[nsp] Nachi worm mitigation finds bug in 7500 dCEF

Greg Steele steele at oar.net
Tue Aug 26 17:04:25 EDT 2003


FYI...

I have opened a case on this - E424024.

I am getting the usual runaround from the TAC.

12.0(25)S1 RSP4orRSP8/VIP4-80/Gige+PA-A3-OC12

If dCEF is enabled and the workaround for the "Nachi worm" using
policy routing is implemented as described in:

http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

92-byte TCP packets get dropped (I'm assuming.. it certainly drops
TCP packets from existing connections).

You can see them in flow-cache. Easiest thing I found to watch for was
port 25 (email) [0x0019] 1-packet flows getting null routed. 

For what it's worth, the "fix" works well on 1700/2600/3600/7200 and
on 7500 without dCEF.

I have also written to 12.0S-beta and my cisco rep and nobody replies...

...Greg

 -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
Gregory (Greg) E. Steele              
Senior Network Engineer               (Internet):steele at oar.net
OARnet  
2455 North Star Road                  Voice: 614-728-8100 x203
Columbus, OHio  43221                 FAX:   614-728-8110


More information about the cisco-nsp mailing list