[c-nsp] 65xx Sup-720 performance issue with "odd" (to say the least) traffic.

Drew Weaver drew.weaver at thenap.com
Mon May 11 14:47:35 EDT 2009

	Hi there,

We noticed a performance issue with one of our 6500 switches, the first thing I noticed was that IP INPUT was at 92% it was dropping packets wildly and there was quite a bit of latency.

I enabled 'debug ip packet details' and checked the log, it was showing traffic hitting a VLAN with external public (internet) IP addresses as the source, and as the destination. Fortunately the object on this VLAN/Port wasn't important so we admin shut the VLAN and almost instantly the IP INPUT dropped back to its regular 4-5%.

I don't believe I have ever seen legitimate traffic with those src/dst addresses before, so I am assuming that this was some sort of DoS attack. My question is, is this possible because the VLAN is configured incorrectly? or do I need to enable CoPP or some other mechanism for protecting the resources of the switch in the event that this occurs in the future? (both?).


More information about the cisco-nsp mailing list