Home page logo
/

nanog logo nanog mailing list archives

RE: FW: TNT issues "workaround"
From: "John Lord" <lord () allturbo com>
Date: Sun, 24 Aug 2003 16:08:41 -0400


Ive been watching mine and finally see this error 

*Mar 19 14:48:53.951 UTC: %SYS-2-MALLOCFAIL: Memory allocation of 2708
bytes failed from 0x603FE6C0, alignment 0 
Pool: Processor  Free: 6402796  Cause: Memory fragmentation 
Alternate Pool: None  Free: 0  Cause: No Alternate pool 

-Process= "ISDN L2 Process", ipl= 0, pid= 94
-Traceback= 603FC690 603FDC90 603FE6C8 60102990 600A84A8 600A8D34
*Mar 19 14:48:54.635 UTC: %SYS-2-CFORKMEM: Process creation of Async tty
Reset failed (no memory).
-Process= "Serial Background", ipl= 0, pid= 8
-Traceback= 6040D2A4 60414AEC 606B03C4 606B06A0 600704C4

Im doing 

b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply

an input acl to your virtual-template and/or group-async interfaces).

But it doesn't seem to stop it from locking up. Ive been killing users
as I see users with the worm , This is on a cisco as5300 by the way.
Whats the command to disable route cache?


John Lord(lord () allturbo com)
It Manager
AllTurbo Internet Services Inc
410-213-9388 Office
www.allturbo.com


-----Original Message-----
From: jlewis () lewis org [mailto:jlewis () lewis org] 
Sent: Saturday, August 23, 2003 6:43 PM
To: Ross Chandler
Cc: John Lord; nanog () merit edu
Subject: Re: FW: TNT issues "workaround"


On Sat, 23 Aug 2003, Ross Chandler wrote:

I seem to be having the same or similar problems with my Cisco boxes

also , they either reboot or the pris hang , users get busy's but no

one is logged in at all , when I do a show isdn status it shows b 
channels in use but no one on, the only way to fix is reboot the box

, and it seems to be timed , everyday at 1400 and 2200 hours , since

Monday anybody body heard of ciscos acting funny this week?

Perhaps your fast switching route cache is filling up memory. If 
you're willing to risk it enable CEF on all interfaces.

Some of the older cisco access-servers don't even support CEF.  The
cisco failures seem to be memory starvation/fragmentation issues caused
by out of control route-cache growth caused by the nachi worm's attempt
to ping so many different hosts so quickly while looking for systems to
spread to.

You can work around the issue by:

a) using policy routing to pass all dialup traffic through a route-map 
that sends 92 byte echo/echo-reply packets to null0.

b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply

an input acl to your virtual-template and/or group-async interfaces).

c) disabling route caching on the egress interface of the access server.

I'm doing a mix of a (on the access-servers that this works on) and b 
where a doesn't work...and tested c this morning and found it appears to

work.
  
----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault