What is the reason for the network to lose the packet?

An ICMP echo Request packet is a query sent by a host or router to a specific destination host, and the machine receiving the message must send an ICMP echo reply message to the source host. This inquiry message is used to test whether the destination station is reachable and to understand its status.

It should be noted that Ping is an example of a direct use of the network layer ICMP, which does not pass through the transport layer of UDP or TCP.

The main reasons for the network packet loss are physical line failure, equipment failure, virus attack, routing information error, and so on, we combine the specific situation to explain.

Routing errors

Network path errors can also cause packets to fail to reach the destination host, such as a host's default routing configuration error, and a host-issued packet that accesses another network is discarded by the gateway. However, this kind of packet loss is a normal loss package, is expected, will not affect the network.

Device failure

Equipment failure mainly refers to the hardware of the equipment fault, does not include improper software configuration caused by the loss of packets. If the NIC is bad, there is a physical failure on one of the ports of the switch, and the electrical port of the optical transceiver does not match the network device interface or the duplex mode of the device interface.

I recently found in the work of a switch port fiber module failure caused by the packet loss phenomenon, the switch in the communication for a period of time after the crash, that is, can not communicate, restart after normal recovery. After a period of observation found that a fiber-optic module has problems, take a new module to replace, all normal.

The reason, the switch will be all received packets for CRC error detection and length check, will check out the wrong package discarded, the correct package forward. However, some of the errors in this process are not detected in CRC error detection and length checking. Such packages in the forwarding process will not be sent out, and will not be discarded, they will accumulate in the dynamic cache, can never send out, wait until the cache is full, will cause the switch to panic phenomenon.

The end result is that the packet cannot reach the destination host.

Physical line Failure

Network administrators found that the WAN line when the time is broken, when this happens, there may be a line failure, but also may be the user side of the cause. In order to distinguish whether the line fault, you can do the following test.

If the WAN line is implemented through a router, you can log on to the router and test by extending the ping to the WAN interface of the End-to-end router to send a large number of packets.

If the line is implemented through a three-tier switch, you can connect a computer at both ends of the line and set the IP address to the WAN interface address of the three-tier routing switch on the same side, and test using the ping to end computer address-t command.

If the above test does not occur packet loss, then the line operator to provide a good line, the cause of the failure of the user itself, need to find further.

If the above test occurs, the fault is caused by the line provider, and the line vendor needs to be contacted as soon as possible to resolve the problem.

There are many missing packets caused by physical circuits, such as optical fiber connection problem, jumper has no alignment device interface, twisted pair and RJ-45 connector have problem. In addition, the communication line is subject to random noise or sudden noise caused by the datagram error, RF signal interference and signal attenuation can cause packet loss. We can check the quality of the circuit with the help of network tester.

Network congestion

There are many reasons for the increase of packet loss rate caused by network congestion, mainly due to the heavy occupancy of router resources.

If you find that the speed is slow and the packet loss rate is rising, you should show the process CPU and display process mem, and generally find that the IP input process takes up too much resources. You can then check that the fast switching is disabled in the large traffic out port and, if it is, it needs to be reused.

Take a look at fast switching on the same interface is disabled, such as when an interface is equipped with multiple network segments and the traffic between these segments is very large, the router works in a process-switches manner, in which case the command is executed on the interface. Enable IP Route-cache same-interface ".

Next, use the show interfaces and show interfaces switching commands to identify a large number of ports in and out of the package. Once you are sure to enter the port, open the IP accounting on the outgoing interface look at its characteristics, if the attack, the source address will change but the destination address is unchanged, you can use the command "access list" to temporarily resolve such problems ( Preferably on a device close to the source of the attack, the final solution is to stop the attack source.

The application encountered in the network congestion caused by a lot of cases, such as a large number of UDP traffic, you can resolve the spoof attack steps to solve this problem. A large number of multicast streams, broadcast packets across the router, routers configured IP NAT and there are many DNS packets across the router and so on. The above situation causes the network congestion, the communication both sides takes the flow control, discards cannot transmit the package.