[c-nsp] sup720 http traffic punted to RP
Saku Ytti
saku at ytti.fi
Tue Aug 23 09:28:46 EDT 2016
Is the server actually arped?
On 23 August 2016 at 16:12, Drew Weaver <drew.weaver at thenap.com> wrote:
> Hey guys!
>
> y.y.y.y is a server connected to the switch, tcam is fine as soon as I nulled that IP the switch came back to life.
>
> Thanks,
> -Drew
>
> -----Original Message-----
> From: Nick Hilliard [mailto:nick at foobar.org]
> Sent: Tuesday, August 23, 2016 8:48 AM
> To: Drew Weaver <drew.weaver at thenap.com>
> Cc: 'cisco-nsp at puck.nether.net' <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] sup720 http traffic punted to RP
>
> Drew Weaver wrote:
>> Is this being punted because of the options field? Is there a best
>> practice to limiting this kind of traffic? This is most likely some
>> sort of DoS attack I would guess.
>
> tcp options != ip options, which would probably be punted.
>
> Is y.y.y.y the IP address of the router, or some downstream device? If it's the router, then you need to install copp and block or rate limit this to nothing at all. If it's a downstream box, this traffic should
> not be punted. Did you blow the TCAM on this box at any stage? If so,
> a reboot might solve this.
>
> Nick
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
++ytti
More information about the cisco-nsp
mailing list