[c-nsp] tcp 179 traffic causing high cpu on 3750/3560
Anton Kapela
tk at 5ninesdata.com
Tue Mar 20 22:40:01 EST 2007
> It turned out that all the packets I could capture this
> way during the high CPU period, had all in common TCP source
> or destination port 179 (bgp).
Check out:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec51966
> I guess this can be exploited to keep the CPU usage high on
> 3750s, by just passing this kind of traffic through. However
> it seems that there is a limit on CPU interrupt usage since I
> haven't seen this going over 80% so far.
Indeed it can!
The notes from the prior CSC were:
"TCP traffic to port 179 (BGP) that is being switched through a Cisco
3550
series system is process switched.
This could lead to DoS symptoms (High CPU, malloc failures etc.) on a
Cisco
3550 system."
Getting editorial for a moment, I must air my amazement that this bug
apparently appeared again, in another platform. What the f is going on
with default tcam programming?
-Tk
More information about the cisco-nsp
mailing list