Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

5308xl virus throttling freezes switch

George Butnaru
Occasional Contributor

5308xl virus throttling freezes switch

This is about a full of worm/virus network therefore virus throttling is more than required (also good for testing) until further actions we'll be taken.

The 5308xl with ip routing enabled at the core is connected with Gb uplinks to four 2824s, one per each dorms building.

Each 2824 is ip routing enabled and Gb connected to nine 2524s. Ip routing on 2824 is enabled because we have two subnets under each one: a /24 and a /25. Therefore I avoided routing the traffic between those two subnets through a Gb upling to the 5308xl and routed them over the 2824.

For each 2824 we defined static routes to the other subnets routed by the other 2824s in the rest of the dorms buildings. Thus the traffic between the dorm buildings is not routed by 5308xl but routed between 2824s. In this case only Layer 2 is used on 5308xl.

However, the default route on each 2824s is through the 5308xl. A good point to start with throttling as the 5308xl is routing only Internet traffic.

Test 1
filter connection-rate is set to BLOCK on the uplink ports to the 2824s
connection-rate-filter sensitivity is set to LOW

During high traffic as the list of blocked hosts increases the switch freezes. Stops responding to ping, serial console. Only power cycle will do.

Test 2
filter connection-rate is set to THROTTLE on the uplink ports to the 2824s
connection-rate-filter sensitivity is set to LOW

The switch holds ok. Is not a lab environment, but however at the given time an traffic it was working.

Test 3
filter connection-rate is set to THROTTLE on the uplink ports to the 2824s
connection-rate-filter sensitivity is set to AGGRESIVE

Even sooner that at test 1 the switch freezes with the same simpthoms.

No crash data or crash log available.

It seems like a problem related to the maximum number of throttled/blocked hosts at one time.

Has anyone encountered the same? Is there any workaround?
4 REPLIES
Matt Hobbs
Honored Contributor

Re: 5308xl virus throttling freezes switch

Are you running E.10.27?

What I would do is from the serial connnection, open 'menu', then 'Status and Counters > General System Information - and watch this screen when you enable the connection-rate filtering. Does the CPU shoot up initially before it freezes?

To me it sounds like it might be overwhelming the CPU.

I can't think of any workarounds for this personally, I'd recommend you contact support if you're already running the latest firmware and the problem is continuing.
George Butnaru
Occasional Contributor

Re: 5308xl virus throttling freezes switch

Yes I'm running E.10.27. It did the same with E.10.23 and before updating I was reading that in E.10.25 they solved a memory leak related to the connection rate filter.

Tried what you suggested and the switch freezes while CPU remaining at 2% utilisation. During normal (virus throttling off) operation it never reached 50%.

I will try also to stop any SNMP queries to the switch while enabling virus throttling again. Maybe it won't help but at least I know for sure it isn't from SNMP.
George Butnaru
Occasional Contributor

Re: 5308xl virus throttling freezes switch

No solution until now. So I'll keep posting some more details.

The switch freezes only when I issue the "show connection-rate-filter all-hosts/blocked-hosts/throttled-hosts" command and the trottled/blocked host list is around 20 IP's.

Funny thing, after the command is typed there's no need to press to freeze it. Only "sh conn a will do it.

If the command is simply issued "show connection-rate-filter" everything is ok.
Matt Hobbs
Honored Contributor

Re: 5308xl virus throttling freezes switch

I think you've got enough information for HP to go with now, so I'd recommend you open a support call over the phone.

If you could capture a 'show tech all' from the switch and have that ready it will speed things along.