[c-nsp] 65xx Sup-720 performance issue with "odd" (to say the least) traffic.
Drew Weaver
drew.weaver at thenap.com
Mon May 11 14:47:35 EDT 2009
Hi there,
We noticed a performance issue with one of our 6500 switches, the first thing I noticed was that IP INPUT was at 92% it was dropping packets wildly and there was quite a bit of latency.
I enabled 'debug ip packet details' and checked the log, it was showing traffic hitting a VLAN with external public (internet) IP addresses as the source, and 0.0.0.0 as the destination. Fortunately the object on this VLAN/Port wasn't important so we admin shut the VLAN and almost instantly the IP INPUT dropped back to its regular 4-5%.
I don't believe I have ever seen legitimate traffic with those src/dst addresses before, so I am assuming that this was some sort of DoS attack. My question is, is this possible because the VLAN is configured incorrectly? or do I need to enable CoPP or some other mechanism for protecting the resources of the switch in the event that this occurs in the future? (both?).
Thanks!
-Drew
More information about the cisco-nsp
mailing list