[61126] in North American Network Operators' Group
Re: FW: TNT issues "workaround"
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Sat Aug 23 18:43:33 2003
Date: Sat, 23 Aug 2003 18:42:49 -0400 (EDT)
From: jlewis@lewis.org
To: Ross Chandler <ross@eircom.net>
Cc: John Lord <lord@allturbo.com>, <nanog@merit.edu>
In-Reply-To: <55F6FB82-D5A1-11D7-AB01-00039301B4BA@eircom.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 23 Aug 2003, Ross Chandler wrote:
> > I seem to be having the same or similar problems with my Cisco boxes
> > also , they either reboot or the pris hang , users get busy's but no
> > one is logged in at all , when I do a show isdn status it shows b
> > channels in use but no one on, the only way to fix is reboot the box ,
> > and it seems to be timed , everyday at 1400 and 2200 hours , since
> > Monday anybody body heard of ciscos acting funny this week?
>
> Perhaps your fast switching route cache is filling up memory. If you're
> willing to risk it enable CEF on all interfaces.
Some of the older cisco access-servers don't even support CEF. The cisco
failures seem to be memory starvation/fragmentation issues caused by out
of control route-cache growth caused by the nachi worm's attempt to ping
so many different hosts so quickly while looking for systems to spread to.
You can work around the issue by:
a) using policy routing to pass all dialup traffic through a route-map
that sends 92 byte echo/echo-reply packets to null0.
b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply
an input acl to your virtual-template and/or group-async interfaces).
c) disabling route caching on the egress interface of the access server.
I'm doing a mix of a (on the access-servers that this works on) and b
where a doesn't work...and tested c this morning and found it appears to
work.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
