[c-nsp] Cursed IP address

Victor Sudakov vas at mpeks.tomsk.su
Sat Nov 29 10:41:45 EST 2014


Lukas Tribus wrote:
> >> Are there any IP filters on the layer 2 side of this? Are you using CoPP and
> >> the IP is denied there?
> >
> > No. PASOLINK does not do IP filtering.
> >
> > It can only do some Ethernet frame filtering, like filtering out LLDP
> > or STP frames, but no such filters are even configured.
> 
> Just because its not configured or not configurable doesn't mean its not
> actually doing it (it may be a bug).
> 
> I have an Ethernet over FrameRelay Radio PTMP system that after a few
> months of uptime inserts the UDP payload of customer A into the
> TCP payload of customer B (customer B using this TCP session to
> transfer files to a AS400 that doesn't check TCP checksums and
> therefor the UDP payload of customer A makes it into the application
> of customer B). The only fix here is to reload the whole system.
> 
> The very same PTMP system sometimes drops traffic of a certain mac
> address, although there are no layer 2 rules (other that different
> vlans).

Cool story. 

We have set up port monitor sessions in various parts of the network
and have found out the following. One of the C3560X-24P in the chain
of identical switches does not let through packets with
src=10.65.127.246&dst=224.0.0.5. Neither when such packets transit the
switch nor when it's configured on one of it's own Vlan interfaces.

Other switches in the chain are identical from the hardware/software
point of view, and configured almost identically, but do not suffer
from the problem.


-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru


More information about the cisco-nsp mailing list