Home page logo

nanog logo nanog mailing list archives

Re: Extreme + Nachi = ipfdb overflow
From: Daniel Senie <dts () senie com>
Date: Mon, 25 Aug 2003 16:57:14 -0400

At 03:38 PM 8/25/2003, Joshua Coombs wrote:

After battling Nachi and it's flood of icmp traffic, I've discovered
that it's not the Cisco gear that gets hit hard by it, it was the
Extreme gear.  Nachi generates enough 'random' traffic to flood and
subsequently thrash the ip forwarding DB on the Summit 1i we were using
so badly as to drop it from gigabit capible to barely eeking out

Cisco 65xx gear suffers the same problem. SQL Slammer infested 3 neighboring customers in a colo space we use. The 6509 (used for aggregation in that colo) dropped 10% or more of our packets, though we were not infected. So much for claims from both of these vendors about "wire speed" forwarding.

When testing switch gear, I think it's time to update Scott Bradner's test suites to use random source and destination IP addresses, so we can find out the true limits of the equipment.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]