[61181] in North American Network Operators' Group
Re: Extreme + Nachi = ipfdb overflow
daemon@ATHENA.MIT.EDU (Daniel Senie)
Mon Aug 25 17:03:11 2003
Date: Mon, 25 Aug 2003 16:57:14 -0400
To: jcoombs@gwi.net, nanog@merit.edu
From: Daniel Senie <dts@senie.com>
In-Reply-To: <20030825153852.A29368@dargo.gwi.net>
Errors-To: owner-nanog-outgoing@merit.edu
At 03:38 PM 8/25/2003, Joshua Coombs wrote:
>After battling Nachi and it's flood of icmp traffic, I've discovered
>that it's not the Cisco gear that gets hit hard by it, it was the
>Extreme gear. Nachi generates enough 'random' traffic to flood and
>subsequently thrash the ip forwarding DB on the Summit 1i we were using
>so badly as to drop it from gigabit capible to barely eeking out
>6mb/sec.
Cisco 65xx gear suffers the same problem. SQL Slammer infested 3
neighboring customers in a colo space we use. The 6509 (used for
aggregation in that colo) dropped 10% or more of our packets, though we
were not infected. So much for claims from both of these vendors about
"wire speed" forwarding.
When testing switch gear, I think it's time to update Scott Bradner's test
suites to use random source and destination IP addresses, so we can find
out the true limits of the equipment.
