[outages] EDGE: Anyone seeing 100% CPU on Fortigate edge routers?
Blake Hudson
blake at ispn.net
Thu Jan 15 17:17:30 EST 2015
Roland Dobbins via Outages wrote on 1/15/2015 2:42 PM:
>
> On 16 Jan 2015, at 3:38, Jay Ashworth wrote:
>
>> If they did it was a *very* targeted attack, because Road Runner's
>> support guy said they didn't see any appreciable amount of inbound
>> traffic
>> at that time.
>
> We've seen hardware load-balancers rated at 10gb/sec taken down with
> only 60kpps of HOIC for 60s (and require 45m to reboot), so
> high-throughput/-banwidth isn't really necessary; stateful devices
> make it a lot easier to DDoS a given target with far less traffic than
> would be otherwise required.
>
> Just a thought - it might be worth having a gander at whatever
> telemetry is available.
Similarly, stateless devices can often be overwhelmed when faced with
unexpected traffic types. For instance, a 7600 Sup720 can become
unresponsive due to a few Mbps of IP traffic with IP options hitting an
ACL that punts the traffic to the CPU.
--Blake
More information about the Outages
mailing list