[c-nsp] Sup720 dropping LDP neighbourships
Grischa Stegemann
gs at plusline.de
Fri May 24 09:46:49 EDT 2013
Hi all
Today we were facing a ddos attack with approx. 1.5 GBit/s and 3
Mpackets/s. The traffic came in on a port of a 6704 and went out on
another port of the same linecard.
We have two annoying phenomena to deal with:
1. The 6509 is equipped with a Sup720-3BXL and DCEF on all linecards.
During the attack it dropped all of its LDP neighbourships (actually
they were flapping) although the CPU usage remained below 40% for most
of the time and only went up over 50% at a very short peak not related
to the LDP drops.
What might have caused the dropping of the LDP neighbourships and what
would one do to protect them?
2. On the outgoing interface we recorded a huge amount of output drops
up to 60kpackets/s. The receiving router here is another Sup720 with
6704 but without DCEF.
>From my understanding 1.5GBit/s and 3Mpackets/s should be no reason to
drop packets on a 10G link.
So what might have caused these packets to get dropped?
Thanks for any advice or hint,
Grischa
More information about the cisco-nsp
mailing list