High unwanted traffic flowing between two hosts over WAN Link

Unanswered Question
Jan 10th, 2008
User Badges:

Hi,


i have problem of CPU utilization picks up on the one end router. And while i see ip accounting there seems lots of traffic flowing between the source router and remote end router public IPs. I tried to add ACL for denying IP Traffic between those IPs. That doest not solve my problem.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mounir.mohamed Thu, 01/10/2008 - 03:01
User Badges:
  • Gold, 750 points or more

Can you share your config, or at least the source and destination + the ACL statments.

chinmay30 Thu, 01/10/2008 - 03:27
User Badges:

Router -1 : (Which is creating high traffic)

interface FastEthernet0/1

ip address 58.x.x.x 255.255.255.248

ip access-group 100 out

duplex auto

speed auto

access-list 100 deny ip host 59.x.x.x(Destination - other end) host 58.x.x.x

access-list 100 permit ip any any



Router -2


is having same config for interface with ip add in 59 series...and no ACL has been configured on it..and surprisingly no traffic flowing in or out showing on this router for source address 62.x.x.x.


chinmay30 Thu, 01/10/2008 - 03:50
User Badges:

I hope this clears.. if you still want any inputs please let me know..

bvsnarayana03 Thu, 01/10/2008 - 03:50
User Badges:
  • Silver, 250 points or more

If u stop all communication between 2 routers, u'll end up loosing adjacency.

Is it possible to paste ip accounting output for these specific entries.


by the way, The acl shud be placed on serial interface if the 2 are forming neighborship over serial. Direction should be "in" bcoz destination is this router.

chinmay30 Thu, 01/10/2008 - 04:11
User Badges:

ACL will not work because they are not generating IP Traffic at all.. it seems.. and They are not connected directly using this interfaces..


Attached IP Accounting output for ur ref..



Kevin Dorrell Thu, 01/10/2008 - 03:59
User Badges:
  • Green, 3000 points or more

Is it a typing error, or is your access-list the wrong way round? If it is any outgoin g access list, don't you need the remote host as the destination parameter?


access-list 100 deny ip host 58.x.x.x (our address) host 59.x.x.x (Destination - other end)


Kevin Dorrell

Luxembourg


chinmay30 Thu, 01/10/2008 - 04:22
User Badges:

That was Typing mistake.. and ACL should not require at all as no host on this side sending any interesting traffic to other end.. but still in source router (58.x.x.x) generating lots of traffic towards Destionation router (59.x.x.x)

Actions

This Discussion