[c-nsp] Cisco 7600 TTL and MTU Failures
Palis Michalis
security at cytanet.com.cy
Tue Apr 11 02:20:11 EDT 2006
Packet rate is abount 100Kpps
----- Original Message -----
From: "Hank Nussbacher" <hank at efes.iucc.ac.il>
To: "Palis Michalis" <security at cytanet.com.cy>
Cc: <cisco-nsp at puck.nether.net>
Sent: Friday, April 07, 2006 11:50 AM
Subject: Re: [c-nsp] Cisco 7600 TTL and MTU Failures
>
>
> On Fri, 7 Apr 2006, Palis Michalis wrote:
>
>> I did configure hardware rate-limiters for TTL failures but not for MTU
>> since we had a lot of problems with MTUs on the C7609 until we manage to
>> get
>> it working in the proper way ..
>> mls rate-limit all ttl-failure 70000 150
>
> Higher than mine:
> mls rate-limit all ttl-failure 100 10
>
> 70kpps of ttl failures is *really* quite high. What packet rate do you
> run? You must be around 1Mpps to set it that high.
>
>>
>> I think that MTU and TTL failures get hardware dropped from the router?
>> Is
>> it true?
>
> See:
> <http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080435872.html#wp1141191>
>
> -Hank
>
>>
>> ----- Original Message -----
>> From: "Hank Nussbacher" <hank at efes.iucc.ac.il>
>> To: "Palis Michalis" <security at cytanet.com.cy>
>> Cc: <cisco-nsp at puck.nether.net>
>> Sent: Friday, April 07, 2006 11:08 AM
>> Subject: Re: [c-nsp] Cisco 7600 TTL and MTU Failures
>>
>>
>> > On Fri, 7 Apr 2006, Palis Michalis wrote:
>> >
>> > Yes. Here are 2 of mine:
>> >
>> > rtr1:
>> > Errors
>> > MAC/IP length inconsistencies : 1
>> > Short IP packets received : 0
>> > IP header checksum errors : 0
>> > TTL failures : 232665231
>> > MTU failures : 54778810
>> > Errors
>> > MAC/IP length inconsistencies : 0
>> > Short IP packets received : 0
>> > IP header checksum errors : 0
>> > TTL failures : 76756963
>> > MTU failures : 18704486
>> > Total packets L3 Switched by all Modules: 597033663863 @ 102707 pps
>> >
>> > rtr 2:
>> >
>> > Errors
>> > MAC/IP length inconsistencies : 64
>> > Short IP packets received : 0
>> > IP header checksum errors : 0
>> > TTL failures : 91658850
>> > MTU failures : 95815975
>> > Errors
>> > MAC/IP length inconsistencies : 0
>> > Short IP packets received : 0
>> > IP header checksum errors : 0
>> > TTL failures : 413265188
>> > MTU failures : 0
>> >
>> > Total packets L3 Switched by all Modules: 784851039097 @ 54759 pps
>> >
>> > I too would like to know how to track down the MTU failures.
>> >
>> > -Hank
>> >
>> >> Hello all
>> >>
>> >> Running show mls statistic on a Cisco 7609 I get the follwing output
>> >> form
>> >> one of the modules
>> >>
>> >> Errors
>> >> MAC/IP length inconsistencies : 18
>> >> Short IP packets received : 0
>> >> IP header checksum errors : 35
>> >> TTL failures : 27831123
>> >> MTU failures : 7998775
>> >>
>> >> Is it normal to have so many TTL and MTU failures? What is the true
>> >> meaning of this failures and how can we troubleshoot in order to
>> >> minimize
>> >> them?
>> >>
>> >> Your feedback will be appreciated.
>> >> _______________________________________________
>> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >>
>> >> +++++++++++++++++++++++++++++++++++++++++++
>> >> This Mail Was Scanned By Mail-seCure System
>> >> at the Tel-Aviv University CC.
>> >>
>>
>>
>> +++++++++++++++++++++++++++++++++++++++++++
>> This Mail Was Scanned By Mail-seCure System
>> at the Tel-Aviv University CC.
>>
More information about the cisco-nsp
mailing list