[c-nsp] sup720 http traffic punted to RP

Drew Weaver drew.weaver at thenap.com
Tue Aug 23 09:12:35 EDT 2016


Hey guys!

y.y.y.y is a server connected to the switch, tcam is fine as soon as I nulled that IP the switch came back to life.

Thanks,
-Drew

-----Original Message-----
From: Nick Hilliard [mailto:nick at foobar.org] 
Sent: Tuesday, August 23, 2016 8:48 AM
To: Drew Weaver <drew.weaver at thenap.com>
Cc: 'cisco-nsp at puck.nether.net' <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] sup720 http traffic punted to RP

Drew Weaver wrote:
> Is this being punted because of the options field? Is there a best 
> practice to limiting this kind of traffic? This is most likely some 
> sort of DoS attack I would guess.

tcp options != ip options, which would probably be punted.

Is y.y.y.y the IP address of the router, or some downstream device?  If it's the router, then you need to install copp and block or rate limit this to nothing at all.  If it's a downstream box, this traffic should
not be punted.   Did you blow the TCAM on this box at any stage?  If so,
a reboot might solve this.

Nick


More information about the cisco-nsp mailing list