[nsp] AS5300 loosing memory

jlewis at lewis.org jlewis at lewis.org
Thu Aug 21 14:18:47 EDT 2003 

<blush>c5200-is-l.113-11a.AA.bin</blush>

It works.  It fits (many of our 5200's have just 8mb flash, 8mb processor
memory).  Unfortunately there are multiple vulnerabilities in this version
and cisco has let the train die.  I don't think a 12.x version exists that
has all the 11.3AA features and can still fit in 8/8.  We briefly looked
into it, and I think we could upgrade as far as 12.0 mainline without
losing any critical features or having to upgrade the hardware, but IIRC
neat things like the whole set of "show caller" commands are absent.  At
the time, we were removing 5200's from service and starting to use them as
CPE (they make handy T1 routers using the PRI/CT1 ports), so we never
really tested 12.0M.  Some network reorganizations forced us to press a
large number of the 5200's back into service.

Upgrading run from flash access-servers while their in service is so much
fun too...kick everyone off, change confreg, reboot, wait a few minutes,
copy tftp flash, wait a few minutes, change confreg, reboot, eventually 
service is restored.

What are the odds of policy routing with a route-map such as this applied 
to the virtual-template working on 5200's with 12.0.27M under the usual 
load of 46 PPP sessions?

ip access-list extended nachilist
 permit icmp any any echo
 permit icmp any any echo-reply

route-map nachiworm permit 10
 match ip address nachilist
 match length 92 92
 set interface Null0

That would certainly be preferable to blocking all echo/echo-reply as 
we're starting to do now, and we wouldn't have to worry about some of the 
DoS bugs now known in 11.3AA.
 
On Thu, 21 Aug 2003, Dennis Peng wrote:

> What version are you running on the 5200? I wouldn't expect ACL's
> to that much additional load on the router.
> 
> Dennis
> 
> jlewis at lewis.org [jlewis at lewis.org] wrote:
> > On Wed, 20 Aug 2003, Siva Valliappan wrote:
> > 
> > > i know we added CEF support for dial-up stuff over the last couple of
> > > year.  maybe Dennis can chime in.  however, loading new code may be an issue on
> > > the 5200 because of flash / memory constraints  :(  it would be easier
> > > with the 5300/5400s.  iirc any recent release of 12.2T should support
> > > CEF with dial.
> > 
> > Without lots of upgrades, that's not going to be an option.
> > I tried the policy routing workaround on the virtual-template, but it 
> > didn't seem to do anything / help.  There were no route-map hits, and the 
> > 5200 still ran out of memory.  I guess if we have to, I can just block 
> > echo/echo reply on the virtual-template.
> >  
> > ----------------------------------------------------------------------
> >  Jon Lewis *jlewis at lewis.org*|  I route
> >  System Administrator        |  therefore you are
> >  Atlantic Net                |  
> > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> 

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list