[c-nsp] tcp 179 traffic causing high cpu on 3750/3560

Tue Apr 10 13:24:22 EDT 2007

Just a thought.

regards,
/virendra

> 
> Anton Kapela wrote:
>>  
>>
>>   
>>>    It turned out that all the packets I could capture this 
>>> way during the high CPU period, had all in common TCP source 
>>> or destination port 179 (bgp).
>>>     
>> Check out:
>>
>> http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec51966
>>
>>   
>>>   I guess this can be exploited to keep the CPU usage high on 
>>> 3750s, by just passing this kind of traffic through. However 
>>> it seems that there is a limit on CPU interrupt usage since I 
>>> haven't seen this going over 80% so far.
>>>     
>> Indeed it can!
>>
>> The notes from the prior CSC were:
>>
>> "TCP traffic to port 179 (BGP) that is being switched through a Cisco
>> 3550
>> series system is process switched.
>>
>> This could lead to DoS symptoms (High CPU, malloc failures etc.) on a
>> Cisco
>> 3550 system."
>>
>> Getting editorial for a moment, I must air my amazement that this bug
>> apparently appeared again, in another platform. What the f is going on
>> with default tcam programming?
>>
>> -Tk
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>   
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGG8hGpbZvCIJx1bcRAoogAJ991/l+T8WO+27oLo1Haqxs9jP2QACghTu4
zNE+WKq3fu1srWGwJfy5WQM=
=e/B1
-----END PGP SIGNATURE-----