[c-nsp] ACL or ratelimit ttl-failure
Bas
kilobit at gmail.com
Tue Apr 4 06:06:34 EDT 2006
Hi,
I have a 12406 with a PRP-1 running 12.0.31S4 connected to an internet exchange.
Since about 10 weeks we've seen a strong growth of CPU load, from
average 5% to average 40%.
"debug ip packet detail" shows me that most of the load is caused by
the PRP sending ICMP type=11, code=0 packets.
95% of the ICMP packets generated are destined for the networks of a
single peer.
Now I would like to drop packets with a TTL of 1 from that peer via an ACL.
Or if that is not possible rate-limit all packets with TTL of 1 from all peers.
On the sup720 there are special rate-limiters for this, but cant find
information how to do this on a PRP-1
Thanks in advance,
Bastiaan
More information about the cisco-nsp
mailing list