[c-nsp] high interrupt CPU due to traffic for IP not in arp-cache
Iddo
kilobit at gmail.com
Mon Jul 14 12:07:10 EDT 2008
Hello All,
We are running a 6500/sup720-3BXL wit 12.2.18SXF13
A DoS attack 300,000pps was sent to an IP address which directly
connected, but not in use by a machine.
The arp entry for the target IP address is "incomplete".
This caused interrupt based CPU to 90+ %, which in turn caused
OSPF/BGP etc to timeout.
I can reproduce the results with a packetgenerator.
Can anyone recommend a solution for this?
Thanks in advance,
Iddo
More information about the cisco-nsp
mailing list