[c-nsp] Reasons for "random" ISIS flapping?
Peter Rathlev
peter at rathlev.dk
Wed Aug 28 05:06:34 EDT 2013
On Wed, 2013-08-21 at 23:29 -0400, Pete Lumbis wrote:
> Was the traffic from a connected source? The rate limiter you
> mentioned only applies for local sources
> http://www.cisco.com/en/US/docs/ios-xml/ios/security/m1/sec-cr-m2.html#wp1716645027
I guess technically it was from a "local source", since it was the
neighbouring router that put it on the LAN and it thus hit the device
from the LAN side.
> The key would be to understand the punt reason for that traffic, most
> likely through a NetDR capture.
Only problem is that it lasts only for up to one second, so I'm not even
sure EEM scripts could catch it.
> As a wide net here are some rate limiter numbers I found. YMMV.
>
> mls rate-limit all ttl-failure 100 10
> mls rate-limit multicast ipv4 fib-miss 10000 250
> mls rate-limit multicast ipv4 partial 500 250
> mls rate-limit multicast ipv4 connected 2500 250
Thanks. We're using something not unlike this on most devices, but the
affected one only had the "connected" rate-limiter at the time. We've
corrected this and also stopped the original source. We'll have to wait
till next time (if there is a next time) to see if this actually
helped. :-) So far it looks good.
--
Peter
More information about the cisco-nsp
mailing list