CPUDEFEND/4/hwXQoSCpDefendDiscardedPacketAlarm_active

Message

CPUDEFEND/4/hwXQoSCpDefendDiscardedPacketAlarm_active: Security cpu-defend drop packets alarmed. (ChassisID=[ChassisID], SlotID=[SlotID], ObjectIndex=[ObjectIndex], DiscardedPackets=[DiscardedPackets], DiscardedThreshold=[DiscardedThreshold], ProtocolDescription=[ProtocolDescription], Reason=[ReasonDesc])

In VS mode, this log is supported only by the admin VS.

Description

Packets sent to the CPU were discarded by the attack defense function. The number of discarded packets exceeded the alarm threshold.

Parameters

Parameter Name Parameter Meaning

ChassisID

Indicates the chassis number.

SlotID

Indicates the slot number.

ObjectIndex

Indicates the index of service traffic. The value 159 indicates the alarm that is generated when the number of packets dropped by Total CAR exceeds the threshold. You can run the display cpu-defend car information command to query meanings of other values.

DiscardedPackets

Indicates the number of discarded packets.

DiscardedThreshold

Indicates the number of discarded packets.

ProtocolDescription

Indicates the description of protocol.

ReasonDesc

Indicates the cause of the alarm.

Possible Causes

The number of discarded attack packets exceeded the configured alarm threshold.

Procedure

1.Run the display cpu-defend car { blacklist | index index | user-defined-flow flow-id | whitelist } statistics slot slot-id command to check the information about the line processing unite protocol CIR and CBS. Check the values of Actual CIR in NP and Actual CBS in NP.

  • If the configured protocol rate is too low to meet the requirements for service operation, run the car command to increase the rate. After 60 seconds, check whether the alarm is cleared. If the alarm is not cleared, go to Step 2.
  • If the configured protocol rate meets the requirements for service operation but the alarm is still not cleared, go to Step 2.

2.Run the display cpu-defend policy policy-number command to check the alarm configuration of Application apperceive Configuration. Check whether the protocol configurations of alarm threshold or alarm interval are reasonable.

  • If the alarm threshold is too low, run the alarm drop-rate command to increase the threshold value according to the traffic volume. Check whether the alarm is cleared. If the alarm is not cleared, go to Step 3.
  • If the alarm interval is too short, run the alarm drop-rate command to increase the interval. Check whether the alarm is cleared. If the alarm is not cleared, go to step 3.

3.Run the display attack-source-trace slot slot-id original-information command to check the Attack Source Data. Check the header information cached in the attack source tracing module.

  • If the packet source IP address or the target IP address does not fall within the service scope, configure attack defense policies to filter the traffic. For specific configurations, see "Configuration of Local Attack Defense". Check whether the alarm is cleared. If the alarm is not cleared, go to Step 4.
  • If the source IP address and the target IP address of the packet meet the service requirements but the alarm is still not cleared, go to Step 4.

4.Collect the alarm information, log information, and configuration information, and then contact technical support personnel.

Parent Topic: CPUDEFEND
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >