[c-nsp] Cisco 7600 TTL and MTU Failures

Hank Nussbacher hank at efes.iucc.ac.il
Fri Apr 7 04:50:31 EDT 2006 


On Fri, 7 Apr 2006, Palis Michalis wrote:

> I did configure hardware rate-limiters for TTL failures but not for MTU
> since we had a lot of problems with MTUs on the C7609 until we manage to get
> it working in the proper way ..
> mls rate-limit all ttl-failure 70000 150

Higher than mine:
mls rate-limit all ttl-failure 100 10

70kpps of ttl failures is *really* quite high.  What packet rate do you
run?  You must be around 1Mpps to set it that high.

>
> I think that  MTU and TTL failures  get hardware dropped from the router? Is
> it true?

See:
<http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080435872.html#wp1141191>

-Hank

>
> ----- Original Message -----
> From: "Hank Nussbacher" <hank at efes.iucc.ac.il>
> To: "Palis Michalis" <security at cytanet.com.cy>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Friday, April 07, 2006 11:08 AM
> Subject: Re: [c-nsp] Cisco 7600 TTL and MTU Failures
>
>
> > On Fri, 7 Apr 2006, Palis Michalis wrote:
> >
> > Yes.  Here are 2 of mine:
> >
> > rtr1:
> > Errors
> >  MAC/IP length inconsistencies         : 1
> >  Short IP packets received             : 0
> >  IP header checksum errors             : 0
> >  TTL failures                          : 232665231
> >  MTU failures                          : 54778810
> > Errors
> >  MAC/IP length inconsistencies         : 0
> >  Short IP packets received             : 0
> >  IP header checksum errors             : 0
> >  TTL failures                          : 76756963
> >  MTU failures                          : 18704486
> > Total packets L3 Switched by all Modules: 597033663863 @ 102707 pps
> >
> > rtr 2:
> >
> > Errors
> >  MAC/IP length inconsistencies         : 64
> >  Short IP packets received             : 0
> >  IP header checksum errors             : 0
> >  TTL failures                          : 91658850
> >  MTU failures                          : 95815975
> > Errors
> >  MAC/IP length inconsistencies         : 0
> >  Short IP packets received             : 0
> >  IP header checksum errors             : 0
> >  TTL failures                          : 413265188
> >  MTU failures                          : 0
> >
> > Total packets L3 Switched by all Modules: 784851039097 @ 54759 pps
> >
> > I too would like to know how to track down the MTU failures.
> >
> > -Hank
> >
> >> Hello all
> >>
> >> Running show mls statistic on a Cisco 7609 I get the follwing output form
> >> one of the modules
> >>
> >> Errors
> >>   MAC/IP length inconsistencies         : 18
> >>   Short IP packets received             : 0
> >>   IP header checksum errors             : 35
> >>   TTL failures                          : 27831123
> >>   MTU failures                          : 7998775
> >>
> >> Is it normal to have so many TTL and MTU failures? What is the true
> >> meaning of this failures and how can we troubleshoot in order to minimize
> >> them?
> >>
> >> Your feedback will be appreciated.
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >>  +++++++++++++++++++++++++++++++++++++++++++
> >>  This Mail Was Scanned By Mail-seCure System
> >>  at the Tel-Aviv University CC.
> >>
>
>
>  +++++++++++++++++++++++++++++++++++++++++++
>  This Mail Was Scanned By Mail-seCure System
>  at the Tel-Aviv University CC.
>

More information about the cisco-nsp mailing list