[61992] in North American Network Operators' Group
Re: 92 Byte ICMP Blocking Problem
daemon@ATHENA.MIT.EDU (Richard J.Sears)
Fri Sep 12 14:57:07 2003
Date: Fri, 12 Sep 2003 11:49:08 -0700
From: Richard J.Sears <rsears@adnc.com>
To: "Matt Ploessel" <matt.ploessel@foundstone.com>
Cc: "Nanog" <nanog@nanog.org>
In-Reply-To: <9DC8A3D37E31E043BD516142594BDDFA039441B2@MISSION.foundstone.com>
Errors-To: owner-nanog-outgoing@merit.edu
So, the choice is to go from dCEF to CEF or to not block the 92 byte
packets at all....anyone have an idea as to which is the better route to
take..?
- Richard
On Fri, 12 Sep 2003 10:59:54 -0700
"Matt Ploessel" <matt.ploessel@foundstone.com> wrote:
>
> >See http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
> >>
> >>The policy-routing solutions works great in small routers (26xx, 17xx)
>
> >>and in 7200s. In 7500s it seems OK *UNLESS* dCEF is enabled, then it
> >>does what you saw. I'm assuming it's dropping 92-byte TCP packets as
> >>well as the ICMP echoes. You can see 1-packet flows of mail getting
> >>dropped.
> >>
> >>Notice that the workaround cannot be used on GSRs because it causes
> >>packets to be punted to the CPU... this is as bad a news as that it
> >>doesn't work right on dCEF because we use GSRs or 7500s with dCEF
> >>where the network is really busy.
>
> - Matt Ploessel
>
> > -----Original Message-----
> > From: Richard J.Sears [mailto:rsears@adnc.com]
> > Sent: Friday, September 12, 2003 10:43 AM
> > To: Nanog
> > Subject: 92 Byte ICMP Blocking Problem
> >
> >
> >
> > We started blocking 92 Byte ICMP packets on our ingress points on our
> > core backbone routers.
> >
> > This was a recommendation from Cisco to help mitigate the
> > effects of the
> > Nachi worm.
> >
> > Since then, we have been hammered with customer complaints concerning
> > the inability to talk to mail servers and ssh to their
> > servers, as well
> > as other weird network issues, all centering around the time
> > we started
> > blocking 92 Byte ICMP packets.
> >
> > Has anyone else seen this, and if so, is the only resolution
> > to stop the
> > blockage of 92 Byte ICMP Packets..?
> >
> > Thanks
> >
> > Richard
> >
> >
> >
> >
******************************************
Richard J. Sears
Vice President
American Digital Network
----------------------------------------------------
rsears@adnc.com
http://www.adnc.com
----------------------------------------------------
858.576.4272 - Phone
858.427.2401 - Fax
----------------------------------------------------
I fly because it releases my mind
from the tyranny of petty things . .
"Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching."
