[c-nsp] sup720 http traffic punted to RP

Saku Ytti saku at ytti.fi
Tue Aug 23 09:28:46 EDT 2016


Is the server actually arped?

On 23 August 2016 at 16:12, Drew Weaver <drew.weaver at thenap.com> wrote:
> Hey guys!
>
> y.y.y.y is a server connected to the switch, tcam is fine as soon as I nulled that IP the switch came back to life.
>
> Thanks,
> -Drew
>
> -----Original Message-----
> From: Nick Hilliard [mailto:nick at foobar.org]
> Sent: Tuesday, August 23, 2016 8:48 AM
> To: Drew Weaver <drew.weaver at thenap.com>
> Cc: 'cisco-nsp at puck.nether.net' <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] sup720 http traffic punted to RP
>
> Drew Weaver wrote:
>> Is this being punted because of the options field? Is there a best
>> practice to limiting this kind of traffic? This is most likely some
>> sort of DoS attack I would guess.
>
> tcp options != ip options, which would probably be punted.
>
> Is y.y.y.y the IP address of the router, or some downstream device?  If it's the router, then you need to install copp and block or rate limit this to nothing at all.  If it's a downstream box, this traffic should
> not be punted.   Did you blow the TCAM on this box at any stage?  If so,
> a reboot might solve this.
>
> Nick
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



-- 
  ++ytti


More information about the cisco-nsp mailing list