[c-nsp] 12.3.22 lawful intercept on 7206 - DHCP bug eats 2, 000+ customers
Justin Shore
justin at justinshore.com
Sat May 19 22:57:10 EDT 2007
Neal Rauhauser wrote:
> I have a 7206 with NPE-G1, upgraded from 12.2.15T11 last night to
> 12.3.22 lawful intercept and simultaneously taking from 256m to 1024m of
> memory.
>
> The system has BGP peers and a couple of thousand DSL customers
> attached (I know, I know, OS and memory upgrade are part of me splitting
> it for this customer).
>
> We watched 2,100 ARP entries appear for the ATM PVCs this morning and
> all seemed well but the onboard DHCP was sick. We do a 'show run' and
> it'll fail with a "try later" or it'll run but it takes several minutes
> to generate anything.
>
> We're on the phone with TAC now and we've got someone clueful but this
> is incredibly painful for the customer - anyone seen this thing before?
> Suggestions?
Yes. I've run into this many times. In my experience it will not
recover on its own. CSCdp35267
Reboot with the OC3s disconnected (because you won't get a chance to get
into config mode, run the command, and wr it before the DHCP requests
kill the router again). Run "ip dhcp ping packets 0". Write and
reboot. Reconnect the OC3s while it's coming up and all will be well.
"Symptoms:
If the default IOS DHCP server's setting for using ping
to verify addresses
is active, the DHCP server replies to requests
only every other second.
If the number of DHCP requests is larger than 50
in a short period of time, requests may get dropped,
since the socket only queues up to 50 packets.
Another side effect is that the command "write term"
may fail, with the following error:
Workaround:
Configure the IOS DHCP server to not use ping to verify address
availability ("ip dhcp ping packet 0")."
Justin
More information about the cisco-nsp
mailing list