[c-nsp] Unknown unicast only occuring when a host is under attack...
John Neiberger
jneiberger at gmail.com
Fri Mar 25 12:11:36 EDT 2011
> Hmm, I noticed when I looked in the netflow for the attack traffic that there were more than 400,000 source IPs participating in the attack, they were obviously spoofed/what-have-you, but would that make a difference? I don't think I've ever seen one with that many sources before, bravo to them for going the extra mile...
>
> -Drew
Wow, that's impressive! If each of those was associated with a unique
MAC address somehow, your CAM table surely was overloaded, which would
explain the unicast flooding. If it happens again, take a look at your
CAM table to see if it's full.
John
More information about the cisco-nsp
mailing list