[c-nsp] Cisco 7600 TTL and MTU Failures

Palis Michalis security at cytanet.com.cy
Fri Apr 7 04:31:30 EDT 2006


I did configure hardware rate-limiters for TTL failures but not for MTU 
since we had a lot of problems with MTUs on the C7609 until we manage to get 
it working in the proper way ..
mls rate-limit all ttl-failure 70000 150

I think that  MTU and TTL failures  get hardware dropped from the router? Is 
it true?

----- Original Message ----- 
From: "Hank Nussbacher" <hank at efes.iucc.ac.il>
To: "Palis Michalis" <security at cytanet.com.cy>
Cc: <cisco-nsp at puck.nether.net>
Sent: Friday, April 07, 2006 11:08 AM
Subject: Re: [c-nsp] Cisco 7600 TTL and MTU Failures


> On Fri, 7 Apr 2006, Palis Michalis wrote:
>
> Yes.  Here are 2 of mine:
>
> rtr1:
> Errors
>  MAC/IP length inconsistencies         : 1
>  Short IP packets received             : 0
>  IP header checksum errors             : 0
>  TTL failures                          : 232665231
>  MTU failures                          : 54778810
> Errors
>  MAC/IP length inconsistencies         : 0
>  Short IP packets received             : 0
>  IP header checksum errors             : 0
>  TTL failures                          : 76756963
>  MTU failures                          : 18704486
> Total packets L3 Switched by all Modules: 597033663863 @ 102707 pps
>
> rtr 2:
>
> Errors
>  MAC/IP length inconsistencies         : 64
>  Short IP packets received             : 0
>  IP header checksum errors             : 0
>  TTL failures                          : 91658850
>  MTU failures                          : 95815975
> Errors
>  MAC/IP length inconsistencies         : 0
>  Short IP packets received             : 0
>  IP header checksum errors             : 0
>  TTL failures                          : 413265188
>  MTU failures                          : 0
>
> Total packets L3 Switched by all Modules: 784851039097 @ 54759 pps
>
> I too would like to know how to track down the MTU failures.
>
> -Hank
>
>> Hello all
>>
>> Running show mls statistic on a Cisco 7609 I get the follwing output form 
>> one of the modules
>>
>> Errors
>>   MAC/IP length inconsistencies         : 18
>>   Short IP packets received             : 0
>>   IP header checksum errors             : 35
>>   TTL failures                          : 27831123
>>   MTU failures                          : 7998775
>>
>> Is it normal to have so many TTL and MTU failures? What is the true 
>> meaning of this failures and how can we troubleshoot in order to minimize 
>> them?
>>
>> Your feedback will be appreciated.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>  +++++++++++++++++++++++++++++++++++++++++++
>>  This Mail Was Scanned By Mail-seCure System
>>  at the Tel-Aviv University CC.
>> 



More information about the cisco-nsp mailing list