Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Worm / UDP1434

  • From: Andy Walden
  • Date: Sat Jan 25 21:06:39 2003 

On Sat, 25 Jan 2003, Neil J. McRae wrote:

>
> >
> > Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)?
> > They sure don't like this traffic one bit. It causes them to not only drop
> > traffic, but spew out every available error message under the sun...
> >
> > Extreme are apparently assembling an "advisory TAC" on this, from our point
> > of view, since we use the devices to do l3 aggregation (for colo and such)
> > we've used an ACL to try and combat the offending traffic, but its not doing
> > much good.....
>
> Do you have MCAST enabled on these switches? I'd guess this
> is what is causing issues on the extreme boxes.


I think the architecture is flow-based, ie, the first packet of each flow
hits the CPU. This is probably causing the high CPU utilization. The flow
would still hit the CPU even with a ACL and then probably be written to
the ASIC with a null location.

andy
--
PGP Key Available at http://www.tigerteam.net/andy/pgp


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.