North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Worm / UDP1434
- From: Andy Walden
- Date: Sat Jan 25 21:06:39 2003
On Sat, 25 Jan 2003, Neil J. McRae wrote:
> > Anybody here on list using Extreme products (Summit/Alpine/Blackdiamond)?
> > They sure don't like this traffic one bit. It causes them to not only drop
> > traffic, but spew out every available error message under the sun...
> > Extreme are apparently assembling an "advisory TAC" on this, from our point
> > of view, since we use the devices to do l3 aggregation (for colo and such)
> > we've used an ACL to try and combat the offending traffic, but its not doing
> > much good.....
> Do you have MCAST enabled on these switches? I'd guess this
> is what is causing issues on the extreme boxes.
I think the architecture is flow-based, ie, the first packet of each flow
hits the CPU. This is probably causing the high CPU utilization. The flow
would still hit the CPU even with a ACL and then probably be written to
the ASIC with a null location.
PGP Key Available at http://www.tigerteam.net/andy/pgp