[nsp] Router running out of memory

Church, Chuck cchurch at wamnetgov.com
Tue Jul 6 23:17:44 EDT 2004 

I assume you're doing NAT, right?  It's most likely the NAT pool is
growing huge and sucking up all the memory.  Do a 'sh ip nat tra' and by
looking at the destination ports, you should be able to tell the port(s)
this virus is trying to hit.  If it's a port they'd never need to access
over the internet, block it with an ACL.  Good chance it's either ICMP
echo, or a netbios port.  HTH.

P.S.  Either 12.2 or 12.2T (can't remember which) will support CEF on
2600 dot1q subints.


Chuck Church
Wam!Net Government Services - D&I Team
Lead Design Engineer
CCIE #8776, MCNE, MCSE
1210 N. Parker Rd.
Greenville, SC 29609
Office: 864-335-9473
Cell: 703-819-3495
cchurch at wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.
com

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Krzysztof
Adamski
Sent: Thursday, December 02, 1999 4:11 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Router running out of memory

I'm maintaining a network for a customer, it is hub and spoke design,
the spoke links are 802.1q VLANs to the hub, no VPN.
The hub router is a 2621 with 64MB of memory.
The customer has few hundred PCs at different sites, now they are
infected with something that is scanning the world for more machines to
infect.

The hub router is running out of processor memory, withing about 10
minutes after reboot it has:
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)
Largest(b)
Processor   81669824    31025116    28080224     2944892       79752
50052
      I/O    3400000    12582912     1981184    10601728    10571664
10573980

If I try to enable CEF I get:
%DCEF not supported with 802.1q encapsulation on subinterface %CEF not
supported with 802.1q encapsulation on subinterface

Is there anything that can be done to prevent this? Would a bigger
router be better?

K



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list