[nsp] 7200 Platform - Buffer Failures

[James Galliford]

Hrm... The small buffers can obviously accommodate a 92 byte packet from
a Nachi infected host but the majority of buffers that are seeing the
failures with seem to be big/VeryBig/Huge/Large.  We do see occasional
small buffer failures but they do not seem to be nearly as common.  The
largest MTU on any of the routers interfaces should be 1500.  I wonder
why we would see an 'explosion' in failures for the larger buffer sizes
that exceed 1500 bytes???   

-----Original Message-----
From: Streiner, Justin [mailto:streiner at stargate.net] 
Sent: Monday, October 13, 2003 11:15 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [nsp] 7200 Platform - Buffer Failures


On Mon, 13 Oct 2003, James Galliford wrote:

> We are seeing some buffer failures across the platform on the 7200 
> series routers in our network.  This comprises 7204/7206/7223/7246. 
> We're running 12.1(13)EC4 on the 7223/7246 platform and 12.2(15)T5 on 
> the 7204/7206 platforms.  Funnily enough on the 7200 routers that we 
> are running service provider code, we do not see the failures. I 
> understand that buffers can, at times, be busy, etc.  I'm just not 
> sure if this is normal to see so many simultaneous failures.
>
> Has anyone else seen any problems like this?

Things like this can happen when you have hosts underneath that router
that are infected with one of the many fun worms on the net these days.
For example, you can see lots of small buffer failures when you run into
a machine infected with Nachi.  Seeing clusters of failures at the same
time is not uncommon in such cases.

Other packets of varying sizes can result from things like an overly
aggressive nmap session.  Portscanners like nmap will beat the crap out
of a router if you let them.

jms

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/