So, the choice is to go from dCEF to CEF or to not block the 92 byte
packets at all....anyone have an idea as to which is the better route to
take..?

 - Richard

On Fri, 12 Sep 2003 10:59:54 -0700
"Matt Ploessel" <[EMAIL PROTECTED]> wrote:

> 
> >See http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
> >>
> >>The policy-routing solutions works great in small routers (26xx, 17xx)
> 
> >>and in 7200s. In 7500s it seems OK *UNLESS* dCEF is enabled, then it 
> >>does what you saw. I'm assuming it's dropping 92-byte TCP packets as 
> >>well as the ICMP echoes. You can see 1-packet flows of mail getting 
> >>dropped.
> >>
> >>Notice that the workaround cannot be used on GSRs because it causes 
> >>packets to be punted to the CPU... this is as bad a news as that it 
> >>doesn't work right on dCEF because we use GSRs or 7500s with dCEF 
> >>where the network is really busy.
> 
> - Matt Ploessel
> 
> > -----Original Message-----
> > From: Richard J.Sears [mailto:[EMAIL PROTECTED] 
> > Sent: Friday, September 12, 2003 10:43 AM
> > To: Nanog
> > Subject: 92 Byte ICMP Blocking Problem
> > 
> > 
> > 
> > We started blocking 92 Byte ICMP packets on our ingress points on our
> > core backbone routers.
> > 
> > This was a recommendation from Cisco to help mitigate the 
> > effects of the
> > Nachi worm.
> > 
> > Since then, we have been hammered with customer complaints concerning
> > the inability to talk to mail servers and ssh to their 
> > servers, as well
> > as other weird network issues, all centering around the time 
> > we started
> > blocking 92 Byte ICMP packets.
> > 
> > Has anyone else seen this, and if so, is the only resolution 
> > to stop the
> > blockage of 92 Byte ICMP Packets..?
> > 
> > Thanks
> > 
> > Richard
> > 
> > 
> > 
> > 


******************************************
Richard J. Sears
Vice President         
American Digital Network                          
----------------------------------------------------
[EMAIL PROTECTED]
http://www.adnc.com
----------------------------------------------------
858.576.4272 - Phone
858.427.2401 - Fax
----------------------------------------------------

I fly because it releases my mind 
from the tyranny of petty things . . 


"Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching."

Reply via email to