[c-nsp] sup720 http traffic punted to RP

Nick Hilliard nick at foobar.org
Tue Aug 23 08:48:29 EDT 2016


Drew Weaver wrote:
> Is this being punted because of the options field? Is there a best
> practice to limiting this kind of traffic? This is most likely some
> sort of DoS attack I would guess.

tcp options != ip options, which would probably be punted.

Is y.y.y.y the IP address of the router, or some downstream device?  If
it's the router, then you need to install copp and block or rate limit
this to nothing at all.  If it's a downstream box, this traffic should
not be punted.   Did you blow the TCAM on this box at any stage?  If so,
a reboot might solve this.

Nick


More information about the cisco-nsp mailing list