm. (FaultCode=[FaultCode], FaultKey=[FaultKey], ReasonDescription=[ReasonDescription], BoardName=[BoardName], Cpu=[Cpu])

VSU service has failed.

In VS mode, this trap is supported only by the admin VS.

This alarm is supported only on NetEngine 8000 F1A.

Trap Attributes

Trap Attribute Description

Alarm or Event

Alarm

Trap Severity

 Critical

Mnemonic Code

hwVSUServiceFaultAlarm

Trap OID

1.3.6.1.4.1.2011.5.25.240.2.86

MIB

HUAWEI-DSLITE-MIB

Alarm ID

0x00F101db

Alarm Name

 hwVSUServiceFaultAlarm

Alarm Type

communicationsAlarm

Raise or Clear

Raise

Match trap

NAT_1.3.6.1.4.1.2011.5.25.240.2.87 hwVSUServiceFaultResumeAlarm

Trap Buffer Parameters

Parameter Description

FaultCode

Fault Code.

FaultKey

Fault Key.

ReasonDescription

Reason Description.

BoardName

Name of an installed board.

Cpu

CPU ID of the service board.

VB Parameters

VB OID VB Name VB Index

1.3.6.1.4.1.2011.5.25.240.1.2.30

hwVSUServiceFaultCode

-

1.3.6.1.4.1.2011.5.25.240.1.2.31

hwVSUServiceFaultKey

-

1.3.6.1.4.1.2011.5.25.240.1.2.32

hwVSUReasonDescription

-

1.3.6.1.4.1.2011.5.25.240.1.2.28

hwVSUAlarmBoardName

-

1.3.6.1.4.1.2011.5.25.240.1.2.11

hwVSUAlarmCpu

-

Impact on the System

  • Cause 1: A port of the CGN public ip is being attacked.

    The vsu service may be interrupted.

  • Cause 2: A CGN public ip is being attacked.

    The vsu service may be interrupted.

  • Cause 4: A great number of centralized NAT users failed to get online.

    The vsu service may be interrupted.

  • Cause 5: An attack initiated using forward first packets was detected.

    The vsu service may be interrupted.

  • Cause 6: CGN ALG FTP session resources were used up.

    New ALG FTP sessions cannot be created.

  • Cause 7: CGN ALG RTSP session resources were used up.

    New ALG RTSP sessions cannot be created.

  • Cause 8: CGN ALG SIP session resources were used up.

    New ALG SIP sessions cannot be created.

  • Cause 9: CGN ALG PPTP session resources were used up.

    New ALG PPTP sessions cannot be created.

  • Cause 10: CGN ALG TOTAL session resources were used up.

    New ALG sessions cannot be created.

  • Cause 11: CGN ALG SIP user resources were used up.

    New ALG SIP users cannot be created.

  • Cause 12: Failed to create a large number of NAT sessions due to lack of NAT session license resources.

    The vsu service may be interrupted.

Possible Causes

  • Cause 1: A port of the CGN public ip is being attacked.
  • Cause 2: A CGN public ip is being attacked.
  • Cause 4: A great number of centralized NAT users failed to get online.
  • Cause 5: An attack initiated using forward first packets was detected.
  • Cause 6: CGN ALG FTP session resources were used up.
  • Cause 7: CGN ALG RTSP session resources were used up.
  • Cause 8: CGN ALG SIP session resources were used up.
  • Cause 9: CGN ALG PPTP session resources were used up.
  • Cause 10: CGN ALG TOTAL session resources were used up.
  • Cause 11: CGN ALG SIP user resources were used up.
  • Cause 12: Failed to create a large number of NAT sessions due to lack of NAT session license resources.

Procedure

  • Cause 1: A port of the CGN public ip is being attacked.

    1.Obtain the IP address and VPN information from the log message. nat flow-defend reverse-blacklist lock-ip-address manual-unlock command in the system view. In addition, configure rules for filtering out attack traffic on the network-side device based on traffic traits that can be determined based on BlacklistKey carried in log information.The preceding method helps eliminate attack traffic's impact on forwarding performance of the CGN service board.

    • If the clear log is generated and attack traffic disappears for hours, go to Step 3.
    • If the log persists, go to Step 2.

    2.Run the reset nat flow-defend reverse-blacklist lock-ip-address command in the system view. In addition, configure rules for filtering out attack traffic on the network-side device.

    3.Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 2: A CGN public ip is being attacked.

    1.Obtain the IP address and VPN information from the log message. nat flow-defend reverse-blacklist lock-ip-address manual-unlock command in the system view. In addition, configure rules for filtering out attack traffic on the network-side device based on traffic traits that can be determined based on BlacklistKey carried in log information.The preceding method helps eliminate attack traffic's impact on forwarding performance of the CGN service board.

    • If the clear log is generated and attack traffic disappears for hours, go to Step 3.
    • If the log persists, go to Step 2.

    2.Run the reset nat flow-defend reverse-blacklist lock-ip-address command in the system view. In addition, configure rules for filtering out attack traffic on the network-side device.

    3.Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 4: A great number of centralized NAT users failed to get online.

    1. Run the display nat statistics discard command to check the causes of packet loss, for example, whether the problem is caused by insufficient resources.

    2. One minute after the failure is rectified according to the cause, the alarm will be cleared. If the alarm persists, go to Step 3.

    3. Collect alarm, log, and configuration information and contact technical support engineers.

  • Cause 5: An attack initiated using forward first packets was detected.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 6: CGN ALG FTP session resources were used up.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 7: CGN ALG RTSP session resources were used up.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 8: CGN ALG SIP session resources were used up.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 9: CGN ALG PPTP session resources were used up.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 10: CGN ALG TOTAL session resources were used up.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 11: CGN ALG SIP user resources were used up.

    Collect alarm information, log information and configuration information, and then contact technical support personnel.

  • Cause 12: Failed to create a large number of NAT sessions due to lack of NAT session license resources.

    Update the NAT session license of the device.

Parent Topic: NAT
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >