[c-nsp] Invalid packet (too small) length=0

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Mon Nov 19 02:30:35 EST 2007


Nemeth Laszlo <> wrote on Saturday, November 17, 2007 9:47 PM:


> I received this messages yesterday:
> 
> Nov 16 21:57:23: Invalid packet (too small) length=0
> Nov 16 21:57:35: Invalid packet (too small) length=0
> Nov 16 21:57:48: Invalid packet (too small) length=0
> Nov 16 21:57:49: Invalid packet (too small) length=0
> Nov 16 21:57:57: Invalid packet (too small) length=0
> Nov 16 21:58:00 MET: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.4 Down BGP
> Notification sent
> Nov 16 21:58:00 MET: %BGP-3-NOTIFICATION: sent to neighbor
> xxx.xxx.xxx.4 4/0 (hold time expired) 0 bytes
> [..]
> 
> The cpu usage went up to 100% a couple of seconds, and the router lost
> some BGP peers.
> 
> The router is a 7606 with Sup720-3BXL, ios:
> s72033-adventerprisek9_wan-mz.122-18.SXF6.bin
> 
> Any suggestions?

Hmm, could this have been an attack on your router/infrastructure or a
broken NIC sending these frames? Could be tricky to analyze (if you
want, you would need to set up span port and work from there, but enable
"no mls verify ip length minimum" to actually forward these illegal
packets).
You can also investigate using Control plane policing to protect the
RP..

	oli


More information about the cisco-nsp mailing list