we recently got the Problem that one Link between one of our 6509 with SUP720 and one 7606 with RSP720 got fully utilized because of an DDoS attack.
The attack was very short und not that heavy, but big enough to fill the 1G Connection between the two devices.
The big problem here was that we lost routing between the two devices.
The 7606 is one of our corerouter running BGP and OSPF. It have one 10G transitlink to an uplink provider and two 10G Interface to adjacent core-router.
We use OSPF as routing protocol between these two devices.
At the moment of the attack/ fully utilization we noticed that the devices lost its OSPF neighbors associated to that link, I assume that the Hello Packets did not get through the link...
The 6509 of course have an second uplink to another corerouter (1G/OSPF) so the following happened:
The first link got full and after some time the OSPF neighbor was lost. The traffic went to the second link (not really surprising) so the first link got its OSPF neighbor back to lost it afterwards because of the full link.
That was some nice flapping.
So my questions:
Maybe i´m completly wrong and there is some "built in priorization"?
(Routed interfaces with /30 transfernetworks, so nothing special)
Is there an (easy) way to protect the links in the core/distribution area against this Problem?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...