王子腾,某局点 S5560X-30C-EI ipv6直连不通
组网及说明
不涉及
问题描述
新增IPv6业务,5560X与6520 ipv6直连不通, 6520与其余型号比如6520 ipv6直连可以通。且这台5560X对接6520X就可以通,6520就不行。ipv4的业务都正常。
互连接口为Route-Aggregation 40,带源ping不通回显:
过程分析
1、查看ipv6邻居学习情况:
===============display ipv6 neighbors all===============
Type: S-Static D-Dynamic O-Openflow R-Rule IS-Invalid static
IPv6 address MAC address VLAN/VSI Interface State T Aging
xxxxxxxxxxxxxxxx 542b-de48-xxxx -- RAGG40 REACH D 601
===============display ipv6 neighbors all===============
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IPv6 address Link layer VID Interface State T Age
xxxxxxxxxxxxxxxx 9820-443b-xxxx N/A RAGG40 STALE D 569
两交换机都能学习到对应表项,且都无误。
2、检查接口下配置:
#
interface Ten-GigabitEthernet1/0/25
port link-mode route
description to-Jiangmen
port link-aggregation group 40
#
interface Route-Aggregation40
description to-Jiangmen
ip address xxxxxxxx 255.255.255.252
pim sm
isis ipv6 enable 1
ipv6 address xxxxxxxxx
#
interface Ten-GigabitEthernet2/0/3
port link-mode route
description to-Heshan
port link-aggregation group 40
#
interface Route-Aggregation40
description to-Heshan
ip address xxxxxxxx 255.255.255.252
pim sm
isis ipv6 enable 1
ipv6 address xxxxxxxxx
接口并无特殊配置.
3、 display stp abnormal-port检查stp情况:
==============================
---[Bridge-Aggregation1]---
MST ID BlockReason Time
0 Disputed 16:18:25 10/18/2022
0 Disputed 16:17:14 10/18/2022
0 Disputed 16:13:24 10/18/2022
---[Bridge-Aggregation2]---
MST ID BlockReason Time
0 Disputed 16:18:25 10/18/2022
0 Disputed 16:17:14 10/18/2022
0 Disputed 16:13:24 10/18/2022
---[Bridge-Aggregation3]---
MST ID BlockReason Time
0 Disputed 16:18:25 10/18/2022
0 Disputed 16:17:14 10/18/2022
0 Disputed 16:13:24 10/18/2022
---[Bridge-Aggregation7]---
MST ID BlockReason Time
0 Disputed 16:18:25 10/18/2022
0 Disputed 16:13:24 10/18/2022
0 Disputed 16:11:56 10/18/2022
互连接口并无被stp dispute。
4、debugging ipv6 packet查看ipv6报文收发情况:
<5560x>debugging ipv6 packet
<5560x>T M
The current terminal is enabled to display logs.
<5560x>T D
The current terminal is enabled to display debugging logs.
<5560x>ping ipv6 -a xxxxxxx xxxxxx
Ping6(56 data bytes) xxxxxxx--> xxxxxx, press CTRL+C to break
*Mar 14 09:55:47:080 2023 Heshan.134.121 IP6FW/7/IP6FW_PACKET:
LocalSending, version = 6, traffic class = 0,
flow label = 0, payload length = 64, protocol = 58, hop limit = 64,
Src = xxxxxxxx, Dst = xxxxxxx,
prompt: Output an IPv6 Packet.
*Mar 14 09:55:47:080 2023 Heshan.134.121 IP6FW/7/IP6FW_PACKET:
Sending, interface = Route-Aggregation40, version = 6, traffic class = 0,
flow label = 0, payload length = 64, protocol = 58, hop limit = 64,
Src = xxxxxxxxx, Dst = xxxxxxxxxx,
prompt: Sending the packet from local interface Route-Aggregation40.
<6520>ping ipv6 -a xxxxxxxx xxxxxx
Ping6(56 data bytes) xxxxxxx --> xxxxxxx, press CTRL_C to break
*Mar 14 10:04:56:749 2023 Jiangmen.134.119 IP6FW/7/IP6FW_PACKET:
LocalSending, version = 6, traffic class = 0,
flow label = 0, payload length = 64, protocol = 58, hop limit = 64,
Src = xxxxx, Dst = xxxxxxx,
prompt: Output an IPv6 Packet.
*Mar 14 10:04:56:749 2023 Jiangmen.134.119 IP6FW/7/IP6FW_PACKET:
Sending, interface = Route-Aggregation40, version = 6, traffic class = 0,
flow label = 0, payload length = 64, protocol = 58, hop limit = 64,
Src = xxxxxxxx, Dst = xxxxxxx,
prompt: Sending the packet from local interface Route-Aggregation40.
debug看两边交换机都是有发没收。
5、后经远程排查,问题已初步确认:现场S5560X设备g1/0/4存在大量的未知组播组报文,并且设备对应vlan内开启了igmp-snooping相关配置,由于该vlan内无对应的组播接收者,会有大量组播报文上送cpu。这个未知源组播和访问slot1的icmpv6在硬件上是公用一个限速器,导致slot 1上ping S5560X本身接口ipv6地址的报文被挤占丢弃。该问题只影响访问设备本身的非协议ipv6报文,过路转发的ipv6报文不受影响。
解决方法
两种解决方案: 1、如果端口非正常使用, 可以考虑关闭该端口或者让对应组播源不发送这么多组播报文;2、在端口下配置igmp-snooping source-deny interface GigabitEthernet1/ 0 / 4 port link-mode bridge description Test port access vlan 86
igmp-snooping source-deny
内容来源:知了社区,基于知识共享署名-相同方式共享3.0中国大陆许可协议CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。,某局点 S5560X-30C-EI ipv6直连不通
