On Fri, Oct 09, 2009 at 09:16:27AM -0400, Jared Mauch wrote:
I think it's important to note that there are similar limiters in
other devices, eg: Juniper m20/m40 that we've encountered over the
years.
This has caused customer confusion as they hit these, even in a fully
distributed
On 2009-10-10 13:35, Richard A Steenbergen wrote:
Some days I would pay good money for a traceroute handling ASIC, or at
least some primitives for it in some microcode somewhere, so it isn't at
the mercy of BGP scanner, someone running a complex sh ip bgp on the
cli, or any random kid capable
: Re: [c-nsp] SUP720 - 12.2(18)SXF17
But traceroute's one of the killer apps for Sup720's regardless if used in 6500
or 7600.
Dependent on the traffic you pass through there might be lots of 'TTL expired'
(nearly fully originating from running traceroutes, else I'd suspect you've
another more
I think it's important to note that there are similar limiters in
other devices, eg: Juniper m20/m40 that we've encountered over the
years.
This has caused customer confusion as they hit these, even in a fully
distributed linecard environment. The reality is unless it's done in
a
Jared Mauch wrote:
I think it's important to note that there are similar limiters in
other devices, eg: Juniper m20/m40 that we've encountered over the
years.
This has caused customer confusion as they hit these, even in a fully
distributed linecard environment. The reality is unless
...@puck.nether.net]
Gesendet: Freitag, 9. Oktober 2009 15:16
An: Drew Weaver
Cc: Marcus.Gerdon; Bob Snyder; cisco-nsp@puck.nether.net
Betreff: Re: [c-nsp] SUP720 - 12.2(18)SXF17
I think it's important to note that there are similar limiters in
other devices, eg: Juniper m20/m40 that we've
On Oct 8, 2009, at 5:32 AM, Marcus.Gerdon wrote:
The ever more widespread abuse of traceroute (before someone starts
arguing: yes, I call permanent use of mtr and alike for end-user
pseudo-monitoring 'network abuse') is something you'll be forced
into limiting to protect your network at
On Fri, Oct 09, 2009 at 03:10:58PM +0100, Phil Mayers wrote:
But I agree, we set 100/10 for RPF/TTL/UNREACH-no-route/MTU failure, and
I'm glad of it, because it's saved us from a couple of nasties.
How are folks arriving at the 100/10 setting? Our boxes are using
500/100, but hell if I
, 2009 10:04 AM
Subject: Re: [c-nsp] SUP720 - 12.2(18)SXF17
On Oct 8, 2009, at 5:32 AM, Marcus.Gerdon wrote:
The ever more widespread abuse of traceroute (before someone starts
arguing: yes, I call permanent use of mtr and alike for end-user
pseudo-monitoring 'network abuse') is something
Ross Vandegrift wrote:
On Fri, Oct 09, 2009 at 03:10:58PM +0100, Phil Mayers wrote:
But I agree, we set 100/10 for RPF/TTL/UNREACH-no-route/MTU failure, and
I'm glad of it, because it's saved us from a couple of nasties.
How are folks arriving at the 100/10 setting? Our boxes are using
...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Bob Snyder
Gesendet: Mittwoch, 7. Oktober 2009 21:19
An: cisco-nsp@puck.nether.net
Betreff: Re: [c-nsp] SUP720 - 12.2(18)SXF17
On Mon, Oct 5, 2009 at 5:43 AM, Phil Mayers
p.may...@imperial.ac.uk wrote:
mls rate-limit
On Mon, Oct 5, 2009 at 5:43 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
mls rate-limit all ttl-failure 100 10
mls rate-limit all mtu-failure 100 10
There's no reason not to have the TTL failure rate limit enabled AFAIK.
Choose a value appropriate to you, obviously.
One gotcha here is
Hi,
But yes, splurging a 30gig hard-disk image out over multicast with TTL=1
on the packets will definitely cause TTL-exceeded problems ;o)
bonus points++ for the application using a global multicast address too.
nice.
alan
___
cisco-nsp mailing
Hi,
Not to fault Cisco, or anyone else for that matter but shouldn't switches
that cost a quarter of a million dollars be able to protect themselves from
these sorts of things just as a default?
turn off multicast for that VLAN - its its TTL=1 then it didnt really want to
multicast
anyway -
Alan Buxey wrote:
Hi,
Not to fault Cisco, or anyone else for that matter but shouldn't switches that
cost a quarter of a million dollars be able to protect themselves from these
sorts of things just as a default?
turn off multicast for that VLAN - its its TTL=1 then it didnt really want to
Drew Weaver wrote:
That whole TTL exceeded thing is a real problem these days, huh?
When you have an application as badly-written as ghost (seriously: it's
awful, awful, awful stuff) then it could probably find a way to break
the network regardless.
But yes, splurging a 30gig hard-disk
Andy Saykao wrote:
We went to 12.2(18)SXF16 and got burnt by a nat bug (BUG id CSCed60335)
that caused our router to continually reboot. Had to down grade back to
12.2(18)SXF11. Not sure if the nat bug has been fixed in 12.2(18)SXF17
yet.
Cheers.
Andy
This email and any files transmitted
Anyone deployed this monster yet? Have any wacky issues that were unexpected?
-Drew
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
not a on Sup720 but deployed this with a Sup32 recently; still working
with Cisco TAC on Norton Ghost muliticast causing OSPF to reset.
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design Engineer
University of Minnesota | Networking Telecommunications Services
Drew Weaver wrote:
That doesn't sound so friendly =)
-Original Message-
From: Ge Moua [mailto:moua0...@umn.edu]
Sent: Friday, October 02, 2009 11:18 AM
To: Drew Weaver
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] SUP720 - 12.2(18)SXF17
not a on Sup720 but deployed this with a Sup32 recently; still
, 2009 11:18 AM
To: Drew Weaver
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] SUP720 - 12.2(18)SXF17
not a on Sup720 but deployed this with a Sup32 recently; still working
with Cisco TAC on Norton Ghost muliticast causing OSPF to reset.
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design
That whole TTL exceeded thing is a real problem these days, huh?
-Original Message-
From: Rodney Dunn [mailto:rod...@cisco.com]
Sent: Friday, October 02, 2009 11:48 AM
To: Drew Weaver
Cc: 'moua0...@umn.edu'; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] SUP720 - 12.2(18)SXF17
It's
We went to 12.2(18)SXF16 and got burnt by a nat bug (BUG id CSCed60335)
that caused our router to continually reboot. Had to down grade back to
12.2(18)SXF11. Not sure if the nat bug has been fixed in 12.2(18)SXF17
yet.
Cheers.
Andy
This email and any files transmitted with it are confidential
23 matches
Mail list logo
