we recently got the Problem that one Link between one of our 6509 with SUP720 and one 7606 with RSP720 got fully utilized because of an DDoS attack.
The attack was very short und not that heavy, but big enough to fill the 1G Connection between the two devices.
The big problem here was that we lost routing between the two devices.
The 7606 is one of our corerouter running BGP and OSPF. It have one 10G transitlink to an uplink provider and two 10G Interface to adjacent core-router.
We use OSPF as routing protocol between these two devices.
At the moment of the attack/ fully utilization we noticed that the devices lost its OSPF neighbors associated to that link, I assume that the Hello Packets did not get through the link...
The 6509 of course have an second uplink to another corerouter (1G/OSPF) so the following happened:
The first link got full and after some time the OSPF neighbor was lost. The traffic went to the second link (not really surprising) so the first link got its OSPF neighbor back to lost it afterwards because of the full link.
That was some nice flapping.
So my questions:
Maybe i´m completly wrong and there is some "built in priorization"?
(Routed interfaces with /30 transfernetworks, so nothing special)
Is there an (easy) way to protect the links in the core/distribution area against this Problem?
I'm working on a project that includes basic router configurations. I configurated everything including: line console 0, line vty 0 15 and secret passwords. There are 3 routers in the network and every LAN is going t...
Desire to create Terminal Server ("TS" in this document) out of 2811 Cisco Router with HWIC-16A card (with Octal cables)
Desire to use SSH over Telnet
TS is ip'ed, SSH access configured (to the TS)
Python based Script to BULK Import/Delete devices using Cisco Prime API
Check my Repo on GitHub for all the details ( see below link )