[nsp] Nachi worm mitigation finds bug in 7500 dCEF
Greg Steele
steele at oar.net
Tue Aug 26 17:04:25 EDT 2003
FYI...
I have opened a case on this - E424024.
I am getting the usual runaround from the TAC.
12.0(25)S1 RSP4orRSP8/VIP4-80/Gige+PA-A3-OC12
If dCEF is enabled and the workaround for the "Nachi worm" using
policy routing is implemented as described in:
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
92-byte TCP packets get dropped (I'm assuming.. it certainly drops
TCP packets from existing connections).
You can see them in flow-cache. Easiest thing I found to watch for was
port 25 (email) [0x0019] 1-packet flows getting null routed.
For what it's worth, the "fix" works well on 1700/2600/3600/7200 and
on 7500 without dCEF.
I have also written to 12.0S-beta and my cisco rep and nobody replies...
...Greg
- - - - - - - - - - - - - - - - - - - - - - - - -
Gregory (Greg) E. Steele
Senior Network Engineer (Internet):steele at oar.net
OARnet
2455 North Star Road Voice: 614-728-8100 x203
Columbus, OHio 43221 FAX: 614-728-8110
More information about the cisco-nsp
mailing list