Solutions to common switch faults such as Information Network Structures

Troubleshooting of common vswitch faults such as information network structure, improper border routing, and failure to manage vswitches. The author will describe the information network structure, common switch faults, common switch fault analysis, and common switch fault handling.

When our company's technical staff integrated cross-region information networks for a certain Unit, the Information Network Switch could not be managed due to improper configuration of an edge router route during the commissioning process. The Troubleshooting of this network fault makes our technicians have a headache. As this case is typical and the troubleshooting process can be used for reference, write it down and share it with you.

Information Network Structure

To help you understand the troubleshooting process, I will first introduce the network structure of this Organization. The unit sets up a cross-region information network to achieve internal networking of the department to which the unit belongs. A 100 Mbit/s leased line is used to achieve broadband network access through the firewall. During network integration, to facilitate debugging, technicians can physically connect to the edge node of the local information network through five types of lines and broadband networks.

The routes of the two networks are not interconnected. Only the IP address (192.168.17.56/30) is used to manage common faults of all switches in the Information Network. The IP address allocation principles of the information network are as follows: vswitch management and interconnection IP addresses use the 192.168.16.0/22 CIDR block, and user access network IP addresses use the 10.18.0.0/15 CIDR block.

Description of common vswitch faults

When logging on to all L2 switches, the technical staff of the Unit found that all L2 Switch management addresses could not log on normally, and the speed was significantly slower. When a technician tests the management address of a vswitch using the PING command, it finds that all vswitches can be pinged normally.

In this case, the technicians shut down all L2 switches and restart them. However, after about half a day, all switches were unable to be properly managed. After multiple restart tests, the fault still could not be solved.

Switch Common Fault Analysis

In view of the above fault phenomenon, considering that the fault is a common phenomenon in the network, we have analyzed it as follows.

◆ First, in view of the fact that all vswitches cannot be managed, we have replaced a vswitch to ensure the accuracy of Fault Locating. At the same time, connect the changed vswitch to a separate network environment. After a period of observation, it is found that the switch connected to a separate network can be managed normally, however, switches connected to the information network cannot be managed normally. Based on the above phenomena, the possibility of failure of the switch itself is ruled out.

◆ After eliminating the possibility of common switch faults, we analyzed the network structure and network conditions of the entire network. Considering that all users can access the Internet normally, we set the management address of one of the switches to the IP address of the user's CIDR Block (IP Address: 10.18.9.2, gateway address: 10.18.9.1 ), after a period of observation, we found that only switches that are replaced with user CIDR blocks (10.18.9.0 CIDR blocks) can be properly managed.

◆ After analyzing the above phenomena, we believe that the IP address of the 192.168.16.0/22 segment may be attacked. To facilitate the analysis of the fault, we use network listening software at the Information Network outlet to analyze the packets that come in and out of the network.

◆ Considering the large data volume at the egress, for ease of analysis, we only monitor inbound and outbound data packets of management addresses such as 192.168.18.147, 192.168.18.148, 192.168.18.149, 192.168.18.150, 192.168.18.151, 192.168.18.152, and 10.18.9.2.

◆ After listening to the data packets on the upstream port, it is found that only the management addresses of the source addresses 192.168.18.147, 192.168.18.148, 192.168.18.149, 192.168.18.150, 192.168.18.151, and 192.168.18.152 are on this port, the destination address is a valid data packet, and the source port is port 80.

◆ The management address 10.18.9.2 does not have any inbound and outbound data packets. This is obviously a type of attack targeted at the 192.168.18.O/16 network segment. According to the above analysis, we can see that the source address of the switch sends data packets to the address outside the firewall, and as a switch itself, it is impossible to directly send data packets. Therefore, there must be a "Source" that triggers the switch to continuously send data packets, which greatly consumes the resources of the switch and causes the switch to fail to manage.

◆ To further analyze the problem, we conduct packet monitoring on the uplink port of a vswitch whose management address is 192.168.18.150 (this port is not connected to any user for analysis, during the monitoring process, it is found that both the streaming and outgoing packets are valid IP addresses of 192.168.18.15O and 192.168.18.150.

◆ Through the above analysis, according to the characteristics of the firewall (the source address cannot be a valid address after the Firewall uses address translation), we can determine that the path of the streaming and outbound switch data packets is different, this eliminates the possibility of external network attacks through the firewall.

◆ After the above analysis, we carefully analyzed the network structure. To facilitate network commissioning, A port on the edge node of location A is connected to the edge router of the broadband Internet. Check the configuration and route table of the router carefully and find

◆ The static route setting for 192.168.18.0/23 is incorrect. As a result, all the routes of this segment are injected with the vro and are routed to the vswitch with the management address 192.168.18.0/23 in the Information Network. Attack Data from the broadband network flows to the vswitch of the information network through A, and the data returned by the switch flows to the broadband Internet through the firewall.

Common switch troubleshooting

Based on the above analysis, it is very easy to handle common switch faults. Disconnect the connection cable between the broadband network and the information network. After restarting all L2 switches, the management of all switches will resume normal operation and troubleshooting. Conclusion: through the analysis of this fault, we can see that in the network configuration process, we must carefully consider the routing configuration and clearly understand the entire network structure.

At the same time, after a network attack or a large number of abnormal data packets appear on the network. to eliminate common fault points of a vswitch, you must use network listening software to listen on data packets at the network exit and attack points based on understanding the IP protocol, the network structure and abnormal data packet flow direction are analyzed carefully to determine the fault point.