Home page logo
/

nanog logo nanog mailing list archives

Extreme + Nachi = ipfdb overflow
From: Joshua Coombs <network-nanog () gwi net>
Date: Mon, 25 Aug 2003 15:38:52 -0400


After battling Nachi and it's flood of icmp traffic, I've discovered
that it's not the Cisco gear that gets hit hard by it, it was the
Extreme gear.  Nachi generates enough 'random' traffic to flood and
subsequently thrash the ip forwarding DB on the Summit 1i we were using
so badly as to drop it from gigabit capible to barely eeking out
6mb/sec.  Before I redeploy the switch, I need to find a way to keep the
ipfdb from flodding while allowing it to be the primary carrier of
traffic.  ACLs blocking ICMP on the Extreme act too late, by the time
the cpu sees the packet to drop it, it's already horned its way into the
ipfdb.  Does anyone have any suggestions on ways to allow the switch to
participate as an L3 router while minimizing the chances of a worm
taking it out so easily again?

Joshua Coombs
GWI Networking


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault