Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to control the switch port traffic. The article is rich in content and analyzes and describes it from a professional point of view. I hope you can get something after reading this article.

The switch is an important connection "hub" in the local area network. once there is an accident in its working state, then all computers connected to the switch will "suffer". If it is serious, it will not be able to access the Internet at all. therefore, it is very important to choose switches with superior performance and high quality to form some important networks. However, no matter how superior the performance is, no matter how high the quality of the switch is, if it is not properly managed and maintained, then its working state is prone to accidents. This is not the next network failure in this article, that is, because the network administrator did not limit the traffic of the switching port, the switch was "killed" by large traffic, which eventually led to the phenomenon that Internet users were cut off in a large area. In order to prevent this failure from happening again, the network administrator decided to control the Internet port and limit the data transmission speed of the computer, so as to ensure that the switch will not be frequently "impacted" by large-capacity data information.

The switch was "crushed".

A total of about 1000 computers in a building access Internet. In order to facilitate the control and management of these computers, they are connected to several ordinary layer 2 switches. All layer 2 switches are connected to the routing switches in the building's computer room through multimode optical fiber lines, which are directly connected to the Internet network through a broadband optical fiber line sharing 1000MB in the local telecommunications department. According to the different units, all computers are divided into different virtual work subnets, each virtual work subnet is independent of each other, and the computers in each subnet cannot be accessed across the network. in this way, abnormal phenomena such as network viruses and broadcast storms can be avoided, and the operation stability of the whole building network will be endangered.

When the building network was first put into operation, the network administrator tested in different virtual work subnets and found that the Internet speed of each computer was very fast, and each Internet user was very satisfied with the transmission speed of the building network. Almost no malfunction calls come to "harass" the network administrator every day. However, with the passage of time, network administrators began to receive more malfunction calls. Some said that their computers were obviously not as fast as they used to be, some said that their computers suddenly went online slowly, and some said that their computers often could not surf the Internet stably, until one day there was a large area failure of Internet access on the floor, which made the network administrators aware of the seriousness of the problem. When he immediately found the IP address of the switch that could not be used on the Internet floor according to the networking information, and tried to log in remotely to the background system of the target switch to check the status information of each switch port, he found that the remote login operation had failed. Later, the network administrator rushed to the scene of the failed switch, connected through the Console cable and directly logged into the background system of the switch by using the hyperterminal program, and then entered the cascade port configuration mode in which the switch was connected to the building routing switch. In this mode, the "display interface" command was used to view the status information of the cascade port, and it was found that the input and output traffic of the port was particularly large. In particular, the incoming packet traffic in the last 30 seconds is obviously abnormal.

According to the same operation method, the network administrator checked the status information of other ordinary switching ports and found that some switching ports had normal input and output traffic, while others had relatively large input and output traffic. Under normal circumstances, the incoming packet traffic of an ordinary switch port should not exceed 500 packets per second, but under a failed switch, the network administrator found that the incoming data traffic under many ordinary switching ports actually exceeded 1000 packets per second, which is obviously abnormal, so why on earth is the traffic so large? At first, the network administrator suspected that there was a network loop in the failed switch, but after enabling the loopback controlled test function of the failed switch, it was found that there was no network loop. for this reason, the network administrator estimated that the heavy traffic may be caused by malicious downloads by Internet users under the failed switch. Continue to be in the background system of the failed switch, when executing the "display cpu" command, the network administrator found that the CPU resources of the switch system had been consumed more than 90%, while under normal circumstances, the CPU resource consumption rate of the switch system should be more than 50%. It seems that the failed switch has been "killed" by the heavy traffic of Internet users, thus causing all users connected to the switch to not be able to access the Internet normally.

A feasible solution to the fault

From the above fault description, the reason why floor users are unable to surf the Internet in a large area is obviously caused by the uncontrolled consumption of valuable bandwidth resources by Internet users. If you want to prevent the switch from being "crushed" by heavy traffic packets, there are usually two options. One is to find a way to expand the exit bandwidth of accessing the Internet network, so that Internet users can continue to gallop freely on the "high-speed highway". The other is to keep the Internet exit bandwidth unchanged and find ways to limit the Internet access traffic of each user. Make sure that they do not overuse the bandwidth resources of the Internet outlet.

Considering that the current leasing of Internet access lines is charged according to the size of the exit bandwidth, and the larger the exit bandwidth, the higher the leasing cost of the Internet line. obviously, by simply expanding the size of the Internet exit bandwidth to avoid the failure of the switch being blocked, it is necessary to pay higher network operating costs, and even if this solution is used. It is still possible for the switch to be "crushed" by large-capacity packets. After consideration, the network administrator intends to start with the network optimization settings to limit the access traffic of Internet users and prohibit them from maliciously preempting Internet bandwidth resources when downloading BT or watching large-volume multimedia movies online.

As there are many ways to limit the amount of Internet traffic, such as choosing some professional speed-limiting tools, we can limit the computer's Internet access traffic for a certain IP address, or carry out traffic control through proxy servers, so as to prevent Internet users from consuming Internet bandwidth resources at will. However, these methods have obvious shortcomings. For example, when using a proxy server to transfer and control Internet traffic, the access speed of Internet users will be restricted by the performance of the proxy server, and it is easy to be paralyzed when many tasks are handled by the proxy server at the same time. When using professional tools to limit Internet traffic, if the IP address of the Internet computer keeps changing. Then the effect of traffic restrictions will not be much better. Finally, after careful analysis and consideration, the network administrator decided to use the network management function of the floor switch to limit the entry and exit speed of each Internet switching port. no matter how the IP address of the Internet computer changes in the future, as long as they are connected to the switch port set by the speed limit, their Internet traffic will be controlled in a specified range. In this way, the probability of the switch being impacted by large traffic packets is greatly reduced.

Obviously, this solution does not need to pay additional Internet access costs, does not need to add equipment separately, and does not need to adjust the existing network structure of the building network. therefore, this scheme of limiting port traffic can not only ensure that the switch is not vulnerable to the "impact" of large-capacity data information, but also ensure that the building network can operate stably. Of course, this solution is only suitable for small and medium-sized networks and networks with relatively single Internet applications!

Limit the traffic size of the port

After selecting a feasible solution to the fault, the network administrator immediately prepared to limit the access speed of each switch port of the failed switch. Due to different models of switches, the methods to limit port traffic are different. The network administrator found that the failed switch in the unit network used the Quidway brand switch. After searching the Internet for relevant information, he found that the brand switch often used the line-rate command to limit the port traffic speed. At the same time, he found that the switch packet rate limit level of the brand was 1: 127. If the rate limit level is in the range of 1 to 28, the granularity of rate limit is 64Kbps. In this case, when the level is set to N, the rate limit on the port is Numb64K; if the rate limit level is in the range of 290127, the granularity of rate limit is 1Mbps. In this case, when the level is set to N, the rate limit on the port is (Nway27) * 1Mbps.

Considering that the egress bandwidth of the entire building network is shared 1000MB, the network administrator decided to limit the maximum transmission speed of each ordinary switch port on the floor switch to 5Mbps. Suppose that if an ordinary computer in the local area network is connected to the second Ethernet port of the floor switch, the network administrator now wants the maximum transmission speed of this Ethernet port to be 5Mbps. To achieve this control purpose, he only needs to enter the background management system of the target floor switch as a system administrator, execute the "system" string command, and switch it to the global configuration state of the system. In this state, continue to execute the string command "interface Ethernet 0ram 2", enter the second Ethernet port configuration mode, and execute the "line-rate outbound 32" command in this configuration interface, so that the outbound packet traffic speed of the target switch port can be limited to 5Mbps. Follow the same method of operation, and then execute the "line-rate intbound 32" command to limit the inbound packet traffic speed of the target switch port to 5Mbps. After that, perform the same operation on other switch ports and limit their traffic transmission speed to 5Mbps, so that the bandwidth resources of the entire switch exit will not be excessively consumed by one switch port, and the switch will not be easily "killed" by large-capacity data.

Of course, when the scale of the local area network is relatively large and the number of computers is relatively large, we cannot simply limit traffic to the switching port of the ordinary floor switch. after all, the workload of this restriction method is very large. it is not conducive to improve the management efficiency of the network, and it is troublesome to restore the working state of the ordinary switching port in the future. At this point, we can try to restrict the cascade port access traffic of each floor switch on the core switch of the local area network, so as to limit the large traffic "impact" of each floor network on the whole core switch.

The above is the editor for you to share how to control the switch port traffic, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.