[c-nsp] Weird OSPF meltdown

Rodney Dunn rodunn at cisco.com
Tue Sep 23 16:49:36 EDT 2008


If it's a lot of punts and the hardware rate limiters don't catch
them you would overrun the RP cpu or the ibc interface going up to the
RP.

Rodney

On Tue, Sep 23, 2008 at 06:46:38PM -0200, Rubens Kuhl Jr. wrote:
> On Tue, Sep 23, 2008 at 4:40 PM, Rodney Dunn <rodunn at cisco.com> wrote:
> > On Fri, Sep 19, 2008 at 02:45:48AM -0300, Rubens Kuhl Jr. wrote:
> >> Every once in a while one of ME6524 routers starts getting hammered by
> >> one customer or the other... the symptom is that all adjacencies go
> >> down and stay stuck at EXCHANGE phase.
> >
> > hammered by what?
> 
> We could not get packet traces of all the mishaps, but in one of them
> there was a flood of mDNS(Multicast DNS) packets.
> 
> >
> >> CPU doesn't go up, and CoPP is applied; OSPF is authenticated on every
> >> adjacency (which are all point-to-point on SVIs), and we don't see any
> >> strange neighbors.
> >
> > Why are the neighbors going down? Hold time expired? If so you have to figure
> > out why those frames are dropped.
> 
> Yes, hold time expired.
> Our current theory is CoPP itself dropping the packets. We have some
> large ACLs describing critical, normal and undesired traffic; if some
> OSPF frames don't flow thru the critical ACL, the normal category
> would only fill up during floods. There are terms on the critical ACL
> to match OSPF packets, but may be it's not matching all of them.
> 
> 
> >> It occurs more often with Internet access static connected route
> >> customers, but has now happened on a VRF as well.
> >>
> >> The only solution is disconnecting the customer; provisioning the
> >> customer on SVI or on routerport doesn't seem to have any effect.
> >
> > Is it OSPF going down on an interface other than where this "hammering"
> > is coming from? I'm assuming you mean it's a flood of traffic.
> 
> The inbound interface for the flood doesn't run OSPF, only the
> upstream links to other routers.
> 
> 
> Rubens


More information about the cisco-nsp mailing list