[j-nsp] Failing ASM on M7i
Pete Kruckenberg
pete at kruckenberg.com
Sun May 22 19:26:29 EDT 2005
Every week or so, the ASM on my M7i's (one or the other)
will stop producing Cflow/Netflow data.
When this happens:
- "show services accounting flow" usually shows > 200,000
(sometimes much greater) active flows (normal is 30-50k),
- "show services accounting flow" usually does not show
fluctuating Active flows, and Flows exported is not
accumulating
- "show services accounting errors" usually shows accumulating
"Packets dropped (no memory)"
I'm guessing this is due to some kind of packet-per-second
DoS attack that exceeds the capacity of the ASM.
These M7i's each terminate a GigE upstream link, which runs
typically at 300-400Mb/s.
Two questions:
1. What (if anything) can I do to prevent this from
happening, so that (preferrably) I can still capture
Cflow/Netflow information on the DoS traffic, or (at least)
the ASM will still generate (some) Cflow/Netflow for
whatever traffic it can.
2. What's the best way to (proactively) monitor for this
happening, and what's the best way to restore Netflow
traffic (I currently try various combinations of "restart
adaptive-service", "restart sampling" and
deactivate/activate the ASM interface, usually with little
success).
Thanks.
Pete.
More information about the juniper-nsp
mailing list