[40311] in North American Network Operators' Group
Re: TCP session disconnection caused by Code Red?
daemon@ATHENA.MIT.EDU (Blaz Zupan)
Tue Aug 7 00:42:23 2001
Date: Tue, 7 Aug 2001 06:40:02 +0200 (CEST)
From: Blaz Zupan <blaz@amis.net>
To: "Stephen J. Wilcox" <steve@opaltelecom.co.uk>
Cc: mike harrison <meuon@highertech.net>,
"nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <Pine.LNX.4.21.0108062154580.19852-100000@staff.opaltelecom.net>
Message-ID: <20010807063923.V93751-100000@titanic.medinet.si>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> > It's not the packets per second that seems to kill them, its
> > the amount of arp cache and sessions (figure 600 packets per second,
> > each packet to a different host...Thats a lot of sessions in 5 minutes)
>
> Curious, in that case consider null routing unused blocks, perhaps take
> the opportunity to improve on subnet and vlan distribution to help the
> null routing.
That's exactly the case. All the unused IP addresses are nullrouted and most
of the traffic was destined for the nullrouted addresses. I don't think a lot
of arp activity was going on.
Blaz Zupan, Medinet d.o.o, Trzaska 85, SI-2000 Maribor, Slovenia
E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325
