[61132] in North American Network Operators' Group
RE: FW: TNT issues "workaround"
daemon@ATHENA.MIT.EDU (John Lord)
Sun Aug 24 16:09:21 2003
Date: Sun, 24 Aug 2003 16:08:41 -0400
From: "John Lord" <lord@allturbo.com>
Cc: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Ive been watching mine and finally see this error=20
*Mar 19 14:48:53.951 UTC: %SYS-2-MALLOCFAIL: Memory allocation of 2708
bytes failed from 0x603FE6C0, alignment 0=20
Pool: Processor Free: 6402796 Cause: Memory fragmentation=20
Alternate Pool: None Free: 0 Cause: No Alternate pool=20
-Process=3D "ISDN L2 Process", ipl=3D 0, pid=3D 94
-Traceback=3D 603FC690 603FDC90 603FE6C8 60102990 600A84A8 600A8D34
*Mar 19 14:48:54.635 UTC: %SYS-2-CFORKMEM: Process creation of Async tty
Reset failed (no memory).
-Process=3D "Serial Background", ipl=3D 0, pid=3D 8
-Traceback=3D 6040D2A4 60414AEC 606B03C4 606B06A0 600704C4
Im doing=20
b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply
an input acl to your virtual-template and/or group-async interfaces).
But it doesn't seem to stop it from locking up. Ive been killing users
as I see users with the worm , This is on a cisco as5300 by the way.
Whats the command to disable route cache?
John Lord(lord@allturbo.com)
It Manager
AllTurbo Internet Services Inc
410-213-9388 Office
www.allturbo.com
-----Original Message-----
From: jlewis@lewis.org [mailto:jlewis@lewis.org]=20
Sent: Saturday, August 23, 2003 6:43 PM
To: Ross Chandler
Cc: John Lord; nanog@merit.edu
Subject: Re: FW: TNT issues "workaround"
On Sat, 23 Aug 2003, Ross Chandler wrote:
> > I seem to be having the same or similar problems with my Cisco boxes
> > also , they either reboot or the pris hang , users get busy's but no
> > one is logged in at all , when I do a show isdn status it shows b=20
> > channels in use but no one on, the only way to fix is reboot the box
> > , and it seems to be timed , everyday at 1400 and 2200 hours , since
> > Monday anybody body heard of ciscos acting funny this week?
>=20
> Perhaps your fast switching route cache is filling up memory. If=20
> you're willing to risk it enable CEF on all interfaces.
Some of the older cisco access-servers don't even support CEF. The
cisco failures seem to be memory starvation/fragmentation issues caused
by out of control route-cache growth caused by the nachi worm's attempt
to ping so many different hosts so quickly while looking for systems to
spread to.
You can work around the issue by:
a) using policy routing to pass all dialup traffic through a route-map=20
that sends 92 byte echo/echo-reply packets to null0.
b) blocking all echo/echo-reply coming in from dial-up users (i.e. apply
an input acl to your virtual-template and/or group-async interfaces).
c) disabling route caching on the egress interface of the access server.
I'm doing a mix of a (on the access-servers that this works on) and b=20
where a doesn't work...and tested c this morning and found it appears to
work.
=20
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net | =20
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
