nanog mailing list archives
Re: Worm / UDP1434
From: Andy Walden <andy () tigerteam net>
Date: Sat, 25 Jan 2003 18:48:23 -0600 (CST)
On Sat, 25 Jan 2003, Neil J. McRae wrote:
Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)? They sure don't like this traffic one bit. It causes them to not only drop traffic, but spew out every available error message under the sun... Extreme are apparently assembling an "advisory TAC" on this, from our point of view, since we use the devices to do l3 aggregation (for colo and such) we've used an ACL to try and combat the offending traffic, but its not doing much good.....Do you have MCAST enabled on these switches? I'd guess this is what is causing issues on the extreme boxes.
I think the architecture is flow-based, ie, the first packet of each flow hits the CPU. This is probably causing the high CPU utilization. The flow would still hit the CPU even with a ACL and then probably be written to the ASIC with a null location. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Current thread:
- FW: Worm / UDP1434 Freedman David (Jan 25)
- Re: FW: Worm / UDP1434 Mikael Abrahamsson (Jan 25)
- Re: Worm / UDP1434 Jack Bates (Jan 25)
- <Possible follow-ups>
- Worm / UDP1434 Freedman David (Jan 25)
- Re: Worm / UDP1434 Neil J. McRae (Jan 25)
- Re: Worm / UDP1434 Andy Walden (Jan 25)
- Re: Worm / UDP1434 K. Scott Bethke (Jan 25)
- management interface accessability (was Re: Worm / UDP1434) Paul Vixie (Jan 25)
- Re: Worm / UDP1434 Neil J. McRae (Jan 25)
- RE: Worm / UDP1434 Freedman David (Jan 26)