[AF] Some users cannot watch the training video because the traffic exceeds the bandwidth limit
Problem Description
The vAF of the cloud security server platform is deployed in one-arm Layer 3 mode next to Critical switch, and traffic is directed to the vAF through diversion.
After vAF was launched, some users on the intranet were unable to watch the training videos. When direct pass is enabled on vAF, packet loss marks for the training video server IP are displayed. The packet loss module is displayed as "Traffic Audit" and the reason for packet loss is "In non-mirroring mode, the bandwidth limit is exceeded and the data packet is rejected."
Warning Info
Effective troubleshooting steps
- Check the vAF configuration and find that flow control is not enabled on the device. The device is vAF, and the network card hardware Bandwidth Management is not enabled.
- Check the device serial number and find that the device's basic Network serial number bandwidth authorization is 500Mbps.
- The peak traffic of the single-arm network port of the device has reached 1200Mbps, exceeding the bandwidth authorization limit.
Root cause
The real-time traffic of the device exceeds the authorized bandwidth limit of the basic Network serial number. The device will Statistics real-time traffic. After exceeding the limited bandwidth limit, it will randomly drop packets in proportion to the excess, resulting in some customers' users being unable to access the training video.
solution
Bandwidth authorization cannot meet customer business needs. Expand the basic Network serial number bandwidth authorization to meet customer traffic needs.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=909&isOpen=true