[c-nsp] sup720 http traffic punted to RP
Drew Weaver
drew.weaver at thenap.com
Tue Aug 23 08:43:27 EDT 2016
Hi,
Had an issue earlier where a sup720 stopped responding to SNMP traffic, data plane was fine.
When I did the span-the-rp dance, I saw this:
08:26:23.948884 IP (tos 0x0, ttl 113, id 766, offset 0, flags [none], proto TCP (6), length 48)
x.x.x.x.3072 > y.y.y.y.80: Flags [S], cksum 0xa6af (correct), seq 417576457, win 8192, options [mss 1460,nop,nop,sackOK], length 0
08:26:23.948885 IP (tos 0x0, ttl 114, id 766, offset 0, flags [none], proto TCP (6), length 48)
x.x.x.x.1024 > y.y.y.y.80: Flags [S], cksum 0x6e09 (correct), seq 2205312329, win 8192, options [mss 1460,nop,nop,sackOK], length 0
08:26:23.948885 IP (tos 0x0, ttl 113, id 766, offset 0, flags [none], proto TCP (6), length 48)
x.x.x.x.3072 > y.y.y.y.80: Flags [S], cksum 0x16ef (correct), seq 88033891, win 8192, options [mss 1460,nop,nop,sackOK], length 0
08:26:23.948886 IP (tos 0x0, ttl 114, id 766, offset 0, flags [none], proto TCP (6), length 48)
x.x.x.x.3072 > y.y.y.y.80: Flags [S], cksum 0x02c
Is this being punted because of the options field? Is there a best practice to limiting this kind of traffic? This is most likely some sort of DoS attack I would guess.
Thanks,
-Drew
More information about the cisco-nsp
mailing list