[55225] in North American Network Operators' Group
Re: Worm / UDP1434
daemon@ATHENA.MIT.EDU (Andy Walden)
Sat Jan 25 20:41:40 2003
Date: Sat, 25 Jan 2003 18:48:23 -0600 (CST)
From: Andy Walden <andy@tigerteam.net>
To: "Neil J. McRae" <neil@DOMINO.ORG>
Cc: Freedman David <David.Freedman@netscalibur.co.uk>,
"'nanog@nanog.org'" <nanog@nanog.org>
In-Reply-To: <20030125174611.22890398C2@equinox.DOMINO.ORG>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 25 Jan 2003, Neil J. McRae wrote:
>
> >
> > Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)?
> > They sure don't like this traffic one bit. It causes them to not only drop
> > traffic, but spew out every available error message under the sun...
> >
> > Extreme are apparently assembling an "advisory TAC" on this, from our point
> > of view, since we use the devices to do l3 aggregation (for colo and such)
> > we've used an ACL to try and combat the offending traffic, but its not doing
> > much good.....
>
> Do you have MCAST enabled on these switches? I'd guess this
> is what is causing issues on the extreme boxes.
I think the architecture is flow-based, ie, the first packet of each flow
hits the CPU. This is probably causing the high CPU utilization. The flow
would still hit the CPU even with a ACL and then probably be written to
the ASIC with a null location.
andy
--
PGP Key Available at http://www.tigerteam.net/andy/pgp
