[c-nsp] tcp 179 traffic causing high cpu on 3750/3560
Dan
dan at technc.com
Sat Apr 7 10:43:26 EDT 2007
I had this problem on my switches when I was using PBR.
Dan.
Anton Kapela wrote:
>
>
>
>> It turned out that all the packets I could capture this
>> way during the high CPU period, had all in common TCP source
>> or destination port 179 (bgp).
>>
>
> Check out:
>
> http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec51966
>
>
>> I guess this can be exploited to keep the CPU usage high on
>> 3750s, by just passing this kind of traffic through. However
>> it seems that there is a limit on CPU interrupt usage since I
>> haven't seen this going over 80% so far.
>>
>
> Indeed it can!
>
> The notes from the prior CSC were:
>
> "TCP traffic to port 179 (BGP) that is being switched through a Cisco
> 3550
> series system is process switched.
>
> This could lead to DoS symptoms (High CPU, malloc failures etc.) on a
> Cisco
> 3550 system."
>
> Getting editorial for a moment, I must air my amazement that this bug
> apparently appeared again, in another platform. What the f is going on
> with default tcam programming?
>
> -Tk
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list